A new malware campaign was found targeting the Popup Builder WordPress plugin, exploiting a vulnerability disclosed in November 2023. The campaign injects malicious code into websites, leading to over 3,300 infections.
These memory corruption vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, were exploited in attacks against iPhone devices. Apple released emergency security updates to address these zero-day vulnerabilities.
The first, CVE-2023-45139, involved a high-severity bug in the FontTools library. The second and third vulnerabilities, CVE-2024-25081 and CVE-2024-25082, were related to naming conventions and compression.
The Tycoon and Storm-1575 threat groups use stealthy tactics, social engineering, and phishing techniques to bypass MFA protections and target Microsoft 365 credentials at large US school districts.
The GovQA platform, used by state and local governments for public records requests, had vulnerabilities that could have allowed hackers to access sensitive personal information, edit requests, and download unsecured files.
By Shalini Nair, Co-Founder and Board Director, Ennoventure, Inc. In this digital era, where innovation and progress stand as the driving forces propelling us into the future, the tech industry finds itself entangled in a persistent challenge – the formidable gender disparity that obstructs its true potential. The show more ...
call for gender equity in technology extends beyond a mere social justice imperative; it has evolved into an economic necessity, serving as a catalyst for groundbreaking advancements. As we chart our course through the intricate terrain of the tech landscape, it becomes increasingly crucial to elevate perspectives that not only advocate for but actively champion gender equity. Creating Inclusive Cultures: Cultivating a Foundation for Change A pivotal element in magnifying voices for gender equity is nurturing a culture of inclusion within tech organizations. Companies must prioritize building environments that are welcoming, diverse, and devoid of discrimination. This entails not just adopting inclusive practices but ensuring women feel empowered to contribute their unique perspectives. By amplifying the voices advocating for inclusive workplace cultures, we can spark transformative changes across the industry. Leadership Matters: Resonating Voices from the Pinnacle Leadership, a linchpin in shaping organizational culture, demands the amplification of women’s perspectives in technology’s upper echelons. Recognizing and championing women who shatter glass ceilings not only offers role models but challenges entrenched biases. By sharing the tales and insights of female tech leaders, we inspire the next generation of women to tread the technological path, instigating a positive industry shift. Empowering Through Education: Nurturing the Talent Pipeline Education is evolving into a fundamental instrument for dismantling gender stereotypes and enticing young girls into STEM fields. The amplification of voices from educators, mentors, and organizations dedicated to fostering STEM education for girls is becoming indispensable. Initiatives that offer hands-on experiences, mentorship, and exposure to successful women in tech are progressively shaping career choices. By empowering these influential voices, we are progressively bridging the gender gap at its roots, creating a more inclusive pipeline for future tech leaders. Intersectionality Matters: Embracing Diversity in All Its Manifestations Recognizing gender’s intersectionality with other aspects of diversity – race, ethnicity, and socio-economic background – is paramount. Empowering the voices of women from diverse backgrounds ensures gender equity efforts are genuinely inclusive. Embracing diversity in its entirety, the tech industry can weave a tapestry of perspectives and experiences, propelling innovation and progress. A Call to Action: Rallying for Gender Equity and Innovation Amplifying voices for gender equity in the technology industry is a multifaceted endeavor demanding a concerted effort. Fostering inclusive cultures, championing women in leadership, dismantling systemic barriers, supporting educational initiatives, and embracing diversity create an industry thriving on equity and innovation. Now is the time to resonate with these voices, striving for a future where the technology sector mirrors the diversity and potential of the world it innovates within. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
In the ever-evolving realm of cybersecurity, where every click and keystroke holds the weight of security and innovation, there emerges a figure whose name reverberates with inspiration and trailblazing spirit: Colonel Francel Margareth Padilla-Taborlupa. With a career spanning over 27 years, Col. Padilla-Taborlupa show more ...
