Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for ‘Apex Legends’ N ...

 Firewall Daily

Today, the official Apex Legends Esports on X (formerly Twitter) announced a bombshell: the NA finals have been postponed due to concerns over compromised competitive integrity. This decision has reverberated throughout the gaming community, especially among Apex Legends enthusiasts, prompting heightened security   show more ...

measures. The Apex Legends hacking incident happened during the NA Finals wherein two players, Genburton representing team DarkZero and ImperialHal from Team SoloMid (TSM) inadvertently faced a game hack. While live-streaming their gameplay on Twitch, the incident occurred. In the case of Genburton, it seemed that his game had been compromised, with a wallhack being enabled, granting the player the unfair advantage of seeing through walls. Apex Legends Hacking Incident: What Happened? Key highlights from this Apex Legends hacking incident include the postponement of the North American Finals due to the video game breach breach, with reports surfacing of professional players being equipped with aimbots and wallhacks mid-tournament. The video game hack has not only targeted the gamer’s code but has also raised broader concerns about the security infrastructure of Apex Legends. To break it down further, the Apex Legends hack unfolded during the Apex Legends North American Finals, where the competition was abruptly halted following the intrusion of aimbots and wallhacks, compromising the gameplay of two prominent players.  The incident has left the gaming community on edge, with fears mounting over the susceptibility of their accounts and the overall safety of the game. This heightened anxiety was further fueled by reports of a player being banned for utilizing an aimbot cheat before the tournament was halted entirely by Respawn. Source: Apex Legends Esports on X In response, Apex Legends Esports stated that they will be halting the NA finals until more information is gathered about the incident. “Due to the competitive integrity of this series being compromised, we have made the decision to postpone the NA finals at this time. We will share more information soon”, reads the announcement by Apex Legends Esports. The Biggest Hacking Incident in Apex Legends Global Series Source: Anti-Cheat Police Department on X   During the ALGS Regional Finals, Gen Burton, a professional player representing Dark Zero, became a victim of hacking during a crucial match. In a brief moment captured on video, a box appeared in the game interface, indicating the presence of cheats such as Aimbot. Following this, Burton gained unfair advantages, being able to locate every opponent and discern their health and shield status. The chat box accompanying the hack revealed the presence of the hacker, identified as Destroyer 2009, who had caused similar disruptions in past tournaments. Notably, Destroyer 2009 had previously orchestrated a situation for another player, Imperial H, involving a lobby of bots targeting him during ranked gameplay. The details of the hack, including specific cheat features like compensation, target lock, and auto-fire, further highlights the extent of the breach. This intrusion, seemingly executed client-side within the private lobby, indicates a concerning vulnerability in the game’s security measures. The incident has prompted discussions about the necessity for stronger anti-cheat protocols within Apex Legends, particularly to prevent such occurrences during high-stakes tournaments. A Potential RCE Exploit Source: Anti-Cheat Police Department on X Amidst the video game hack, questions loom large over the scope of the intrusion. Speculation abounds regarding the potential vulnerability of the entire player base, with some creators reporting suspicious activity on their PCs. While concerns persist about the possibility of widespread infiltration beyond the professional gaming sphere, however, no evidence has been found linking these events.  Moreover, according to the Anti-Cheat Police Department, the Apex Legends hacking incident occurred due to a RCE (Remote Code Execution) vulnerability. The source of this vulnerability, whether from the game itself or the anti-cheat system (@TeddyEAC), remains uncertain. The anti-cheat service provider also advised players to avoid EAC-protected games and EA titles until official guidance is provided. The hackers behind the RCE exploit could inject cheats into the streamers’ systems, potentially enabling malicious actions like ransomware installation. The Anti-Cheat Police Department issues a serious warning, especially to ALGS tournament participants, advising immediate steps to protect personal data. This includes changing Discord passwords, securing email accounts, and implementing Multi-Factor Authentication (MFA). The Cyber Express sought clarification from Apex Legends regarding the alleged video game breach, but as of now, no official response has been received, leaving the gaming community in limbo regarding the true extent of the Apex Legends hacking incident. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for What is SIM swapping ...

