π Penn State Settles for $1.25M Over Cybersecurity Violations π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Penn State will pay 1.25m for failing federal cybersecurity standards in DoD and NASA contracts.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Penn State Settles for $1.25M Over Cybersecurity Violations
Penn State will pay $1.25m for failing federal cybersecurity standards in DoD and NASA contracts
π White House Issues AI National Security Memo π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The National Security Memorandum on AI sets out actions for the federal government to ensure the safe, secure and trustworthy development of AI.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
White House Issues AI National Security Memo
The National Security Memorandum on AI sets out actions for the federal government to ensure the safe, secure and trustworthy development of AI
π Fortinet Confirms Exploitation of Critical FortiManager Zero-Day Vulnerability π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
This highseverity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISAs KEV catalog.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fortinet Confirms Exploitation of Critical FortiManager Zero-Day Vulnerability
This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISAβs KEV catalog
π UK Government Introduces New Data Governance Legislation π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Data Use and Access Bill governs digital verification services and the use of personal data in public services, and will revamp the Information Commissioners Office.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Government Introduces New Data Governance Legislation
The Data (Use and Access) Bill governs digital verification services and the use of personal data in public services, and will revamp the Information Commissionerβs Office
π Cybersecurity Teams Largely Ignored in AI Policy Development π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new ISACA study has revealed that cybersecurity professionals are often overlooked in the development of AI policies.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybersecurity Teams Largely Ignored in AI Policy Development
A new ISACA study has revealed that cybersecurity professionals are often overlooked in the development of AI policies
π¦
CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinetβs FortiManager π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA has added Fortinets FortiManager to its known Exploited Vulnerabilities KEV catalog, indicating a pressing need for organizations to address the associated risks. The critical vulnerability identified as CVE202447575 has been assigned a CVSS score of 9.8. This vulnerability affects various versions of FortiManager, including FortiManager 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, and 6.2.0 through 6.2.12, as well as multiple iterations of FortiManager Cloud. The vulnerability stems from a missing authentication issue within the critical functions of the FortiManager fgfmd daemon, allowing remote, unauthenticated attackers to execute arbitrary commands or code ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Flags CVE-2024-47575 Vulnerability In FortiManager
CISA has added Fortinet's FortiManager to its KEV catalog due to a critical CVE-2024-47575 vulnerability, posing serious risks to organizations.
π¦
Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cyble Research Intelligence Labs CRIL has shared new details about weekly industrial control systems ICS vulnerabilities. These vulnerabilities were issued by the Cybersecurity and Infrastructure Security Agency CISA from October 15 to October 21, 2024. The report outlines critical security concerns affecting various vendors and highlights the urgency for organizations to address these vulnerabilities promptly. During the reporting period, CISA released seven security advisories targeting ICS, which collectively identified 13 distinct vulnerabilities across several companies, including Siemens, Schneider Electric, Elvaco, Mitsubishi Electric, HMS Networks, KiebackPeter, and LCDS Leo Consultoria e Desenvolvimento de Sistemas Ltda ME. Notably, Elvaco disclosed four vul...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
ICS Vulnerability Report: Siemens, Schneider Flaws
Cyble Research & Intelligence Labs (CRIL) reports 13 new ICS vulnerabilities identified by CISA, urging organizations to act swiftly to mitigate risks.
π₯1
π΅οΈββοΈ AI Chatbots Ditch Guardrails After 'Deceptive Delight' Cocktail π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The latest GenAI jailbreak technique tricks chatbots into returning restricted content by blending different prompt topics together.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
AI Chatbots Ditch Guardrails After 'Deceptive Delight' Cocktail
The latest GenAI jailbreak technique tricks chatbots into returning restricted content by blending different prompt topics together.
π΅οΈββοΈ Cisco ASA, FTD Software Under Active VPN Exploitation π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Unauthenticated threat actors can remotely cause a denialofservice DoS cyberattack within the Remote Access VPN software in Cisco's ASA and Firepower software.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Cisco ASA, FTD Software Under Active VPN Exploitation
Unauthenticated threat actors can remotely cause a denial-of-service (DoS) cyberattack within the Remote Access VPN software in Cisco's ASA and Firepower software.
π Lazarus Group Exploits Google Chrome Flaw in New Campaign π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Lazarus Group exploited Google Chrome zeroday, infecting systems with Manuscrypt malware.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Lazarus Group Exploits Google Chrome Flaw in New Campaign
Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware
π1
ποΈ New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES256CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Critical Bug Exploited in Fortinet's Management Console π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
An attacker compromised one of Fortinet's most sensitive products and mopped up all kinds of reconnaissance data helpful for future mass device attacks.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Critical Bug Exploited in Fortinet's Management Console
An attacker compromised one of Fortinet's most sensitive products and mopped up all kinds of reconnaissance data helpful for future mass device attacks.
π±1
π΅οΈββοΈ AWS's Predictable Bucket Names Make Accounts Easier to Crack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
AWS's Predictable Bucket Names Make Accounts Insecure
Amazon's open-source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.
π΅οΈββοΈ Microsoft: Healthcare Sees 300% Surge in Ransomware Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Even after the ransom is paid, such attacks lead to spikes in strokes and heart attacks and increased wait times for patients.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Healthcare Sees 300% Surge in Ransomware Attacks
Even after the ransom is paid, such attacks lead to spikes in strokes and heart attacks and increased wait times for patients.
ποΈ Irish Watchdog Imposes Record β¬310 Million Fine on LinkedIn for GDPR Violations ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Irish data protection watchdog on Thursday fined LinkedIn 310 million 335 million for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising. "The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral analysis and targeted advertising of users who have created LinkedIn profiles members," the Data.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π2
π vCISO GRC Auditor π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
The post vCISO GRC Auditor appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
vCISO GRC Auditor - UnderDefense
π MacOS-Focused Ransomware Attempts Leverage LockBit Brand π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
MacOS-Focused Ransomware Attempts Leverage LockBit Brand
An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit
π’ Everything you need to know about the βmass exploitationβ of FortiManager appliances π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A missing authentication flaw could allow an attacker to use a compromised FortiManager device to move laterally to other Fortinet devices and target enterprise environments.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Everything you need to know about the βmass exploitationβ of FortiManager appliances
A missing authentication flaw could allow an attacker to use a compromised FortiManager device to move laterally to other Fortinet devices and target enterprise environments
π’ Human error is cybersecurityβs number one concern, Kaseya report finds π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT professionals highlight bad user behavior and a lack of security training as key hurdles to overcome this year.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
Human error is cybersecurityβs number one concern, Kaseya report finds
IT professionals highlight bad user behavior and a lack of security training as key hurdles to overcome this year
ποΈ Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof? ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Artificial Intelligence AI has rapidly evolved from a futuristic concept to a potent weapon in the hands of bad actors. Today, AIbased attacks are not just theoretical threatsthey're happening across industries and outpacing traditional defense mechanisms. The solution, however, is not futuristic. It turns out a properly designed identity security platform is able to deliver defenses.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ SEC Charges 4 Companies Over Misleading SolarWinds Cyberattack Disclosures ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Securities and Exchange Commission SEC has charged four current and former public companies for making "materially misleading disclosures" related to the largescale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies Avaya, Check Point, Mimecast, and Unisys are being penalized for how they handled the disclosure process in the aftermath of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1