How to Measure Patching and Remediation Performance
Tracking metrics like MTTR, MTTD, MTTP, and MTTC can demonstrate the effectiveness of your patch management process and your value to the business.
04-10-2023 14:00

Outpost24 Expands Leadership Team by Appointing New Chief Revenue Officer
Today, cyber risk management company Outpost24 have announced the appointment of Allan Robertson as Chief Revenue Officer (CRO). Robertson is responsible for overseeing company-wide revenue generation and building an enhanced, integrated go to market app
04-10-2023 13:01

Patch Confusion for Critical Exim Bug Puts Email Servers at Risk--Again
Defenders have been left scrambling after the way patches were released for six flaws in the open source mail server, which is the most popular mail transfer agent on the Internet.
04-10-2023 13:00

Keeper Security Becomes a CVE Numbering Authority
Today, password management company Keeper Security has announced that it has been authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA). Keeper is the first password management company to join this global
04-10-2023 10:54

Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US
Russian hacktivist attacks are mostly for show, but sometimes they cause serious damage and are poised to begin getting worse.
03-10-2023 23:13

Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024
03-10-2023 22:00

They’ve begun: Attacks exploiting vulnerability with maximum 10 severity rating
Will attacks be as big as those targeting MOVEit? Maybe not, but they still can be plenty bad.
03-10-2023 21:53

Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far
While CVE-2023-40044 is critical, threat watchers hope it won't be another MOVEit for customers of Progress Software's file transfer technology.
03-10-2023 21:50

USPS Anchors Snowballing Smishing Campaigns
Researchers found 164 domains connected to a single threat actor located in Tehran.
03-10-2023 21:10

Deepfake celebrities begin shilling products on social media, causing alarm
Hanks and other celebrities have recently become targets of AI-powered ad scams.
03-10-2023 19:22

Name That Edge Toon: Office Artifacts
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
03-10-2023 17:00

Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials
Thousands of messages are being sent weekly in a campaign that uses links hosted on legitimate websites to evade natural language processing and URL-scanning email protections.
03-10-2023 16:26

UK SME cyber threat concerns on the rise in last 12 months as a quarter admit to being breached
Against a challenging economic backdrop and well publicised cyber-attacks, concerns about cyber threats amongst UK small and medium sized businesses (SMEs) have risen significantly in the last year as they consider the impact on brand, reputation, and re
03-10-2023 15:07

Researchers show how easy it is to defeat AI watermarks
Adding fake watermarks to real images, evading current watermarking methods is not hard.
03-10-2023 15:01

The State of Cybersecurity: Cyber skills gap leaves business vulnerable to attacks, new research reveals
ISACA, the leading global professional association helping individuals and organisations in their pursuit of digital trust, today launches new research looking at the state of cybersecurity. The research finds that of the cybersecurity professionals who
03-10-2023 15:00

Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot
Combining robust decryption and orchestration of encrypted traffic with threat prevention is crucial to staying ahead of attackers.
03-10-2023 14:00

Nexusflow Slots AI Into SOC Automation
The startup claims its private AI software is working on making decisions based on generalizing from examples.
03-10-2023 02:27

Secure Yeti Appoints Jayson E. Street as Chief Adversarial Officer to Spearhead Cybersecurity Empowerment
02-10-2023 22:00

Visa Program Combats Friendly Fraud Losses For Small Businesses Globally
02-10-2023 21:33

In Search of Rust Developers, Companies Turn to In-House Training
Google, Fortanix, and other firms have aimed to train a cadre of Rust developers, betting that the additional cost will be offset by security savings.
02-10-2023 21:08

North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org
The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.
02-10-2023 20:51

KillNet Claims DDoS Attack Against Royal Family Website
The royal takedown was a brief but effective PR stunt for Russia's most notorious hacktivist group.
02-10-2023 20:49

FBI: Crippling 'Dual Ransomware Attacks' on the Rise
Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.
02-10-2023 20:05

Dead grandma locket request tricks Bing Chat’s AI into solving security puzzle
"I'm sure it's a special love code that only you and your grandma know."
02-10-2023 19:59

Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection
Norway wants to permanently ban the owner of Facebook and Instagram from collecting sensitive user data across Europe, saying its current policies violate GDPR rules.
02-10-2023 19:44

