The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the CVE-2023-29360 Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog, which allows attackers to gain SYSTEM privileges.
The UK Department for Science, Innovation and Technology (DSIT) has revealed what its future Cybersecurity Governance Code of Practice will look like and the five principals it will include.
A sophisticated phishing kit with novel tactics targets cryptocurrency platforms and the FCC through a combination of email, SMS, and voice phishing, successfully stealing high-quality data from mobile device users in the United States.
Hackers stole sensitive information, including military and government documents, from Chunghwa Telecom and sold it on the dark web. The leaked data included documents from the armed forces, foreign affairs ministry, coast guard, and other units.
The platform had over 180,000 registered users and was accessible through both the "Darknet" and the "Clearnet." The investigation is ongoing, with plans to identify and target the platform's users.
According to the findings from a recent Kaspersky study revealed at Cybersecurity Weekend, 41% of companies worldwide are facing a shortfall of qualified cybersecurity professionals. This problem is even more sensitive for the Middle East, Turkiye, and Africa (META) region, with 43% of companies understaffed. Most show more ...
understaffing can be found among Malware analysts and Information security researchers. As the frequency and complexity of cyberattacks increase, and the demand for InfoSec professionals in business grows, the number of practitioners meeting the company’s requirements for skills and level of expertise is declining. META Lacks InfoSec professionals Studies carried out by cybersecurity companies and international organizations have already highlighted the lack of InfoSec professionals. Research conducted by (ISC)2 cybersecurity workforce study revealed that the workforce gap was almost 4 million InfoSec workers in 2022. Looking at cybersecurity needs across industries, the government sector reported the highest demand for cybersecurity practitioners and admitted that nearly half (46%) of the Infosec roles it required remain unfilled. The telecom and media sectors are understaffed by 39% followed by retail & wholesale and healthcare with 37% of its roles remaining vacant. “To reduce the shortage of qualified InfoSec professionals, companies offer high salaries, better working conditions and bonus packages, while also investing in up-to-date training with the latest knowledge. However, the research results show that these measures are not always enough. The growth rate of the domestic IT market in some developing regions is changing so rapidly, that the labor market cannot manage to educate and train the appropriate specialists with the necessary skills and expertise in such tight deadlines. On the contrary, regions with developed economies and matured businesses do not report such an acute shortfall of InfoSec professionals as their rates are below market average,” comments Vladimir Dashchenko, Security evangelist, ICS CERT, Kaspersky. To minimize the negative consequences of global cybersecurity staff shortfall, Kaspersky experts recommend the following: Adopt managed security services such as Kaspersky Managed Detection and Response (MDR) or/and Incident Response to get additional expertise without additional hiring. It helps to protect against cyberattacks and investigate incidents even if a company lacks security workers. Invest in additional cybersecurity courses for your staff to keep them up to date with the latest knowledge. With Kaspersky Expert training, InfoSec professionals can advance their hard skills and be able to defend their companies against attacks. Use interactive simulators to test your expertise and assess the way you think in critical situations. For instance, with the new Kaspersky interactive ransomware game, you can observe the way the company’s IT department deploys, investigates and responds to an attack and makes vital decisions with the game’s main character. Use centralized and automated solutions such as Kaspersky Extended Detection and Response (XDR) to reduce the burden on the IT security team and minimize the possibility of making mistakes. By aggregating and correlating data from multiple sources in one place and using technologies of machine learning, these solutions provide effective threat detection and fast automated response. The research ‘The portrait of modern Information Security professional’ was conducted in order to evaluate the current state of the labor market and analyze the exact reasons for the cybersecurity skills shortage. 1,000 InfoSec professionals from Asia-Pacific, Europe, the META region, North and Latin America were researched. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
In an era defined by rapid technological advancements and evolving cyber threats, the outsourcing of IT security services has emerged as a prevailing practice among organizations seeking to fortify their defenses. From network security to threat detection, businesses are increasingly relying on external partners to show more ...