stands as a testament to the fusion of technology expertise and unwavering leadership, seamlessly navigating the complex world of both the military and cybersecurity domains. As we gear up to celebrate International Women’s Day on March 8, 2024, the resonance of the theme “Inspire Inclusion” echoes profoundly, emphasizing the imperative of diversity and empowerment across all spheres of society. Anchored under the overarching theme of “Invest in women: Accelerate progress,” The Cyber Express embarks on a journey to explore the personal narratives of resilience and triumph from her shaping the contours of cybersecurity. In a recent conversation with The Cyber Express, she shared insights into her journey, the challenges faced by women in male-dominated fields, and the importance of gender diversity and inclusion in cybersecurity and the armed forces. Here is the excerpt from the interview: Col. Padilla-Taborlupa’s Journey in Cybersecurity Reflecting on her journey, Col. Padilla-Taborlupa reminisced about her beginnings in the Philippine Military Academy, where she specialized in the Signal Corps, focusing on command control, communications, and cybersecurity. She emphasized the importance of laying a solid foundation in information systems, stating, “Nobody can start with cybersecurity altogether; you have to have a foundation.” This foundational knowledge paved the way for her transition into cybersecurity in 2016, where she brought a unique perspective to the field, focusing on applications and collaborating closely with experts in networks and hardware. Challenges Faced by Women in Cybersecurity Despite her numerous accolades, including being named Cybersecurity Woman Leader of the Year and ranking among the top women in cybersecurity in Asia and the Philippines, Col. Padilla-Taborlupa remains acutely aware of the challenges faced by women in the industry. “From the very early days of the internet, cybersecurity has been mainly dominated by men,” she explained. “Women often face stereotypes and biases that can undermine their credibility and abilities.” One of the key challenges Col. Padilla-Taborlupa highlighted is the pervasive stereotypes and biases faced by women in STEM fields. Despite being recognized as a cybersecurity leader, she emphasized the need to constantly prove oneself in a male-dominated industry. However, she remains undeterred, leveraging her position to advocate for gender diversity and inclusion in cybersecurity. Empowering Women in Cybersecurity Through Advocacy As a leader in cybersecurity, Col. Padilla-Taborlupa recognizes the importance of visibility and representation. Through her achievements and leadership roles, she aims to inspire the next generation of women in cybersecurity. By serving as a mentor and providing guidance to aspiring professionals, she hopes to break down barriers and empower women to pursue careers in cybersecurity and the military. “Our presence challenges stereotypes and biases,” she asserted. “We demonstrate that women can succeed and excel in cybersecurity roles.” She emphasized the importance of visibility and representation, sharing, “I feel honored to have that followership. I make it a point to mentor younger generations and provide guidance and advice.” Gender diversity and inclusion are not just buzzwords for Col. Padilla-Taborlupa; they are fundamental principles that drive her work. She highlighted the benefits of diverse teams in cybersecurity, stating, “Diverse teams generate innovative solutions and strategies that may not have been considered otherwise.” In the Armed Forces of the Philippines, she emphasized the importance of gender-diverse teams in enhancing operational effectiveness and resilience, ensuring that policies and strategies are inclusive and reflective of the population they serve. Col. Padilla-Taborlupa’s commitment to empowering women extends beyond her military duties. Through initiatives like the Cyber for Peace Initiative, she has spearheaded efforts to promote technology for development in underserved communities. “We partnered with local governments to provide cybersecurity training and set up command and control centers for humanitarian and disaster relief operations,” she shared. Empowering Change: A Leader’s Legacy Throughout her career, Col. Padilla-Taborlupa has been instrumental in supporting women in cybersecurity and the military. From spearheading initiatives like the Cyber for Peace Initiative to partnering with universities and local governments to promote cybersecurity awareness and training, her dedication to empowering women is evident. As an international lecturer and moderator, Col. Padilla-Taborlupa continues to engage diverse audiences, advocating for women’s participation in cybersecurity. “I want to inspire more women to break glass ceilings and join the field of STEM and cybersecurity,” she declared. Through her captivating storytelling and unwavering passion, she ignites the flames of change and empowers future generations of professionals. In conclusion, Col. Francel Margareth Padilla-Taborlupa’s journey exemplifies resilience, determination, and leadership in the face of challenges. As a trailblazer in cybersecurity, she continues to pave the way for women in male-dominated fields, championing diversity and inclusion every step of the way. With her unwavering commitment and passion, she is shaping the future of cybersecurity and empowering women to thrive in the digital age. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our
Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: kenary820 via Shutterstock The US Justice Department has charged a former Google software engineer with stealing artificial intelligence-related trade secrets from the company, with an eye to using it at two AI-related firms he was show more ...
associated with in China. If convicted, Linwei Ding, aka Leon Ding, […] La entrada Google Engineer Steals AI Trade Secrets for Chinese Companies – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development Company Concludes His Ouster Stemmed from ‘Breakdown In Trust’ David Perera (@daveperera) • March 8, 2024 OpenAI reinstated Sam Altman to its show more ...
board of directors on Friday March 8, 2024. (Image: Shutterstock) Generative artificial intelligence leader OpenAI […] La entrada Sam Altman Reinstated to OpenAI Board – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.databreachtoday.com – Author: 1 Salah Nassar Sr. Director Product Marketing, Zscaler Salah is a passionate and customer-centric marketer with a diverse background in networking and cybersecurity. His expertise lies in security as a platform, encompassing network security, identity access management, show more ...
