SecurityTicks - Security Ticks

Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates

Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates 22/08/2023 at 13:16 By A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its insect-themed […]

React to this headline:

Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates Read More »

Seiko joins growing list of ALPHV/BlackCat ransomware victims

data breach, Don't miss, Hot stuff, News, Ransomware / SecurityTicks

Seiko joins growing list of ALPHV/BlackCat ransomware victims 22/08/2023 at 12:03 By Helga Labus Japanese watchmaker Seiko has been added to ALPHV (BlackCat) ransomware group’s victim list, following a data breach occurring in early August. The Seiko data breach The company published a data breach and response notice on August 10, 2023, stating that an

React to this headline:

Seiko joins growing list of ALPHV/BlackCat ransomware victims Read More »

Juniper Networks fixes flaws leading to RCE in firewalls and switches

Don't miss, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability / SecurityTicks

Juniper Networks fixes flaws leading to RCE in firewalls and switches 22/08/2023 at 11:46 By Helga Labus Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls and EX switches. The fixed Junos OS

React to this headline:

Juniper Networks fixes flaws leading to RCE in firewalls and switches Read More »

Apple’s defense against apps vandalizing other apps still broken, developer claims

Uncategorized / SecurityTicks

Apple’s defense against apps vandalizing other apps still broken, developer claims 22/08/2023 at 11:32 By Thomas Claburn Cupertino appears to be blasé about long-standing macOS bug, so coder has blabbed Apple last year introduced a security feature called App Management that’s designed to prevent one application from modifying another without authorization under macOS Ventura –

React to this headline:

Apple’s defense against apps vandalizing other apps still broken, developer claims Read More »

New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App

Uncategorized / SecurityTicks

New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App 22/08/2023 at 10:32 By A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called “OfficeNote.” “The new version of XLoader is bundled inside a standard Apple disk image with the

React to this headline:

New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App Read More »

NASA still serious about astronauts living it up on Moon space station in 2028

Uncategorized / SecurityTicks

NASA still serious about astronauts living it up on Moon space station in 2028 22/08/2023 at 10:17 By Katyanna Quach Assuming the orbital hotel is even built by then The first group of astronauts to set foot into NASA’s Moon-orbiting Gateway space station will be the Artemis IV crew in 2028, if everything goes as

React to this headline:

NASA still serious about astronauts living it up on Moon space station in 2028 Read More »

Controversial Chinese drone maker DJI debuts a cargo carrier

Uncategorized / SecurityTicks

Controversial Chinese drone maker DJI debuts a cargo carrier 22/08/2023 at 09:47 By Laura Dobberstein For dropping stuff in remote locations. Just don’t mention the war in Ukraine, where DJI kit repeatedly appeared Chinese drone-maker DJI, the subject of US sanctions, has released its first consumer cargo carrying drone – the FlyCart 30.… This article

React to this headline:

Controversial Chinese drone maker DJI debuts a cargo carrier Read More »

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

Uncategorized / SecurityTicks

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software 22/08/2023 at 08:01 By Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue

React to this headline:

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software Read More »

North Korea’s neighbors issue warnings ahead of attempted ‘satellite’ launch

Uncategorized / SecurityTicks

North Korea’s neighbors issue warnings ahead of attempted ‘satellite’ launch 22/08/2023 at 07:47 By Simon Sharwood The last one splashed down badly, but this is no laughing matter – Japan’s PM thinks it could be a missile North Korea intends to launch another “satellite” in coming days, and its neighbors – and the world –

React to this headline:

North Korea’s neighbors issue warnings ahead of attempted ‘satellite’ launch Read More »

IT’s rising role in physical security technology

cloud adoption, collaboration, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Motorola Solutions, opinion, physical security, policy, surveillance / SecurityTicks

IT’s rising role in physical security technology 22/08/2023 at 07:34 By Help Net Security As the adoption of cloud-based and mobile-access security systems continues to increase among both new and established businesses, the lines between traditional physical security personnel and IT staff are beginning to blur. Traditionally, the common approach towards organizational security has always

React to this headline:

IT’s rising role in physical security technology Read More »

Maintaining consistent security in diverse cloud infrastructures

CISO, Cloud, cloud computing, cloud security, cyber resilience, cybersecurity, DevOps, Don't miss, Features, Hot stuff, misconfiguration, Mitigant, monitoring, News, opinion, training / SecurityTicks