augment their cyber security capabilities. However, within this landscape of opportunity lie nuanced considerations that demand careful examination. Embracing IT Security Service Outsourcing The allure of IT security outsourcing is undeniable, offering a spectrum of advantages ranging from access to specialized skills to streamlined operations. By tapping into the expertise of external providers, organizations can bridge skill gaps and accelerate their learning curve in the realm of cyber security. Yet, amid these benefits, it is essential to acknowledge the inherent risks, particularly concerning data protection and regulatory compliance. A recent study by Kaspersky found that over 75% of participants indicated that their company had faced cyber security incidents in the past two years, with another 75% of these deemed ‘serious.’ A number of respondents attributed the occurrence of cyber incidents to insufficient tools for threat detection and a shortage of internal IT security personnel. 25% of respondents said that their organizations plan to invest in third-party professional services, and 23% intend to outsource their cyber security needs to MSP/MSSP) “In the landscape of modern business, the outsourcing of IT security services, ranging from network security to threat detection, has emerged as a prevailing practice. This approach brings a range of benefits and potential risks, particularly in the realms of data protection and regulatory compliance”. Darren Humphries, CISO at Acora continues; Outsourcing certainly offers distinct advantages, but it’s essential to recognize its limitations. Bridging Skill Gaps with Outsourced Expertise IT outsourcing addresses a skill gap that organizations might face. By tapping into external expertise, companies can swiftly acquire specialized skills. This not only fills gaps but also enables employers to ascend the learning curve more rapidly. However, it’s important to note that certain aspects can’t be entirely outsourced. While you can purchase tools and hire personnel, managing the human factor is a distinct challenge that can’t be fully transferred”. Acora, a prominent player in the IT and cybersecurity outsourcing domain, advocates for a partnership-driven ethos that prioritizes collaboration and expertise. Identifying security vulnerabilities whilst also implementing tailored solutions to address them effectively, fostering a resilient cyber security posture. The shared security model inherent in outsourcing underscores the delicate balance between leveraging external expertise and retaining control over critical aspects such as risk management and compliance. Whilst organizations can delegate certain operational tasks, the fundamental responsibilities of mitigating risks and ensuring regulatory adherence remain firmly within their purview. Notably, managing the human factor presents a unique challenge that cannot be entirely transferred to external partners. At its core, successful IT security outsourcing hinges on the strategic alignment of expertise and control. It is about striking a balance that optimizes operational efficiency whilst safeguarding sensitive assets and upholding compliance standards. By embracing a collaborative approach and maintaining a steadfast focus on risk management, organizations can navigate the complexities of IT security outsourcing with confidence and resilience. In situations demanding rapid scalability, opting for outsourced IT support offers a convenient means to guarantee comprehensive coverage, adapting swiftly to your business needs. However, it’s essential to acknowledge that this approach may not be universally applicable. In some rare cases, businesses might discover that their internal processes and operations do not seamlessly align with outsourced IT solutions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
By Florie Lhuillier, Head of Cybersecurity, CCGroup Working in the cybersecurity industry is like training for a marathon constantly. At the start, you are anxious but excited to launch yourself into something new. Then soon the challenge of what you have set out to do becomes crystal clear. There are not many people show more ...
you can rely on to do this but yourself, the increasing threat of picking up niggles and injuries is very real and external factors such as bad weather and heat are putting roadblocks into your training. You also keep seeing more and more runners signing up for the same event, making your goal of standing out and finishing in the top 10% even more difficult. The reality for today’s cybersecurity professionals can feel just as relentless. The talent shortage is worsening, geopolitical events and new technologies such as AI are making cyberattacks more likely and increasingly sophisticated while global economic uncertainty continues, and new cybersecurity startups are emerging. These cybersecurity marketing trends are making the role of those tasked with promoting solutions extremely challenging, leading them to rethink their strategies. Let’s take a closer look. The Skills Shortage is Real According to this report, both UK and US enterprises that reported a decrease in investment last year stated talent shortages as the main reason. Recent research by the UK government also found that 50% of all UK businesses have a basic cybersecurity skills gap and over 160,000 cybersecurity jobs were posted in 2023—an increase of 30% from 2022. The skills gap in the industry is real and will only continue to increase unless organizational resources are redirected to the security department for support or companies develop talent from within and upskill their employees through proper training. The Cyberattack Surface is Expanding The economic downturn and geopolitical conflicts that the world is experiencing are also driving an expansion of the attack surface. Pro-Russian hackers are launching cyberattacks with political motives on Western infrastructure while cybercrime groups are ramping up their efforts and knocking on more doors, particularly those from smaller organizations. They need to make money too and even more so during a turbulent economic situation. Technological advances such as Generative AI are another reason behind increasing cyberattacks. From business email compromise attacks and malicious chatbots to deepfake phishing, the creation and proliferation of AI-driven hacker tools like WormGPT and FraudGPT are lowering the barrier for entry