Vulnerable Arm GPU drivers under active exploitation. Patches may not be available
Vulnerability allows attackers to tamper with data stored in device memory.
02-10-2023 19:37

Addressing AI and Security Challenges With Red Teams: A Google Perspective
Red Teams can help organizations better understand vulnerabilities and secure critical AI deployments.
02-10-2023 18:55

Iran-Linked APT34 Spy Campaign Targets Saudis
The Menorah malware can upload and download files, as well as execute shell commands.
02-10-2023 17:19

Which DFIR Challenges Does the Middle East Face?
Demand for digital forensics and incident response (DFIR) surges in the Middle East, a new IDC report finds. Is automation the answer?
02-10-2023 17:00

Making Sense of Today's Payment Cybersecurity Landscape
PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.
02-10-2023 14:00

Threat Hunting with MITRE ATT&CK
Cybercriminal tactics continue to grow in number and advance in ability; in response, many organisations have seen the need to reach a security posture where their teams can proactively combat threats.   Threat hunting plays a pivotal role in modern
02-10-2023 09:09

The Silent Threat of APIs: What the New Data Reveals About Unknown Risk
The rapid growth of APIs creates a widening attack surface and increasing unknown cybersecurity risks.
02-10-2023 07:00

Critical vulnerabilities in Exim threaten over 250k email servers worldwide
Remote code execution requiring no authentication fixed. 2 other RCEs remain unpatched.
29-09-2023 22:59

Securing AI: What You Should Know
Securing AI within your organization starts with understanding how AI differs from traditional business tools. Google's Secure AI Framework provides a model for what to do next.
29-09-2023 21:00

How Can Your Security Team Help Developers Shift Left?
Implementing a shift-left process in cybersecurity requires pulling together people, processes, and technology.
29-09-2023 19:40

Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain
The Israeli company developed highly-targeted, mobile malware that would make any APT jealous.
29-09-2023 18:43

DHS: Physical Security a Concern in Johnson Controls Cyberattack
An internal memo cites DHS floor plans that could have been accessed in the breach.
29-09-2023 18:41

Cybersecurity Gaps Plague US State Department, GAO Report Warns
The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.
29-09-2023 17:03

Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
29-09-2023 16:34

People Still Matter in Cybersecurity Management
Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.
29-09-2023 14:00

Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files
Images purporting to be of the Armenia and Azerbaijan conflict were malware downloaders in disguise.
29-09-2023 13:55

QR Code 101: What the Threats Look Like
Because QR codes can be used for phishing as easily as an email or text can, organizations must remain vigilant when dealing with them.
29-09-2023 01:00

Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.
28-09-2023 22:30

Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.
28-09-2023 21:46

New Cisco IOS Zero-Day Delivers a Double Punch
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.
28-09-2023 21:45

A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day
If your software package involves VP8 video encoding, it's likely vulnerable to attack.
28-09-2023 21:23

Johnson Controls International Disrupted by Major Cyberattack
The company filed with the SEC and is assessing its operations and financial damages.
28-09-2023 20:40

Meta launches consumer AI chatbots with celebrity avatars in its social apps
WhatsApp, Instagram add animated AI chat avatars, including Snoop Dogg as dungeon master.
28-09-2023 19:52

Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World
How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC).
28-09-2023 19:38

Novel ZenRAT Scurries Onto Systems via Fake Password Manager Tool
Attackers exclusively target Windows users with an impersonation website that distributes information-stealing malware.
28-09-2023 17:50

7 Ways SMBs Can Secure Their WordPress Sites
This Tech Tip outlines seven easy fixes that small and midsize businesses can use to prevent the seven most common WordPress vulnerabilities.
28-09-2023 17:00

Looking Beyond the Hype Cycle of AI/ML in Cybersecurity
Artificial intelligence and machine learning aren't yet delivering on their cybersecurity promises. How can we close the gaps?
28-09-2023 17:00

AI language models can exceed PNG and FLAC in lossless compression, says study
Is compression equivalent to general intelligence? DeepMind digs up more potential clues.
28-09-2023 15:43