 Business

Todays topic is SIM swap fraud, aka SIM swapping. This attack method is far from new but remains a live threat because of how effective it is. SIM swapping attacks pose a serious danger to business because they enable threat actors to gain access to corporate communications, accounts, and sensitive information like   show more ...

financial data. What is SIM swapping? SIM swapping is an attack method for hijacking a mobile phone number and transferring it to a device owned by the attackers. Put simply, said attackers go to a mobile telecoms operators office, somehow wangle a new SIM card with the number of a victim-to-be (see below for examples of how), insert it into their own phone, and thus gain access to the targets communications. Its typically text messages that are of most interest to the attackers — specifically ones that contain one-time verification codes. Having gained access, they can then log in to accounts linked to the phone number and/or confirm transactions using the intercepted codes. As for the SIM swapping process itself, there are various approaches by the bad guys. In some cases the criminals employ the services of an accomplice working for the mobile operator. In others, they deceive an employee using forged documents or social engineering. The fundamental issue that makes SIM swapping possible is that in todays world, SIM cards and cell phone numbers are not used solely for their designated purpose. They were not originally intended to serve as proof-of-identity which theyve evolved into. Now, one-time codes by text are a very common means of account security, which means that all other protective measures can be rendered null and void by a fraudster who smooth-talked a store employee into issuing a new SIM card with your number. Such a threat cannot be ignored. For the targeted organization, a SIM swapping attack can hit the bottom line hard. Cybercriminal interest in cryptocurrency assets continues to grow as they can be hijacked relatively easily and, more importantly, quickly. However, this method can be applied in more sophisticated attacks, too. U.S. Securities and Exchange Commission loses X account For instance, heres a very recent case. On January 9, 2024, the U.S. Securities and Exchange Commission (SEC) posted on X (Twitter) that it had approved a Bitcoin spot exchange-traded fund (ETF). This Bitcoin-boosting event had long been in the pipeline, so the news didnt strike anyone as implausible. Naturally, in the wake of the announcement, the Bitcoin price soared (by roughly 10% to $48,000). Fake post from the hacked SEC account announcing the approval of a Bitcoin ETF. Source However, the post was later deleted and replaced with a message that the SEC account had been compromised. The next day, X issued a statement saying that the compromise was due not to a breach of its systems, but to an unidentified individual who had obtained control over a phone number associated with the @SECGov account. Most likely, the jump in the Bitcoin price caused by the fake post meant the fraudster made a killing. Then, toward the end of January, the SEC itself officially acknowledged that its X account had been hacked by SIM swappers. On top of that, it turned out that two-factor authentication (2FA), at the request of SEC staff, had been disabled by X support in July 2023 to resolve login issues. The issues duly resolved, they then simply forgot to turn 2FA back on — so until the January incident, the account was left without additional protection. $400 million FTX crypto heist It was only recently revealed that one of the largest crypto heists in history was carried out using SIM swapping. Were talking about the theft of $400 million worth of assets from the FTX crypto exchange in the fall of 2022. Initially, many suspected that FTX founder Sam Bankman-Fried himself was behind the heist. However, the ensuing investigation showed that he appeared to have nothing to do with it. Then came the indictment of a SIM swapping group headed by a certain Robert Powell. Part of the indictment in the case of the $400 million FTX SIM-swap crypto heist. Source The text of the indictment gave us the details of this heist, which, incidentally, was neither the gangs first nor its last. The list of victims of its SIM-swap operations runs into the dozens. The indictment goes on to mention at least six more cases, in addition to FTX, involving the theft of large sums of money. Heres how the criminals operated: first, they selected a suitable victim and obtained their personal information. Next, one of the perpetrators forged documents in the victims name, but with the photo of another criminal — the one doing the actual SIM swap. The latter criminal then paid a visit to the respective mobile operators office and got a replacement SIM card. Text messages with confirmation codes sent to the victims number were then intercepted and used to log in to the latters accounts and approve transactions for the transfer of assets to the gang. Interestingly, the very next day after the FTX heist, the group robbed a private individual in the exact same way to steal a modest-by-comparison $590,000. How to guard against SIM swapping As we see, in cases involving serious amounts of money, your SIM card and, accordingly, 2FA through one-time codes by text become the weak link. As the above examples show, SIM swapping attacks can be extremely effective; therefore, threat actors will doubtless continue to use them. Heres what to do to protect yourself: Wherever possible, instead of a phone number, use alternative options to link your accounts. Be sure to turn on notifications about account logins, pay close attention to them, and respond to suspicious logins as quickly as possible. Again, where possible, avoid using 2FA with one-time codes by text. For your 2FA needs, its better to use an authenticator app and a FIDO U2F hardware key — commonly called YubiKeys after the best-known brand. Always use strong passwords to protect your accounts – this means unique, very long, and preferably randomly generated. To generate and store them, use a password manager. And remember to protect those devices where passwords are stored and authenticator apps are installed.

image for What is a Cyber Atta ...

