Critical vulnerabilities in Exim threaten over 250k email servers worldwide
Remote code execution requiring no authentication fixed. 2 other RCEs remain unpatched.
29-09-2023 22:59

Securing AI: What You Should Know
Securing AI within your organization starts with understanding how AI differs from traditional business tools. Google's Secure AI Framework provides a model for what to do next.
29-09-2023 21:00

How Can Your Security Team Help Developers Shift Left?
Implementing a shift-left process in cybersecurity requires pulling together people, processes, and technology.
29-09-2023 19:40

Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain
The Israeli company developed highly-targeted, mobile malware that would make any APT jealous.
29-09-2023 18:43

DHS: Physical Security a Concern in Johnson Controls Cyberattack
An internal memo cites DHS floor plans that could have been accessed in the breach.
29-09-2023 18:41

Cybersecurity Gaps Plague US State Department, GAO Report Warns
The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.
29-09-2023 17:03

Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
29-09-2023 16:34

People Still Matter in Cybersecurity Management
Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.
29-09-2023 14:00

Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files
Images purporting to be of the Armenia and Azerbaijan conflict were malware downloaders in disguise.
29-09-2023 13:55

QR Code 101: What the Threats Look Like
Because QR codes can be used for phishing as easily as an email or text can, organizations must remain vigilant when dealing with them.
29-09-2023 01:00

Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.
28-09-2023 22:30

Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.
28-09-2023 21:46

New Cisco IOS Zero-Day Delivers a Double Punch
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.
28-09-2023 21:45

A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day
If your software package involves VP8 video encoding, it's likely vulnerable to attack.
28-09-2023 21:23

Johnson Controls International Disrupted by Major Cyberattack
The company filed with the SEC and is assessing its operations and financial damages.
28-09-2023 20:40

Meta launches consumer AI chatbots with celebrity avatars in its social apps
WhatsApp, Instagram add animated AI chat avatars, including Snoop Dogg as dungeon master.
28-09-2023 19:52

Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World
How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC).
28-09-2023 19:38

Novel ZenRAT Scurries Onto Systems via Fake Password Manager Tool
Attackers exclusively target Windows users with an impersonation website that distributes information-stealing malware.
28-09-2023 17:50

7 Ways SMBs Can Secure Their WordPress Sites
This Tech Tip outlines seven easy fixes that small and midsize businesses can use to prevent the seven most common WordPress vulnerabilities.
28-09-2023 17:00

Looking Beyond the Hype Cycle of AI/ML in Cybersecurity
Artificial intelligence and machine learning aren't yet delivering on their cybersecurity promises. How can we close the gaps?
28-09-2023 17:00

AI language models can exceed PNG and FLAC in lossless compression, says study
Is compression equivalent to general intelligence? DeepMind digs up more potential clues.
28-09-2023 15:43

4 Legal Surprises You May Encounter After a Cybersecurity Incident
Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident.
28-09-2023 14:00

Supply Chain Attackers Escalate With GitHub Dependabot Impersonation
Armed with stolen developer passcodes, attackers have checked in changes to repositories under the automation feature's name in an attempt to escape notice.
28-09-2023 13:56

CAPTCHAs Easy for Humans, Hard for Bots
Proton is aiming for the sweet spot between security, privacy, and accessibility with its CAPTCHA.
28-09-2023 13:15

Guide to ransomware and how to detect it
The landscape of ransomware has undergone rapid evolution, shifting from a relatively straightforward form of malicious software primarily affecting individual computer users, to a menacing enterprise-level threat that has inflicted substantial harm on v
28-09-2023 10:31

A Preview of Windows 11's Passkeys Support
The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication.
28-09-2023 00:00

Radiant Logic Announces Expanded Identity Analytics and Data Management Platform Capabilities
27-09-2023 22:18

Fortinet Announces Formation of Veterans Program Advisory Council to Narrow the Cybersecurity Skills Gap With Military Veteran Talent
27-09-2023 22:07

Netscout Identified Nearly 7.9M DDOS Attacks in the First Half of 2023
27-09-2023 22:05

