Chinese multinational bank hit by ransomware 10/11/2023 at 14:46 By Helga Labus The state-owned Industrial and Commercial Bank of China (ICBC), which is one of the largest banks in the world, has been hit by a ransomware attack that led to disrupted trades in the US Treasury market. The attack “On November 8, 2023, U.S. […]
React to this headline:
Chinese multinational bank hit by ransomware Read More »
November 2023 Patch Tuesday forecast: Year 21 begins 10/11/2023 at 09:03 By Help Net Security The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed 75 CVEs in Windows 11, 80 in Windows 10,
React to this headline:
November 2023 Patch Tuesday forecast: Year 21 begins Read More »
How to withstand the onslaught of cybersecurity threats 10/11/2023 at 08:31 By Help Net Security “We brought a shovel to fight an avalanche.” That’s the sentiment shared by many business leaders, especially CISOs, CIOs and IT leaders as they face the current cybersecurity threat landscape. Like an avalanche, it’s constantly shifting and changing, moving quickly
React to this headline:
How to withstand the onslaught of cybersecurity threats Read More »
Rethinking cyber risk: The case against spreadsheets 10/11/2023 at 08:02 By Help Net Security In this Help Net Security video, Christina Hoefer, VP of Global Industrial Enterprise at Forescout, discusses why it is time for manufacturers/OT security leaders to “toss the spreadsheet” regarding their traditional methods of tracking data for cyber risk assessments. She addresses
React to this headline:
Rethinking cyber risk: The case against spreadsheets Read More »
Sandworm hackers incapacitated Ukrainian power grid amid missile strike 09/11/2023 at 19:17 By Helga Labus Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. About Sandworm “Sandworm is a threat actor that has carried out cyber operations in support of
React to this headline:
Sandworm hackers incapacitated Ukrainian power grid amid missile strike Read More »
MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) 09/11/2023 at 18:01 By Helga Labus A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day vulnerability (CVE-2023-34362) in Progress Software’s
React to this headline:
MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) Read More »
Open-source vulnerability disclosure: Exploitable weak spots 09/11/2023 at 15:17 By Zeljka Zorz Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “half-day” and “0.75-day” vulnerabilities “Half-day” vulnerabilities are known
React to this headline:
Open-source vulnerability disclosure: Exploitable weak spots Read More »
Security in the impending age of quantum computers 09/11/2023 at 09:02 By Help Net Security Quantum computing is poised to be one of the most important technologies of the 21st century. With global governments having collectively pledged more than $38 billion in public funds for quantum technologies and $2.1 billion of new private capital flowing
React to this headline:
Security in the impending age of quantum computers Read More »
Unpacking the challenges of anti-money laundering obligations 09/11/2023 at 08:32 By Help Net Security When managing anti-money laundering (AML) obligations, many challenger banks turn to basic or unproven in-house risk management solutions. Although these solutions can, in some ways, be innovative, they are often built quickly and lack thorough testing, leading to potential vulnerabilities. In
React to this headline:
Unpacking the challenges of anti-money laundering obligations Read More »
Microsoft Authenticator suppresses suspicious MFA notifications 08/11/2023 at 17:46 By Helga Labus Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious (and annoying) push notifications triggered by attackers. Preventing attacks relying on MFA fatigue When faced with MFA-protected accounts, threat actors repeatedly try to gain access
React to this headline:
Microsoft Authenticator suppresses suspicious MFA notifications Read More »
Sumo Logic discloses potential breach via compromised AWS credential 08/11/2023 at 14:49 By Helga Labus Cloud-native big data and security analytics firm Sumo Logic is investigating a potential security incident within their platform, the company revealed on Tuesday. The Sumo Logic incident “On Friday, November 3rd, 2023, Sumo Logic discovered evidence of a potential security
React to this headline:
Sumo Logic discloses potential breach via compromised AWS credential Read More »
The 3 key stages of ransomware attacks and useful indicators of compromise 08/11/2023 at 09:02 By Help Net Security For SOC teams to be able to defend their organization against ransomware attacks, they need to have the right security toolset, but also an understanding of the three primary ransomware attack stages. In this article, we
React to this headline:
The 3 key stages of ransomware attacks and useful indicators of compromise Read More »
AI-assisted coding and its impact on developers 08/11/2023 at 08:02 By Help Net Security The emergence of AI has put into question the roles of software developers everywhere. In this Help Net Security video, Cat Hicks, VP of Research Insights at Pluralsight, discusses pressing questions that engineering organizations face regarding the rapidly-changing possibilities of AI-assisted
React to this headline:
AI-assisted coding and its impact on developers Read More »
Microsoft introduces new access policies in Entra to boost MFA usage 07/11/2023 at 18:17 By Helga Labus As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID (formerly Azure Active Directory) to increase the use of multifactor authentication (MFA) for enterprise accounts. Microsoft Entra Conditional
React to this headline:
Microsoft introduces new access policies in Entra to boost MFA usage Read More »
Looney Tunables bug exploited for cryptojacking 07/11/2023 at 12:46 By Helga Labus Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications
React to this headline:
Looney Tunables bug exploited for cryptojacking Read More »
7 free cyber threat maps showing attack intensity and frequency 07/11/2023 at 09:03 By Help Net Security Cyber threat maps are one of the most visually engaging tools in the arsenal of cybersecurity professionals. These real-time visualizations provide a global perspective on digital threats, showcasing the intensity and frequency of attacks as they happen. This
React to this headline:
7 free cyber threat maps showing attack intensity and frequency Read More »
How AI is transforming consumer privacy expectations 07/11/2023 at 08:01 By Help Net Security Consumers are concerned about their privacy with AI. Cisco discovered that 60% had lost trust in organizations due to their AI use. In this Help Net Security video, Robert Waitman, Director of Cisco’s Privacy Center of Excellence, discusses consumers’ perceptions and
React to this headline:
How AI is transforming consumer privacy expectations Read More »
Okta breach post mortem reveals weaknesses exploited by attackers 06/11/2023 at 17:18 By Zeljka Zorz The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. “During our investigation into suspicious use of this account, Okta Security identified that an employee
React to this headline:
Okta breach post mortem reveals weaknesses exploited by attackers Read More »
Google Play will mark independently validated VPN apps 06/11/2023 at 13:49 By Helga Labus Android VPN apps that have gone through an independent security validation will now be able to claim that distinction on Google Play with a prominent badge in their Data Safety section. “We’ve launched this banner beginning with VPN apps due to
React to this headline:
Google Play will mark independently validated VPN apps Read More »
Atlassian Confluence data-wiping vulnerability exploited 06/11/2023 at 13:19 By Zeljka Zorz Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances’ database, Greynoise is observing. The Shadowserver Foundation has also seen 30+ IP addresses testing for the flaw in internet-facing Confluence installations. From security updates
React to this headline:
Atlassian Confluence data-wiping vulnerability exploited Read More »