Top

Tag: Cybersecurity


Network security, Security

Balancing cybersecurity with convenience and progress

September 25, 2023

Via: Help Net Security

Changing approaches to cybersecurity have led to slow but steady progress in defense and protection. Still, competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to CompTIA. The state of cybersecurity Most business and technology professionals […]


Mobile, Mobile security

Code alterations more prevalent in Android apps than iOS

September 22, 2023

Via: Help Net Security

57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) apps facing the highest risk, according to Digital.ai. The study found no correlation between an app’s popularity and likelihood of being attacked but found Android apps […]


Network security, Security

Cisco spends $28B on data cruncher Splunk in cybersecurity push

September 21, 2023

Via: The Register

Cisco is making its most expensive acquisition ever – by far – with an announcement it’s buying data crunching software firm Splunk for $157 per share, or approximately $28 billion (£22.8b). The transaction, which Cisco said it expects to close […]


Cyber warfare, Cyber-crime

International Criminal Court hit in cyber-attack amid Russia war crimes probe

September 20, 2023

Via: The Register

The International Criminal Court said crooks breached its IT systems last week, and that attack isn’t over yet, with the ICC saying the “cybersecurity incident” is still ongoing. In a statement shared via the site formerly known as Twitter, the […]


Data loss, Threats & Malware

The Clorox Company admits cyberattack causing ‘widescale disruption’

September 19, 2023

Via: The Register

The Clorox Company, makers of bleach and other household cleaning products, doesn’t expect operations to return to normal until near month end as it combs over “widescale disruption to operations” caused by cyber baddies. The $2 billion turnover biz, whose […]


Threats & Malware, Virus & Malware

New cryptojacking attacks target uncommon AWS instances

September 19, 2023

Via: TechRadar

Cybersecurity researchers from Sysdig recently uncovered a new cryptojacking campaign that targeted uncommon Amazon Web Services (AWS) services. Cryptojacking is a type of cyberattack in which the threat actor secretly installs a cryptocurrency miner on a target endpoint. While not […]


Network security, Security

Former CIO accuses Penn State of faking cybersecurity compliance

September 18, 2023

Via: The Register

Last October, Pennsylvania State University (Penn State) was sued by a former chief information officer for allegedly falsifying government security compliance reports. The lawsuit, recently unsealed, is a qui tam complaint (in Latin “who as well,”) meaning it was filed […]


Data loss, Threats & Malware

GAO Report Reveals IRS’s Limited Control Over Taxpayer Data Handling

September 18, 2023

Via: SecureWorld

The U.S. Internal Revenue Service (IRS) is entrusted with the vital responsibility of safeguarding sensitive taxpayer information. Recent incidents of potential unauthorized access to or disclosure of this data have raised concerns and prompted a thorough review by the Government […]


Cloud security, Security

Cloud changes are to blame for nearly all cyber-attacks

September 18, 2023

Via: TechRadar

Of all the vulnerabilities an organization’s system has, the majority sit within its cloud environment, a new report from cybersecurity researchers Unit 42, part of Palo Alto Networks, has found. As per the report, four in five (80%) of all […]


Cloud security, Security

Netskope joins MXDR by Deloitte to expand strategic alliance

September 12, 2023

Via: Help Net Security

Netskope has unveiled that its existing strategic alliance with Deloitte has expanded with the addition of Netskope to the Managed Extended Detection and Response (MXDR) by Deloitte platform. The new Netskope module on MXDR by Deloitte will include advanced cloud […]


Threats & Malware, Vulnerabilities

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

September 8, 2023

Via: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]


Network security, Security

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2024

September 7, 2023

Via: The Hacker News

By the end of 2024, the number of MSPs and MSSPs offering vCISO services is expected to grow by almost 5 fold, as can be seen in figure 1. This incredible surge reflects the growing business demand for specialized cybersecurity […]


Threats & Malware, Virus & Malware

Researchers Warn of Cyber Weapons Used by Lazarus Group’s Andariel Cluster

September 5, 2023

Via: The Hacker News

The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. “One characteristic of the attacks identified in 2023 is that there […]


Editorial

Security for Smart Vehicles: Safeguarding the Automotive Industry’s Digital Evolution

August 31, 2023

Via: Rassell Neal

As with every other industry, the automotive sector has seen a massive uptick in cyberthreats since its digital transformation started to pick up pace. The incorporation of Internet of Things (IoT) devices, infotainment systems, autonomous driving, and other connected technologies […]


Network security, Security

Survey Provides Takeaways for Security Pros to Operationalize their Remediation Life Cycle

August 29, 2023

Via: The Hacker News

Ask any security professional and they’ll tell you that remediating risks from various siloed security scanning tools requires a tedious and labor-intensive series of steps focused on deduplication, prioritization, and routing of issues to an appropriate “fixer” somewhere in the […]


Threats & Malware, Vulnerabilities

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

August 28, 2023

Via: The Hacker News

Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. “An attacker could leverage this abandoned URL to redirect authorization codes to […]


Threats & Malware, Vulnerabilities

Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw

August 24, 2023

Via: The Hacker News

Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 (CVSS score: 7.5), the vulnerability relates to a path traversal […]


Threats & Malware, Virus & Malware

Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks

August 23, 2023

Via: The Hacker News

A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally. “It probably finds its way into victim organizations by its operators compromising vulnerable web servers […]


Threats & Malware, Vulnerabilities

Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

August 23, 2023

Via: The Hacker News

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential […]


Threats & Malware, Vulnerabilities

Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog

August 22, 2023

Via: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to […]