 What is

You wake up one sunny morning, grab your phone to check the news, and discover a major corporation just suffered a massive data breach. Millions of customer records are exposed – names, addresses, and even credit card numbers. But here’s the thing: while these headline-grabbing attacks are scary, the reality   show more ...

is that cyber-attacks happen every 39 seconds worldwide. That said, it is crucial to be well acquainted with cyber attacks and how to keep yourself safe. So, in this article, we’ll discuss cyber attacks, their types, why they happen, how to prevent them, the role of cybersecurity, and much more! What Is a Cyber Attack? A cyber attack is any deliberate attempt to breach the security of a computer system, network, or device. Cybercriminals, state actors, or even hacktivists (activists who use hacking techniques) can launch these attacks with a variety of motives, including: Financial gain: Stealing money directly, extorting victims through ransomware, or selling stolen data. Disruption: Causing havoc and downtime for businesses or organizations. Espionage: Stealing sensitive information for competitive advantage or national security purposes. Sabotage: Damaging or destroying critical infrastructure or data. Cyber Attacks can take many forms, but they all share the common goal of unauthorized access to a system. Types of Cyber Attacks The ever-evolving landscape of cyber threats necessitates understanding the most common attack methods. Here are some prevalent cyber attacks: Malware: Malicious software, such as viruses, worms, trojan horses, and ransomware, can infect devices and steal data, disrupt operations, or hold systems hostage for ransom. Phishing: Deceptive emails or messages that trick victims into revealing personal information or clicking on malicious links that download malware. Social Engineering: Exploiting human psychology to manipulate victims into compromising security measures. This can involve impersonating a trusted source, creating a sense of urgency, or leveraging fear tactics. Denial-of-Service (DoS) Attacks: Overwhelming a target system with traffic, rendering it inaccessible to legitimate users. Man-in-the-Middle (MitM) Attacks: Intercepting communication between parties to steal data or alter messages. Zero-Day Attacks: Exploiting vulnerabilities in software before a patch is available, making them particularly dangerous. SQL Injection: Injecting malicious code into a SQL database to steal or manipulate data. This list is not exhaustive, and new attack methods are constantly emerging. However, being aware of these common types makes you better prepared to defend yourself. How to Keep Yourself Safe from Cyber Attacks? While cyber attacks are a constant threat, there are steps you can take to significantly improve your cybersecurity posture and minimize your risk. Here are some key preventative measures: Software Updates: Set your operating systems, applications, and firmware to update automatically whenever possible. These updates often contain critical security patches that address newly discovered vulnerabilities. Strong Passwords & Multi-Factor Authentication (MFA): Implement complex passwords that are at least 12 characters long and include a combination of uppercase and lowercase letters, numbers, and symbols. Avoid using the same password for multiple accounts. Additionally, enable two-factor authentication (MFA) wherever available. This adds an extra layer of security by requiring a second verification step, such as a code from your phone when logging in. Email & Link Caution: Always exercise caution with emails and links, especially those from unknown senders. Don’t click on suspicious links or attachments, even if they appear legitimate. Hover over links to see the actual destination URL before clicking. Be wary of emails that create a sense of urgency or pressure you to take immediate action. Social Engineering Awareness: Social engineering tactics exploit human psychology to manipulate victims into compromising security measures. Be cautious of unsolicited calls or messages requesting personal information. Verify the legitimacy of any communication with a trusted source before responding. Network & Wi-Fi Security: Use a strong firewall to filter incoming and outgoing traffic on your network. When using public Wi-Fi, avoid accessing sensitive information and consider using a virtual private network (VPN) for added security. Data Backups: Regularly backup your important files to a secure location, such as an external hard drive or cloud storage service. This ensures you have a copy of your data in case of a cyber attack or accidental deletion. Security Awareness Training: Invest in security awareness training for yourself and your employees, if applicable. This training can help educate individuals on how to identify and avoid cyber threats, as well as instill best practices for secure online behavior. By following these tips, you can significantly improve your cybersecurity posture. Why Do Cyber Attacks Happen? The motivations behind cyber attacks are as diverse as the attackers themselves. However, here are some key driving forces: Financial Gain: Cybercrime has become a booming industry, with stolen data and disrupted operations translating to significant financial rewards. Cybercriminals may target individuals for credit card information or banking details, or they may launch large-scale attacks against businesses to steal customer data or extort them with ransomware. This stolen data can be sold on the black market, used for identity theft, or leveraged for fraudulent transactions. Disrupted operations, on the other hand, can force businesses to pay hefty ransoms to regain control of their systems. Espionage: State actors and corporations often engage in cyber espionage to steal sensitive information from competitors or governments. This stolen information can be used to gain a competitive advantage in the marketplace, develop new technologies, or gain insight into political strategies. Targets of such attacks may include intellectual property, confidential business plans, government secrets, and classified military information. Disruption and Ideology: Hacktivists, individuals or groups who use hacking techniques for political or social activism, may launch cyber attacks to disrupt operations or make a statement. Their targets may range from government websites to financial institutions, and their motives can be anything from protesting perceived injustices to advocating for political change. They may deface websites, launch DDoS attacks to cripple online services, or leak sensitive information to raise awareness for their cause. Sabotage and Warfare: In extreme cases, cyber attacks may be used as a form of sabotage or warfare. Nation-states may target critical infrastructure, such as power grids, transportation systems, or communication networks, to cripple an enemy’s economy or military capabilities. This can have devastating consequences, causing widespread outages, disrupting essential services, and even leading to loss of life. Revenge or Personal Grudges: Disgruntled employees or individuals with personal vendettas may launch cyber attacks as a form of revenge. They may target former employers, competitors, or individuals they perceive to have wronged them. These attacks can range from simple vandalism to sophisticated data breaches, motivated by anger or a desire to cause harm. How Do Cyber Attacks Affect Businesses? Cyber