Researchers Release Details of New RCE Exploit Chain for SharePoint
One of the already-patched flaws enables elevation of privilege, while the other enables remote code execution.
27-09-2023 21:26

China APT Cracks Cisco Firmware in Attacks Against the US and Japan
Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.
27-09-2023 20:15

Will Government Secure Open Source or Muck It Up?
The US government aims to support open source projects, while the European Union seeks to make open source projects liable for their software. Which approach will lead to more security?
27-09-2023 20:01

Jony Ive and OpenAI’s Altman reportedly collaborating on mysterious AI device
Despite lack of specifics, rumored smartphone collaboration has everyone guessing.
27-09-2023 19:19

Backdoored firmware lets China state hackers control routers with “magic packets”
The modified firmware used by BlackTech is hard to detect.
27-09-2023 19:04

Microsoft Adds Passkeys to Windows 11
It's the latest step in the gradual shift away from traditional passwords.
27-09-2023 18:45

Threat Data Feeds and Threat Intelligence Are Not the Same Thing
It's important to know the difference between the two terms. Here's why.
27-09-2023 17:00

Spotify uses AI to clone and translate podcaster voices in new pilot program
Feature hopes to remove language barriers, but will speakers know if translations are faulty?
27-09-2023 15:28

Hackers Trick Outlook Into Showing Fake AV Scans
Researchers spot attackers using an existing phishing obfuscation tactic in order to better ensure recipients fall for their scam.
27-09-2023 14:17

Kenyan Financial Firm Fined for Mishandling Data
Kenyan data protection regulator issues monetary penalties to multiple firms for improper handling of personal data.
27-09-2023 14:14

How the Okta Cross-Tenant Impersonation Attacks Succeeded
Sophisticated attacks on MGM and Caesars underscore the reality that even robust identity and access management may not be enough to protect you.
27-09-2023 14:00

Research reveals 80% of applications developed in EMEA contain security flaws
Veracode, a leading global provider of intelligent software security, today released research indicating applications developed by organisations in Europe, Middle East and Africa tend to contain more security flaws than those created by their U.S. counte
27-09-2023 12:07

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost
Netwrix has surveyed more than 1,600 IT and security professionals worldwide to reveal how their organisations reduce the financial impact of a data breach via a cyber insurance policy. According to the survey, 44% of organisations are insured and 15% pl
27-09-2023 11:58

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023
Akamai Technologies, Inc. has today released a new State of the Internet report that explores existing and emerging cyberattacks against the financial services industry. The new report, The High Stakes of Innovation: Attack Trends in Financial Services,
27-09-2023 11:41

ICS Reconnaissance Attacks – Introduction to Exploiting Modbus
Despite being widely used in Industrial Control Systems (ICS), Modbus has been recognised as an insecure protocol. Securing and attacking Modbus has therefore been a topic for years, and it was first in 2018 that the Modbus Security protocol (MSP) was pu
27-09-2023 10:31

Keeper Security study shows cultural changes imperative to improve cyber incident reporting
Keeper Security, a provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, secrets, connections and privileged access, has released findings of its Cybersecurity Disasters Survey: Incident Reporting &#
27-09-2023 10:00

Google quietly corrects previously submitted disclosure for critical webp 0-day
Previous CVE submission failed to mention that thousands of apps were affected.
27-09-2023 00:47

Research From IANS and Artico Search Reveals Cybersecurity Budgets Increased Just 6% for 2022-2023 Cycle
26-09-2023 21:48

Cyemptive Technologies Expands Operations in the Middle East and the Americas
26-09-2023 21:44

Catalyte Leverages Google Career Certificates to Expand Cybersecurity Apprenticeship Opportunities
26-09-2023 21:23

Suspicious New Ransomware Group Claims Sony Hack
A deceitful threat actor claims its biggest haul yet. But what, if any, Sony data does it actually have?
26-09-2023 21:20

Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains
Ransomware-as-a-service affiliate ShadowSyndicate is unusual for the size of its malicious infrastructure and the fact that it's distributing seven different ransomware strains.
26-09-2023 21:18