4 Legal Surprises You May Encounter After a Cybersecurity Incident
Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident.
28-09-2023 14:00

Supply Chain Attackers Escalate With GitHub Dependabot Impersonation
Armed with stolen developer passcodes, attackers have checked in changes to repositories under the automation feature's name in an attempt to escape notice.
28-09-2023 13:56

CAPTCHAs Easy for Humans, Hard for Bots
Proton is aiming for the sweet spot between security, privacy, and accessibility with its CAPTCHA.
28-09-2023 13:15

Guide to ransomware and how to detect it
The landscape of ransomware has undergone rapid evolution, shifting from a relatively straightforward form of malicious software primarily affecting individual computer users, to a menacing enterprise-level threat that has inflicted substantial harm on v
28-09-2023 10:31

A Preview of Windows 11's Passkeys Support
The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication.
28-09-2023 00:00

Radiant Logic Announces Expanded Identity Analytics and Data Management Platform Capabilities
27-09-2023 22:18

Fortinet Announces Formation of Veterans Program Advisory Council to Narrow the Cybersecurity Skills Gap With Military Veteran Talent
27-09-2023 22:07

Netscout Identified Nearly 7.9M DDOS Attacks in the First Half of 2023
27-09-2023 22:05

Researchers Release Details of New RCE Exploit Chain for SharePoint
One of the already-patched flaws enables elevation of privilege, while the other enables remote code execution.
27-09-2023 21:26

China APT Cracks Cisco Firmware in Attacks Against the US and Japan
Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.
27-09-2023 20:15

Will Government Secure Open Source or Muck It Up?
The US government aims to support open source projects, while the European Union seeks to make open source projects liable for their software. Which approach will lead to more security?
27-09-2023 20:01

Jony Ive and OpenAI’s Altman reportedly collaborating on mysterious AI device
Despite lack of specifics, rumored smartphone collaboration has everyone guessing.
27-09-2023 19:19

Backdoored firmware lets China state hackers control routers with “magic packets”
The modified firmware used by BlackTech is hard to detect.
27-09-2023 19:04

Microsoft Adds Passkeys to Windows 11
It's the latest step in the gradual shift away from traditional passwords.
27-09-2023 18:45

Threat Data Feeds and Threat Intelligence Are Not the Same Thing
It's important to know the difference between the two terms. Here's why.
27-09-2023 17:00

Spotify uses AI to clone and translate podcaster voices in new pilot program
Feature hopes to remove language barriers, but will speakers know if translations are faulty?
27-09-2023 15:28

Hackers Trick Outlook Into Showing Fake AV Scans
Researchers spot attackers using an existing phishing obfuscation tactic in order to better ensure recipients fall for their scam.
27-09-2023 14:17

Kenyan Financial Firm Fined for Mishandling Data
Kenyan data protection regulator issues monetary penalties to multiple firms for improper handling of personal data.
27-09-2023 14:14

How the Okta Cross-Tenant Impersonation Attacks Succeeded
Sophisticated attacks on MGM and Caesars underscore the reality that even robust identity and access management may not be enough to protect you.
27-09-2023 14:00

Research reveals 80% of applications developed in EMEA contain security flaws
Veracode, a leading global provider of intelligent software security, today released research indicating applications developed by organisations in Europe, Middle East and Africa tend to contain more security flaws than those created by their U.S. counte
27-09-2023 12:07

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost
Netwrix has surveyed more than 1,600 IT and security professionals worldwide to reveal how their organisations reduce the financial impact of a data breach via a cyber insurance policy. According to the survey, 44% of organisations are insured and 15% pl
27-09-2023 11:58

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023
Akamai Technologies, Inc. has today released a new State of the Internet report that explores existing and emerging cyberattacks against the financial services industry. The new report, The High Stakes of Innovation: Attack Trends in Financial Services,
27-09-2023 11:41

ICS Reconnaissance Attacks – Introduction to Exploiting Modbus
Despite being widely used in Industrial Control Systems (ICS), Modbus has been recognised as an insecure protocol. Securing and attacking Modbus has therefore been a topic for years, and it was first in 2018 that the Modbus Security protocol (MSP) was pu
27-09-2023 10:31