Attacks can have a devastating ripple effect on businesses, causing significant financial losses, reputational damage, legal repercussions, and operational disruptions. Here’s a closer look at the potential consequences: Financial Losses: The financial impact of a cyber attack can be severe and multifaceted. Businesses may incur direct costs associated with: Data Breach Response: This includes forensic investigations, data recovery efforts, credit monitoring for affected individuals, and legal fees. Downtime: Cyber Attacks can cripple essential business operations, leading to lost productivity, halted sales transactions, and missed deadlines. Fines and Penalties: Depending on the nature of the attack and the type of data compromised, businesses may face hefty fines from regulatory bodies for failing to adequately protect sensitive information. Reputational Repair: Rebuilding trust with customers and partners after a cyber attack can be a costly and time-consuming process. Businesses may need to invest in public relations campaigns and customer outreach efforts to regain lost trust. Indirect financial losses can also come into play, such as: Loss of Customer Loyalty: Customers who have had their data compromised may take their business elsewhere, leading to a decline in sales and revenue. Increased Insurance Premiums: Businesses that experience cyber attacks may see their cyber insurance premiums rise significantly. Reputational Damage: A successful cyber attack can severely tarnish a business’s reputation. News of a data breach can spread quickly, damaging customer trust and brand image. Customers may be hesitant to do business with a company perceived as vulnerable to cyber attacks, leading to a loss of market share and brand loyalty. Rebuilding trust takes time and requires a comprehensive strategy that includes transparency, communication, and a commitment to improving cybersecurity posture. Legal Issues: The legal ramifications of a cyber attack can be complex and far-reaching. Depending on the industry and the type of data compromised, businesses may be subject to lawsuits from customers, partners, and shareholders. Furthermore, regulatory bodies may impose fines and penalties for non-compliance with data security regulations. Operational Disruption: Cyber Attacks can significantly disrupt day-to-day business operations. Critical systems may be rendered unavailable, hindering data access, communication, and core business functions. This can lead to delays in production, order fulfillment, and customer service. The time and resources required to recover from a cyber attack can also significantly impact business productivity. What Is Cybersecurity? Cybersecurity is the practice of protecting information systems, networks, and devices from unauthorized access, use, disclosure, disruption, modification, or destruction. Cybersecurity includes a wide range of strategies, technologies, and processes designed to: Confidentiality: Ensure that only authorized individuals have access to sensitive information. Integrity: Maintain the accuracy and completeness of data and systems. Availability: Guarantee that authorized users can access information and systems when needed. Effective cybersecurity is a multi-layered approach, utilizing a combination of: Technical Controls: Firewalls, intrusion detection systems, data encryption, and endpoint security software. Administrative Controls: Policies, procedures, and guidelines for user behavior, data handling, and incident response. Physical Controls: Security measures that protect physical access to IT infrastructure, such as locked server rooms and restricted areas. Why Is Cybersecurity Important? In today’s digital age, cybersecurity is no longer an optional consideration; it’s a critical business imperative. Here’s why: Protecting Sensitive Information: Businesses store vast amounts of sensitive data, including customer information, financial records, and intellectual property. A cyber attack can compromise this data, leading to serious consequences. Maintaining Business Continuity: Cyber attacks can cripple essential business operations, resulting in downtime and lost revenue. Robust cybersecurity measures can help ensure business continuity in the event of an attack. Compliance with Regulations: Many industries are subject to regulations that mandate specific cybersecurity practices. Failing to comply with these regulations can result in hefty fines and penalties. Building Customer Trust: Consumers are increasingly concerned about data privacy and security. Implementing strong cybersecurity practices demonstrates your commitment to protecting their information and fosters trust in your brand. By prioritizing cybersecurity, businesses can safeguard their valuable assets, minimize risks, and ensure long-term success. What Are the Different Types of Cybersecurity? Just like cyber attacks come in various forms, cybersecurity encompasses a range of specialized disciplines: Network Security: Protecting computer networks from unauthorized access, intrusion attempts, and malicious code. Application Security: Securing applications from vulnerabilities that could be exploited by hackers. Cloud Security: Ensuring the security of data and applications stored in the cloud. Information Security: Protecting the confidentiality, integrity, and availability of information in all its forms. Endpoint Security: Securing individual devices such as laptops, desktops, and mobile phones from cyber threats. Operational Technology (OT) Security: Protecting industrial control systems from cyber attacks. Data Security: Protecting data at rest, in transit, and in use. Each of these domains requires specific expertise and strategies to effectively defend against ever-evolving cyber threats. Final Words Cybersecurity is a continuous battle against persistent threats. By understanding the types of cyber attacks, the importance of cybersecurity, and the various tools available, individuals and businesses can significantly enhance their defences and stay in the digital world with greater confidence. Remember, cybersecurity is a shared responsibility. By adopting best practices and collaborating to raise awareness, we can create a more secure and resilient digital ecosystem for everyone. Key Takeaways Cyberattacks come in many forms, from malware infections to social engineering scams, aiming to steal data, disrupt operations, or cause sabotage. Robust cybersecurity practices are essential to protect sensitive information, maintain business continuity, and build customer trust. Preventative measures like strong passwords, software updates, and user awareness training can significantly reduce cyber risks. Cybersecurity is a multi-layered approach encompassing technical controls, administrative procedures, and physical security measures. FAQs What is a cyber attack in simple words? A cyber attack is like a digital break-in, where someone tries to steal your information or harm your computer system. What are the top 3 types of cyber attacks? The top 3 types of cyber attacks are malware, phishing, and ransomware. Why is it called a “cyber” attack? It’s called ‘cyber’ because it happens over computers and the internet. What is cyber hygiene? Cyber hygiene is like good digital habits that help protect your devices and data from cyber attacks. What is a cyber attack protection? Cyber attack protection is a combination of tools and practices designed to prevent, detect, and respond to cyber attacks.