Delinea Secret Server Introduces MFA Enforcement at Depth to Meet Cyber Insurance Requirements
26-09-2023 19:53

Maine Department of Labor to Announce the Launch of University of Maine at Augusta Cybersecurity and IT Registered Apprenticeship Program
26-09-2023 19:35

HD Moore's Discovery Journey
Metasploit creator's shift into enterprise asset discovery and passive scanning with startup runZero is a natural evolution of his exploratory cyber career.
26-09-2023 19:00

GPUs from all major suppliers are vulnerable to new pixel-stealing attack
A previously unknown compression side channel in GPUs can expose images thought to be private.
26-09-2023 17:40

4 Pillars for Building a Responsible Cybersecurity Disclosure Program
Responsible disclosure must strike a balance between the immediate need to protect users and the broader security implications for the entire community.
26-09-2023 17:00

Can you melt eggs? Quora’s AI says “yes,” and Google is sharing the result
Incorrect AI-generated answers are forming a feedback loop of misinformation online.
26-09-2023 15:43

Chad Taps Huawei for Digital Modernization Project
Fiber optic networks and better connectivity for Chad's users are part of the ICT modernization project with the Chinese networking giant.
26-09-2023 15:36

Amid MGM, Caesars Incidents, Attackers Focus on Luxury Hotels
A fast-growing cyber campaign solely takes aim at luxury hotel and resort chains, using security-disruptive tactics to spread info-stealing malware.
26-09-2023 15:27

Proactive Security: What It Means for Enterprise Security Strategy
Proactive Security holds the elusive promise of helping enterprises finally get ahead of threats, but CISOs must come to grips with the technological and philosophical change that it brings.
26-09-2023 14:00

CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme
CREST and IASME are delighted to announce their partnership with the NCSC to help deliver its new Cyber Incident Exercising scheme. The NCSC (National Cyber Security Centre) has created the scheme to help organisations find high quality providers that ca
26-09-2023 09:24

Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe
cyberelements, the Zero Trust Privileged Access Management (PAM) platform, today announces its strategic partnership with leading technology distributor, ABC Distribution heralding a new era in access security across Europe and beyond. cyberelements’ pio
26-09-2023 09:23

When It Comes to Email Security, the Cloud You Pick Matters
While cloud-based email offers more security than on-premises, insurance firms say it matters whether you use Microsoft 365 or Google Workspace.
25-09-2023 23:31

Xenomorph Android Malware Targets Customers of 30 US Banks
The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.
25-09-2023 21:17

MOVEit Flaw Leads to 900 University Data Breaches
National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.
25-09-2023 20:35

UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack
The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.
25-09-2023 20:25

ChatGPT update enables its AI to “see, hear, and speak,“ according to OpenAI
Image recognition and voice features aim to make the AI bot's interface more intuitive.
25-09-2023 18:38

Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence
Adarma has announced the appointment of James Todd as Chief Technology Officer. This strategic appointment builds on the company’s continued commitment to improving security operations outcomes for enterprise and upper mid-market organisations and
25-09-2023 15:43

Nurturing Our Cyber Talent
The IT Security Guru caught up with Tarnveer Singh a CISO and finalist in the Security Serious Unsung Heroes Awards 2023 for his thoughts on how to get more professionals involved in the cybersecurity industry:   There are many ways we can inspire n
25-09-2023 15:33

The Hot Seat: CISO Accountability in a New Era of SEC Regulation
Updated cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities.
25-09-2023 14:00

Getty Images subscribers to get access to AI image generator
Getty will indemnify customers against lawsuits and pay artists on "recurring basis."
25-09-2023 13:38

Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks
Back to basics is a good start, but too often security teams don't handle their deployment correctly. Here's how to avoid the common pitfalls.
25-09-2023 13:00

Don't Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
25-09-2023 07:00

3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone
Apple patches 3 zero-days after they were used in a sophisticated attack.
23-09-2023 00:23

ASPM Is Good, But It's Not a Cure-All for App Security
What application security posture management does, it does well. But you'll still need to fill in some holes, especially concerning API security.
23-09-2023 00:00

