SecurityTicks - Security Ticks

Cloudflare dishes up the stats on internet traffic in 2023

Cloudflare dishes up the stats on internet traffic in 2023 13/12/2023 at 16:47 By Dan Robinson Web’s growing, Google’s gloating, and US bots are roaming Cloudflare says that global internet traffic grew 25 percent this year, while Google regained its crown as the most visited web destination. Only a third of IPv6-capable requests were actually […]

React to this headline:

Cloudflare dishes up the stats on internet traffic in 2023 Read More »

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns

account hijacking, BEC scams, cryptojacking, Don't miss, Hot stuff, Microsoft, Microsoft 365, Microsoft Azure, Microsoft Entra ID, News, OAuth, phishing, spam / SecurityTicks

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns 13/12/2023 at 16:46 By Helga Labus Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications OAuth is an open standard authentication protocol that uses tokens to grant applications access to server resources without

React to this headline:

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns Read More »

Zero Networks Raises $20 Million to Secure Access to Enterprise Assets

Cybersecurity Funding, funding, Network Security / SecurityTicks

Zero Networks Raises $20 Million to Secure Access to Enterprise Assets 13/12/2023 at 16:31 By Ionut Arghire Cybersecurity startup Zero Networks has raised $20 million in a Series B funding round led by US Venture Partners. The post Zero Networks Raises $20 Million to Secure Access to Enterprise Assets appeared first on SecurityWeek. This article

React to this headline:

Zero Networks Raises $20 Million to Secure Access to Enterprise Assets Read More »

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines

CISA, Government / SecurityTicks

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines 13/12/2023 at 16:31 By Ionut Arghire CISA is asking for public opinion on SCuBA secure configuration baselines for nine Google Workspace services. The post CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines Read More »

Drata unveils Third-Party Risk Management offering to help security teams identify risks

Drata, Industry news / SecurityTicks

Drata unveils Third-Party Risk Management offering to help security teams identify risks 13/12/2023 at 16:03 By Industry News Drata announced its Third-Party Risk Management (TPRM) offering, empowering customers to identify, evaluate, and monitor third-party risks in one centralized and integrated platform. Third-party risk has become a critical element of a strong governance, risk, and compliance

React to this headline:

Drata unveils Third-Party Risk Management offering to help security teams identify risks Read More »

How to Analyze Malware’s Network Traffic in A Sandbox

Uncategorized / SecurityTicks

How to Analyze Malware’s Network Traffic in A Sandbox 13/12/2023 at 15:16 By Malware analysis encompasses a broad range of activities, including examining the malware’s network traffic. To be effective at it, it’s crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools

React to this headline:

How to Analyze Malware’s Network Traffic in A Sandbox Read More »

In just one year, UK.gov’s direct spend on AWS rises 76 percent

Uncategorized / SecurityTicks

In just one year, UK.gov’s direct spend on AWS rises 76 percent 13/12/2023 at 15:02 By Lindsay Clark Cloud vendor remains a distance behind leading tech suppliers though Cloud giant AWS collected a staggering 76 percent more direct public sector revenue from the UK government in the past financial year.… This article is an excerpt

React to this headline:

In just one year, UK.gov’s direct spend on AWS rises 76 percent Read More »

Chrome 120 Update Patches High-Severity Vulnerabilities

Chrome, Vulnerabilities / SecurityTicks

Chrome 120 Update Patches High-Severity Vulnerabilities 13/12/2023 at 15:01 By Ionut Arghire A Chrome 120 security update resolves nine vulnerabilities, including five high-severity flaws reported externally. The post Chrome 120 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Chrome 120 Update Patches High-Severity Vulnerabilities Read More »

Harry Coker Confirmed as National Cyber Director

Government / SecurityTicks

Harry Coker Confirmed as National Cyber Director 13/12/2023 at 15:01 By Eduard Kovacs US Senate confirms former CIA and NSA senior executive Harry Coker as next National Cyber Director in the White House ONCD. The post Harry Coker Confirmed as National Cyber Director appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Harry Coker Confirmed as National Cyber Director Read More »

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

Uncategorized / SecurityTicks

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing 13/12/2023 at 14:31 By Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. “Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications

React to this headline:

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing Read More »

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)

Don't miss, enterprise, firewall, Hot stuff, News, patch, SMBs, Sophos, VulnCheck / SecurityTicks

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) 13/12/2023 at 14:17 By Zeljka Zorz Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In December

React to this headline:

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) Read More »