XDR, and data protection. Presently, Salah holds the position of Sr. Director of Product […] La entrada Webinar | Top SaaS Security Threat Trends in 2024 – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.databreachtoday.com – Author: 1 Fraud Management & Cybercrime , Ransomware As Ransomware Disruption Mounts, More Experts Seek Path to Banning Payments Mathew J. Schwartz (euroinfosec) • March 8, 2024 Calls to ban payments to ransomware actors are growing. (Image: Shutterstock) How might show more ...
banning ransomware victims from paying a ransom to their attacker […] La entrada Banning Ransom Payments: Calls Grow to ‘Figure Out’ Approach – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: thehackernews.com – Author: . Mar 09, 2024NewsroomCyber Attack / Threat Intelligence Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a show more ...
hack that came to light in January 2024. “In […] La entrada Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: krebsonsecurity.com – Author: BrianKrebs If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying show more ...
array of […] La entrada A Close Up Look at the Consumer Data Broker Radaris – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Lawrence Abrams We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. What makes this strange is that this seems to show more ...
be a common routine for the DarkSide, I mean […] La entrada The Week in Ransomware – March 8th 2024 – Waiting for the BlackCat rebrand – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Ionut Ilascu Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. America’s Cyber Defense show more ...
Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it […] La entrada Critical Fortinet flaw may impact 150,000 exposed devices – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Bill Toulas QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that show more ...
can lead to an authentication bypass, command injection, and SQL injection. While the last two require […] La entrada QNAP warns of critical auth bypass flaw in its NAS devices – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Bill Toulas Optum’s Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. United Health Group (UHG) is the largest American show more ...
health insurance company, and its subsidiary, Optum Solutions, operates the Change Healthcare […] La entrada UnitedHealth brings some Change Healthcare pharmacy services back online – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.proofpoint.com – Author: 1 Email security, Network Security SC StaffMarch 7, 2024 Several U.S. government agencies, including the Department of Agriculture, Department of Transportation, and the Small Business Administration, have been impersonated by the TA4903 threat operation in new business show more ...
email compromise attacks, reports BleepingComputer. Intrusions by TA4903, which have ramped up since the second half […] La entrada New BEC attacks involve US agency spoofing – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.proofpoint.com – Author: 1 Mar 05, 2024NewsroomEmail Security / Network Security The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes. The new attack chain “can be used for sensitive show more ...
information gathering purposes and to enable follow-on activity,” […] La entrada Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.schneier.com – Author: Bruce Schneier Newly discovered plant looks like a squid. And it’s super weird: The plant, which grows to 3 centimetres tall and 2 centimetres wide, emerges to the surface for as little as a week each year. It belongs to a group of plants known as fairy lanterns and has been show more ...
[…] La entrada Friday Squid Blogging: New Plant Looks Like a Squid – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.schneier.com – Author: Bruce Schneier The Ash Center has posted a series of twelve essays stemming from the Second Interdisciplinary Workshop on Reimagining Democracy (IWORD 2023). Aviv Ovadya, Democracy as Approximation: A Primer for “AI for Democracy” Innovators Kathryn Peters, Permission and show more ...
Participation Claudia Chwalisz, Moving Beyond the Paradigm of “Democracy”: 12 Questions Riley […] La entrada Essays from the Second IWORD – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.schneier.com – Author: Bruce Schneier With the world’s focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we’re learning that AI has a democracy problem, too. Both challenges must be show more ...
addressed for the sake of democratic governance and public […] La entrada How Public AI Can Strengthen Democracy – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.techrepublic.com – Author: Luis Millares Best for bypassing censorship: NordVPN Best for TikTok’s location-based algorithm: ExpressVPN Best for remote social media teams: Surfshark Best for removing targeted ads on social media feeds: Proton VPN Best for unblocking geo-restricted content: show more ...
CyberGhost VPN Having a presence on social media has become the norm, even for businesses. […] La entrada 5 Best VPNs for Social Media in 2024 (Free & Paid VPNs) – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: go.theregister.com – Author: Team Register There’s yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed vulnerabilities show more ...
before vendors have issued a fix. The cybercrime crew has targeted US medical, […] La entrada Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: go.theregister.com – Author: Team Register Microsoft has now confirmed that the Russian cyberspies who broke into its executives’ email accounts stole source code and gained access to internal systems. The Redmond giant also characterized the intrusion as “ongoing.” In an updated US show more ...
SEC filing and companion security post, Microsoft provided more details about the […] La entrada Microsoft confirms Russian spies stole source code, accessed internal systems – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: go.theregister.com – Author: Team Register Millions of Chrome users now have a way to guard against the threat of extension subversion, that is, if they don’t mind installing yet another browser extension. Matt Frisbie, a software developer and programming book author, has released a Chrome add-on show more ...
called Under New Management to alert users when […] La entrada Chrome users – get an alert when extensions are in danger of falling into wrong hands – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityaffairs.com – Author: Pierluigi Paganini QNAP fixed three flaws in its NAS devices, including an authentication bypass QNAP addressed three vulnerabilities in its NAS products that can be exploited to access devices. QNAP addressed three vulnerabilities in Network Attached Storage (NAS) devices show more ...
that can be exploited to access the devices. The three flaws fixed […] La entrada QNAP fixed three flaws in its NAS devices, including an authentication bypass – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