Recast Software Acquires Liquit, Consolidating the Endpoint and Application Management Markets
22-09-2023 20:22

ClassLink Provides Cybersecurity Training Course to Help Schools Protect Public Directory Data
22-09-2023 20:18

Wing Security Launches Compliance-Grade SaaS Security Solution for Just $1.5K
22-09-2023 20:17

Latest Acquisition Powers AI-based Network Detection and Response and Open XDR Capabilities for WatchGuard
22-09-2023 20:10

TikTok API Rules Stymie User Data Analysis
Terms of service for API access give TikTok publication review over findings and limit access to critical data on the platform's impact on US users, researchers say.
22-09-2023 19:39

TikTok API Rules Stymie Analysis of US User Data, Academics Say
Terms of service for API access give TikTok publication review over findings and limit access to critical data on the platform's impact on US users, researchers say.
22-09-2023 19:39

Hackers Let Loose on Voting Gear Ahead of US Election Season
Ethical hackers were given voluntary access to digital scanners, ballot markers, and electronic pollbooks, all in the name of making the voting process more resilient to cyber threats.
22-09-2023 18:06

Akira Ransomware Mutates to Target Linux Systems
The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.
22-09-2023 17:28

Akira Ransomware Mutates to Target Linux Systems, Adds TTPs
The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.
22-09-2023 17:28

NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII
The league is working with more than 100 partners to workshop responses to a host of hypothetical cyberattacks on the upcoming Big Game in Las Vegas.
22-09-2023 16:30

Apple Fixes 3 More Zero-Day Vulnerabilities
All of the security bugs are under active attacks, but the extent of their exploitation is unknown.
22-09-2023 16:10

MGM, Caesars Cyberattack Responses Required Brutal Choices
Tens of millions in losses later, the MGM and Caesars systems are back online following dual cyberattacks by the same threat actor — here's what experts say about their incident responses.
22-09-2023 16:08

Bot Swarm: Attacks From Middle East & Africa Are Notably Up
Most automated attacks from the regions were against e-commerce and telecommunications organizations.
22-09-2023 15:54

The Journey to Secure Access Service Edge (SASE)
“The wise adapt themselves to circumstances, as water moulds itself to the pitcher.” – Chinese Proverb. The way we work, socialise, and consume information has changed exponentially over the last few years. This has been driven owing to global macro and
22-09-2023 14:07

Guardians of the Cyberverse: Building a Resilient Security Culture
Whether achieved through AI-enabled automation, proactive identification and resolution of issues, or the equitable distribution of risk management responsibilities, the goal must be resilience.
22-09-2023 14:00

Do CISOs Have to Report Security Flaws to the SEC?
The new SEC rules make it seem that there is no need to report the presence of security vulnerabilities, but that doesn't quite tell the full story.
22-09-2023 14:00

Cisco Moves into SIEM with $28B Deal to Acquire Splunk
Cisco's surprise agreement could reshape secure information and event management (SIEM) and extended detection and response (XDR) markets.
22-09-2023 00:42

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters
No one mentioned that libwebp, a library found in millions of apps, was a 0-day origin.
21-09-2023 22:19

Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor
The Sandman group's main malware is among the very few that use the Lua scripting language and its just-in-time compiler.
21-09-2023 22:04

What Does Socrates Have to Do With CPM?
It's time to focus on the "P" in cybersecurity performance management.
21-09-2023 21:22

Salvador Technologies Wins Funding for $2.2M Cybersecurity Project From BIRD Foundation
21-09-2023 21:18

'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.
21-09-2023 20:42

OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats
21-09-2023 20:00

T-Mobile Racks Up Third Consumer Data Exposure of 2023
The mobile company states that the issue was due to a glitch that occurred in an update.
21-09-2023 19:39

Secure Browser Tech Is Having a Moment
Cloud adoption is driving secure browsers' moment in the sun as rumors fly that Palo Alto Networks is looking to snap up Talon.
21-09-2023 19:30

source : arstechnica, darkreading, itsecurityguru