Sophos Patches EOL Firewalls Against Exploited Vulnerability

exploited, Sophos, Vulnerabilities / SecurityTicks

Sophos Patches EOL Firewalls Against Exploited Vulnerability 13/12/2023 at 13:46 By Ionut Arghire Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit. The post Sophos Patches EOL Firewalls Against Exploited Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Sophos Patches EOL Firewalls Against Exploited Vulnerability Read More »

Nearly a million non-profit donors’ details left exposed in unsecured database

Uncategorized / SecurityTicks

Nearly a million non-profit donors’ details left exposed in unsecured database 13/12/2023 at 13:32 By Connor Jones Trusted by major charities, DonorView publicly exposed children’s names and addresses, among other data Close to a million records containing personally identifiable information belonging to donors that sent money to non-profits were found exposed in an online database.…

React to this headline:

Nearly a million non-profit donors’ details left exposed in unsecured database Read More »

Major Cyber Attack Paralyzes Kyivstar – Ukraine’s Largest Telecom Operator

Uncategorized / SecurityTicks

Major Cyber Attack Paralyzes Kyivstar – Ukraine’s Largest Telecom Operator 13/12/2023 at 13:31 By Ukraine’s biggest telecom operator Kyivstar has become the victim of a cyber attack, disrupting customer access to mobile and internet services. “The cyberattack on Ukraine’s #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics show, with

React to this headline:

Major Cyber Attack Paralyzes Kyivstar – Ukraine’s Largest Telecom Operator Read More »

Which cybersecurity controls are organizations struggling with?

BitSight, cyber risk, cybersecurity, Google, News, report, security controls, trends / SecurityTicks

Which cybersecurity controls are organizations struggling with? 13/12/2023 at 13:02 By Help Net Security How are organizations performing across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework? A recent analysis by Bitsight and Google reveals some good and some bad results – and room for improvement. What is MVSP? Minimum Viable Secure Product

React to this headline:

Which cybersecurity controls are organizations struggling with? Read More »

Britain’s Ministry of Defence fined £350K over Afghan interpreter BCC email blunder

Uncategorized / SecurityTicks

Britain’s Ministry of Defence fined £350K over Afghan interpreter BCC email blunder 13/12/2023 at 12:32 By Paul Kunert UK GDPR penalty slashed from £1M after department agrees to improve processes Britain’s data watchdog has issued the Ministry of Defence with a financial penalty of £350,000 for the BCC email blunder that exposed names and contact

React to this headline:

Britain’s Ministry of Defence fined £350K over Afghan interpreter BCC email blunder Read More »

NASA celebrates Perseverance Rover’s 1000th Martian day with lakebed history lesson

Uncategorized / SecurityTicks

NASA celebrates Perseverance Rover’s 1000th Martian day with lakebed history lesson 13/12/2023 at 11:32 By Simon Sharwood As its companion helicopter plans its furthest flight yet NASA has celebrated the Perseverance Rover’s 1000th Martian day of operations, and prepared the longest ever flight for the helicopter that accompanied it to the home of Marvin.… This

React to this headline:

NASA celebrates Perseverance Rover’s 1000th Martian day with lakebed history lesson Read More »

Microsoft Forms feature request still not sorted after SEVEN years

Uncategorized / SecurityTicks

Microsoft Forms feature request still not sorted after SEVEN years 13/12/2023 at 10:47 By Thomas Claburn Request for time input field was added to project backlog – where it remains Back in 2016, a member of the Microsoft community asked the Windows giant to add a time input field its Forms product, and received word

React to this headline:

Microsoft Forms feature request still not sorted after SEVEN years Read More »

Cyble Research & Intelligence Labs (CRIL) identifies a ControlByWeb Cross-Site Scripting Vulnerability – CVE-2023-6333

vulnerability / SecurityTicks

Cyble Research & Intelligence Labs (CRIL) identifies a ControlByWeb Cross-Site Scripting Vulnerability – CVE-2023-6333 13/12/2023 at 10:01 By cybleinc CRIL discovers a high-severity Cross-Site Scripting vulnerability in ControlByWeb products affecting Critical Infrastructure. The post Cyble Research & Intelligence Labs (CRIL) identifies a ControlByWeb Cross-Site Scripting Vulnerability – CVE-2023-6333 appeared first on Cyble. This article is

React to this headline:

Cyble Research & Intelligence Labs (CRIL) identifies a ControlByWeb Cross-Site Scripting Vulnerability – CVE-2023-6333 Read More »

Microsoft’s Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical

Uncategorized / SecurityTicks

Microsoft’s Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical 13/12/2023 at 09:46 By Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years. Of the 33 shortcomings, four are rated Critical and 29 are rated Important in

React to this headline:

Microsoft’s Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical Read More »