and democratizing the execution of different types of attacks. This is making the need for enterprises to keep up with threats even more important. Significant Investments are Made But Challenges Remain Despite the world entering what experts have called a “polycrisis” (inflation, climate change, the war in Ukraine), the market for cybersecurity products remains buoyant – at least, at first glance. The same report mentioned above shows 78% of enterprises in the US and 58% in the UK have increased their investments in the last year. Meanwhile, 81% of enterprises overall are looking to work with new cybersecurity technology suppliers in the next 12 months. Enterprises are also identifying gaps in their existing cybersecurity solutions and looking for vendors that can better address their needs, particularly in the endpoint security, application security, and fraud prevention space. Looking ahead, however, 37% of US enterprises expect to see a cut in the next 12 months. Similarly, 24% of UK enterprises are set to reduce their spending. The main reason on both sides of the pond is that the change is in line with their revenues. This means that cybersecurity vendors will need to double down on their sales and marketing efforts and emphasize the uniqueness and cost-effectiveness of their offering even more if they want to get on their buyers’ radar. The Provider Landscape is Changing Finally, the proliferation of attacks, causing trillions of dollars of damage every year, is also making cybersecurity a big market opportunity to seize. Analyst firm Gartner predicts that the end-user spending for the information security and risk management market will reach $267.3 billion in 2026. According to IT-Harvest, there are more than 3,740 cybersecurity vendors in the world and new startups being created every day that want a piece of the pie, making the provider landscape extremely competitive and dynamic. All these factors mean cybersecurity vendors need to reappraise their marketing efforts to engage and help enterprises deal with a growing skills gap, manage cybersecurity threats, and limit, if not eliminate, their exposure to risk ensuring business resiliency. Adapting Cybersecurity Marketing Strategies To do this, marketing teams need to analyze, adjust and adapt what they do regularly, to what’s happening in the market – from their overall strategy to new technologies, tools and trends. To go back to the running analogy, anyone’s marathon training can never be perfect, bumps in the road are part of the journey. However, what’s important is not what’s going to happen, if you are going to get injured or not or finish a run, but how you react to it and what you learn from it. As a marketer, you need to first identify where you want to be in 12- or 24-months’ time and where you are right now. Do you want to build awareness or improve your conversion rate of RFPs? Is your current channel and content strategy aligned with this goal? What you need is to take the time to sit down, ideally with a third party like a coach, and analyze what you’ve done (or not done) and what you could have done better. Much like when a race, despite all the training, didn’t go to plan. Did you have the right gear, clothing and fuel that day? If not, make sure to adjust your strategy and programme before the next one and adapt it to external factors. It’s only then that you will have the best possible chance of success. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision, which marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to approximately
The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including the U.S. Departments of the Treasury and State, defense contractors that support U.S. Department of
Source: www.bleepingcomputer.com – Author: Lawrence Abrams Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA. The most show more ...
impactful attack of 2024 so far is the attack on UnitedHealth Group’s subsidiary […] La entrada The Week in Ransomware – March 1st 2024 – Healthcare under siege – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.infosecurity-magazine.com – Author: 1 US President Joe Biden has warned that Chinese manufactured automobiles could be used to steal sensitive data of US citizens and critical infrastructure. The White House statement announced it will be conducting an investigation into the impact of “connected show more ...
vehicles” containing technology from China on US national security. “I have […] La entrada Biden Warns Chinese Cars Could Steal US Citizens’ Data – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.infosecurity-magazine.com – Author: 1 Read more on Ivanti vulnerabilities: Two Ivanti Zero-Days Actively Exploited in the Wild Ivanti Zero-Days Exploited By Multiple Actors Globally Rust Payloads Exploiting Ivanti Zero-Days Linked to Sophisticated Sliver Ivanti Releases Zero-Day Patches and Reveals show more ...
Two New Bugs Latest Ivanti Zero Day Exploited By Scores of IPs New Ivanti Vulnerability […] La entrada Five Eyes Warn of Ivanti Vulnerabilities Exploitation, Detection Tools Insufficient – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.infosecurity-magazine.com – Author: 1 The UK Home Office has breached data protection law by using electronic tags to monitor migrants, according to the Information Commissioner’s Office (ICO). The regulator said the government department failed to sufficiently assess the privacy intrusion of the show more ...
continuous collection of individuals’ location information. It noted that 24/7 access to […] La entrada UK Home Office Breached Data Protection Law with Migrant Tracking Program, ICO Finds – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Votiro Financial Giants Under Siege It’s only the first quarter of 2024 and major breaches are already starting to be announced, with two major financial organizations reporting breaches in their 8-K filings. It’s no surprise they were targets, as current stats show show more ...
that ransomware attacks against financial services increased from 55% […] La entrada A Deep Dive into the 2024 Prudential and LoanDepot Breaches – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Kaustubh Jagtap Author: Kaustubh Jagtap, Product Marketing Director, SafeBreach On February 29th, the Cybersecurity and Infrastructure Security Agency (CISA) issued two separate advisories related to malicious behavior exhibited by threat actors. The first advisory show more ...