Keeper Security study shows cultural changes imperative to improve cyber incident reporting
Keeper Security, a provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, secrets, connections and privileged access, has released findings of its Cybersecurity Disasters Survey: Incident Reporting &#
27-09-2023 10:00

Google quietly corrects previously submitted disclosure for critical webp 0-day
Previous CVE submission failed to mention that thousands of apps were affected.
27-09-2023 00:47

Research From IANS and Artico Search Reveals Cybersecurity Budgets Increased Just 6% for 2022-2023 Cycle
26-09-2023 21:48

Cyemptive Technologies Expands Operations in the Middle East and the Americas
26-09-2023 21:44

Catalyte Leverages Google Career Certificates to Expand Cybersecurity Apprenticeship Opportunities
26-09-2023 21:23

Suspicious New Ransomware Group Claims Sony Hack
A deceitful threat actor claims its biggest haul yet. But what, if any, Sony data does it actually have?
26-09-2023 21:20

Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains
Ransomware-as-a-service affiliate ShadowSyndicate is unusual for the size of its malicious infrastructure and the fact that it's distributing seven different ransomware strains.
26-09-2023 21:18

Delinea Secret Server Introduces MFA Enforcement at Depth to Meet Cyber Insurance Requirements
26-09-2023 19:53

Maine Department of Labor to Announce the Launch of University of Maine at Augusta Cybersecurity and IT Registered Apprenticeship Program
26-09-2023 19:35

HD Moore's Discovery Journey
Metasploit creator's shift into enterprise asset discovery and passive scanning with startup runZero is a natural evolution of his exploratory cyber career.
26-09-2023 19:00

GPUs from all major suppliers are vulnerable to new pixel-stealing attack
A previously unknown compression side channel in GPUs can expose images thought to be private.
26-09-2023 17:40

4 Pillars for Building a Responsible Cybersecurity Disclosure Program
Responsible disclosure must strike a balance between the immediate need to protect users and the broader security implications for the entire community.
26-09-2023 17:00

Can you melt eggs? Quora’s AI says “yes,” and Google is sharing the result
Incorrect AI-generated answers are forming a feedback loop of misinformation online.
26-09-2023 15:43

Chad Taps Huawei for Digital Modernization Project
Fiber optic networks and better connectivity for Chad's users are part of the ICT modernization project with the Chinese networking giant.
26-09-2023 15:36

Amid MGM, Caesars Incidents, Attackers Focus on Luxury Hotels
A fast-growing cyber campaign solely takes aim at luxury hotel and resort chains, using security-disruptive tactics to spread info-stealing malware.
26-09-2023 15:27

Proactive Security: What It Means for Enterprise Security Strategy
Proactive Security holds the elusive promise of helping enterprises finally get ahead of threats, but CISOs must come to grips with the technological and philosophical change that it brings.
26-09-2023 14:00

CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme
CREST and IASME are delighted to announce their partnership with the NCSC to help deliver its new Cyber Incident Exercising scheme. The NCSC (National Cyber Security Centre) has created the scheme to help organisations find high quality providers that ca
26-09-2023 09:24

Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe
cyberelements, the Zero Trust Privileged Access Management (PAM) platform, today announces its strategic partnership with leading technology distributor, ABC Distribution heralding a new era in access security across Europe and beyond. cyberelements’ pio
26-09-2023 09:23

When It Comes to Email Security, the Cloud You Pick Matters
While cloud-based email offers more security than on-premises, insurance firms say it matters whether you use Microsoft 365 or Google Workspace.
25-09-2023 23:31

Xenomorph Android Malware Targets Customers of 30 US Banks
The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.
25-09-2023 21:17

MOVEit Flaw Leads to 900 University Data Breaches
National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.
25-09-2023 20:35

UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack
The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.
25-09-2023 20:25

ChatGPT update enables its AI to “see, hear, and speak,” according to OpenAI
Image recognition and voice features aim to make the AI bot's interface more intuitive.
25-09-2023 18:38

ChatGPT update enables its AI to “see, hear, and speak,“ according to OpenAI
Image recognition and voice features aim to make the AI bot's interface more intuitive.
25-09-2023 18:38

source : arstechnica, darkreading, itsecurityguru