Maintaining consistent security in diverse cloud infrastructures 22/08/2023 at 07:01 By Mirko Zorz As cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge is the integration of DevOps practices, microservices, and container technologies, which, while fostering agility and scalability, introduce additional layers of complexity and

React to this headline:

Maintaining consistent security in diverse cloud infrastructures Read More »

Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog

Uncategorized / SecurityTicks

Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog 22/08/2023 at 07:01 By The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in

React to this headline:

Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog Read More »

Understanding how attackers exploit APIs is more important than ever

API security, cybersecurity, Don't miss, Hot stuff, how-to, Intruder, programming, strategy, tips, Video / SecurityTicks

Understanding how attackers exploit APIs is more important than ever 22/08/2023 at 06:32 By Help Net Security In this Help Net Security video, Andy Hornegold, Product Lead at Intruder, dives into API security and explores how several recent high-profile breaches were caused by simple failings – which didn’t require sophisticated security to prevent. The number

React to this headline:

Understanding how attackers exploit APIs is more important than ever Read More »

8 open-source OSINT tools you should try

Don't miss, Features, GitHub, Hot stuff, News, open source, OSINT, OWASP, penetration testing, reconnaissance, Shodan, software / SecurityTicks

8 open-source OSINT tools you should try 22/08/2023 at 06:01 By Help Net Security Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using

React to this headline:

8 open-source OSINT tools you should try Read More »

Biden to bolster boondocks broadband with a billion bonus bucks (barely)

Uncategorized / SecurityTicks

Biden to bolster boondocks broadband with a billion bonus bucks (barely) 22/08/2023 at 05:47 By Brandon Vigliarolo ISPs in 22 states and Marshall Islands get to split nine-figure pot The Biden administration is ready to divvy up nearly $700 million more in funding for rural broadband expansion, with the US Department of Agriculture taking the

React to this headline:

Biden to bolster boondocks broadband with a billion bonus bucks (barely) Read More »

Hey Joe, those US CHIPS funds still coming? We kinda need them, says Micron

Uncategorized / SecurityTicks

Hey Joe, those US CHIPS funds still coming? We kinda need them, says Micron 22/08/2023 at 04:32 By Tobias Mann And by kinda, Idaho fab giant means absolutely ‘necessary’ for the plants it already announced Micron has advised investors that federal grants and other tax incentives are “necessary” for development of its already-announced chip fabs

React to this headline:

Hey Joe, those US CHIPS funds still coming? We kinda need them, says Micron Read More »

Ivanti Sentry exploited in the wild, patches emitted

Uncategorized / SecurityTicks

Ivanti Sentry exploited in the wild, patches emitted 22/08/2023 at 03:46 By Jessica Lyons Hardcastle Good thing you’re not exposing admin port 8443 to the world, right? Uh, right? A critical authentication bypass bug in MobileIron Sentry has been exploited in the wild, its maker Ivanti said in an advisory on Monday.… This article is

React to this headline:

Ivanti Sentry exploited in the wild, patches emitted Read More »

It’s official! Arm files for IPO on Nasdaq

Uncategorized / SecurityTicks

It’s official! Arm files for IPO on Nasdaq 22/08/2023 at 02:46 By Tobias Mann Paperwork confirms parent paid $16B for 25% stake held by Vision Fund Arm on Monday publicly filed for an initial public offering (IPO) on the Nasdaq stock market, under the ticker ARM.… This article is an excerpt from The Register View

React to this headline:

It’s official! Arm files for IPO on Nasdaq Read More »

Get a $25 gift card if you help the US check whether these facial logins really work

Uncategorized / SecurityTicks

Get a $25 gift card if you help the US check whether these facial logins really work 22/08/2023 at 02:31 By Brandon Vigliarolo NB: That will involve handing over your selfies and other personal info to AI outfits to experiment with The US government hopes to add face-based logins to .gov websites – though first

React to this headline:

Get a $25 gift card if you help the US check whether these facial logins really work Read More »

Uncle Sam: Rest of the world would love to steal our space blueprints – don’t let ’em

Uncategorized / SecurityTicks

Uncle Sam: Rest of the world would love to steal our space blueprints – don’t let ’em 22/08/2023 at 01:02 By Jessica Lyons Hardcastle If spies aren’t swiping designs via joint ventures, they’re breaking into IT networks and mulling sat hijackings With America outspending the rest of the world on space technologies, those systems and

React to this headline:

Uncle Sam: Rest of the world would love to steal our space blueprints – don’t let ’em Read More »