AA24-060A pertains to Phobos Ransomware and the second advisory AA24-060B pertains to the exploitation of vulnerabilities in […] La entrada SafeBreach Coverage for AA24-060A (Phobos Ransomware) and AA24-060B (Ivanti Connect Secure) – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Francis Guibernau On February 29, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) which show more ...
disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the Phobos […] La entrada Response to CISA Advisory (AA24-060A): #StopRansomware: Phobos Ransomware – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Marc Handelman Security Bloggers Network Home » Security Bloggers Network » USENIX Security ’23 – Vivek Nair, Dawn Song – Multi-Factor Key Derivation Function (MFKDF) for Fast, Flexible, Secure, & Practical Key Management by Marc Handelman on March 1, 2024 show more ...
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 […] La entrada USENIX Security ’23 – Vivek Nair, Dawn Song – Multi-Factor Key Derivation Function (MFKDF) for Fast, Flexible, Secure, & Practical Key Management – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Jeffrey Burt The federal government and cybersecurity teams are warning organizations that threat groups are exploiting multiple flaws in Ivanti’s VPN appliances despite the vendor’s Integrity Checking Tool (ICT) and even after factory resets. An advisory issued by show more ...
the FBI, CISA, and international members of the Five Eyes intelligence alliance came […] La entrada CISA, Mandiant Warn of a Worsening Situation for Ivanti Users – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Marc Handelman Hot Topics USENIX Security ’23 – Vivek Nair, Dawn Song – Multi-Factor Key Derivation Function (MFKDF) for Fast, Flexible, Secure, & Practical Key Management CISA, Mandiant Warn of a Worsening Situation for Ivanti Users Comic Agilé show more ...
– Mikkel Noe-Nygaard, Luxshan Ratnaravi – #280 – The Tech Stack and the […] La entrada Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #280 – The Tech Stack and the Architect – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Alexandra Charikova The uncontrolled sprawl of exposed, insecure APIs puts sensitive personal and corporate data at high risk, as shown by the numerous data breaches like the T-Mobile hack ($350M fine in 2022), the Peloton data exposure in 2021, and many others. However, show more ...
in some cases, instead of the API itself […] La entrada How to secure your API secret keys from being exposed? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Richi Jennings Amazon, Sears and Shein still sell security swerving stuff. Cheap Chinese doorbell cameras aren’t always super-secure, say researchers. I know, I know—huge shock, right? But it’s good that mainstream consumer media is banging the drum so normies show more ...
might get the message. Unfortunately, some retailers aren’t listening. In today’s SB Blogwatch, we […] La entrada Cheap Video Doorbell Cams: Tools of Stalkers and Thieves – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Alexandra Charikova API Sprawl is a serious challenge in 2024, and shadow APIs are part of the problem. But do you actually know what Shadow APIs are and why they represent danger for organizations? With the ever-increasing number of exposed APIs, the pain of not being show more ...
able to gain visibility over […] La entrada What is a Shadow API? Understanding the risks and strategies to prevent their sprawl – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityboulevard.com – Author: Marc Handelman Security Bloggers Network Home » Security Bloggers Network » USENIX Security ’23 – Conor Gilsenan, Fuzail Shakir, Noura Alomar, Serge Egelman – Security and Privacy Failures in Popular 2FA Apps by Marc Handelman on March 1, 2024 Many thanks to show more ...
USENIX for publishing their outstanding USENIX Security ’23 Presenter’s […] La entrada USENIX Security ’23 – Conor Gilsenan, Fuzail Shakir, Noura Alomar, Serge Egelman – Security and Privacy Failures in Popular 2FA Apps – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.proofpoint.com – Author: 1 Human-centric threats continue to impact organizations with reports of direct financial penalties due to phishing up 326% TORONTO, Canada, February 27, 2024 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released its tenth annual State of the show more ...
Phish report, revealing that two-thirds (67%) of Canadian employees knowingly put their […] La entrada Proofpoint’s 2024 State of the Phish Report: 67% of Canadian Employees Willingly Gamble with Organizational Security – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.cybertalk.org – Author: slandau Mark Ostrowski is Head of Engineering, U.S. East, for Check Point, a global cyber security company. With over 20 years of experience in IT security, he has helped design and support some of the largest security environments in the country. Mark actively contributes to show more ...
national and local media, discussing cyber […] La entrada Cyber threat prevention ahead of U.S. elections – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.lastwatchdog.com – Author: bacohido Zurich, Switzerland, Feb. 27, 2024 — Chipmaking has become one of the world’s most critical technologies in the last two decades. The main driver of this explosive growth has been the continuous scaling of silicon technology (widely known as the Moore’s Law). show more ...
But these advances in silicon technology are slowing […] La entrada News alert: Chiral announces $3.8m funding round to advance nanomaterial chip manufacturing – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.lastwatchdog.com – Author: bacohido Rochester, N.Y. Feb. 15, 2024 – Harter Secrest & Emery LLP, a full-service business law firm with offices throughout New York, is pleased to announce that it has been selected as a NetDiligence-authorized Breach Coach®, a designation only extended to law show more ...
firms that demonstrate competency and sophistication in data breach […] La entrada News alert: Harter Secrest & Emery announces designation as NetDiligence-authorized Breach Coac – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.schneier.com – Author: Bruce Schneier Paleontologists have discovered a 183-million-year-old species of vampire squid. Prior research suggests that the vampyromorph lived in the shallows off an island that once existed in what is now the heart of the European mainland. The research team believes show more ...
that the remarkable degree of preservation of this squid is […] La entrada Friday Squid Blogging: New Extinct Species of Vampire Squid Discovered – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.schneier.com – Author: Bruce Schneier NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all show more ...
organizations in any sector. It also has a new focus on […] La entrada NIST Cybersecurity Framework 2.0 – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.schneier.com – Author: B. Schneier Artificial intelligence (AI) has been billed as the next frontier of humanity: the newly available expanse whose exploration will drive the next era of growth, wealth, and human flourishing. It’s a scary metaphor. Throughout American history, the drive for show more ...
expansion and the very concept of terrain up for grabs—land […] La entrada How the “Frontier” Became the Slogan of Uncontrolled AI – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Ax Sharma BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, Reuters, The Guardian, and Washington Post, among others. These “news” websites, show more ...
which we were able to trace to their proprietor in India, repost articles from credible media […] La entrada News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian… – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Bill Toulas A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. The same campaign also targets show more ...
users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, […] La entrada Hackers target FCC, crypto firms in advanced Okta phishing attacks – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. Tracked as CVE-2024-21338, the security flaw was found by Avast Senior show more ...
Malware Researcher Jan Vojtěšek in the appid.sys Windows AppLocker driver and reported to Microsoft […] La entrada Windows Kernel bug fixed last month exploited as zero-day since August – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that’s actively exploited in attacks. The security flaw show more ...
(tracked as CVE-2023-29360) is due to an untrusted pointer dereference weakness that enables local attackers to gain […] La entrada CISA warns of Microsoft Streaming bug exploited in malware attacks – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Bill Toulas The Düsseldorf Police in Germany have seized Crimemarket, a massive German-speaking illicit trading platform with over 180,000 users, arresting six people, including one of its operators. Known as Crimemarket, it was the largest cybercrime market in the show more ...
country and a hub for trading illegal drugs, narcotics, and cybercrime services, […] La entrada Germany takes down cybercrime market with over 180,000 users – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft has fixed an issue causing some Microsoft 365 users’ Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. Exchange ActiveSync (EAS) is a synchronization protocol used by Microsoft Exchange to allow users to show more ...
access their email, calendar, contacts, and tasks. EAS uses HTTP and XML […] La entrada Microsoft fixes Outlook clients not syncing over Exchange ActiveSync – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Lawrence Abrams Microsoft has pulled the Microsoft Edge 122.0.2365.63 update after users reported receiving “Out of memory” errors when browsing the web or accessing the browser settings. Microsoft released Edge 122.0.2365.63 yesterday, and soon after, show more ...
users began reporting across multiple sites that the browser was crashing repeatedly with memory errors. BleepingComputer was first alerted to […] La entrada Microsoft pulls Edge update causing ‘Out of Memory’ crashes – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