 Malware and Vulnerabilities

The ransomware actor 'ShadowSyndicate' has been scanning for servers vulnerable to CVE-2024-23334, a directory traversal flaw in the aiohttp Python library. Aiohttp is widely used by tech firms and web developers to handle concurrent HTTP requests.

 Govt., Critical Infrastructure

The hub offers a centralized repository of essential resources and expertise, sourced from federal agencies, industry partners, academia, and the private sector, to enhance the cybersecurity posture of Emergency Communications Centers (ECCs).

 Trends, Reports, Analysis

In 2023, researchers identified new adversary techniques targeting macOS, Microsoft, and Linux users, including increased stealer activity in macOS environments, reflective code loading, and AppleScript abuse.

 Incident Response, Learnings

The victims were lured into slavery with false job offers and were forced to adopt fake identities to extract money from their victims through promises of cryptocurrency wins, investments, and romance.

 Security Tips and Advice

The NCSC released guidance for operational technology (OT) organizations on migrating their SCADA systems to the cloud. This guidance aims to help organizations assess the benefits and risks of cloud-hosted SCADA to make informed decisions.

 Feed

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

 Feed

Ubuntu Security Notice 6696-1 - Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot   show more ...

component of OpenJDK 8 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

 Feed

The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated

 Feed

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. It impacts the following versions of the two plugins - Malware Scanner (versions <= 4.7.2) Web

 Feed

Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow

 Feed

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs

 Feed

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Protected health information and personal details of over a million Irish citizens were accidently exposed by the Ireland’s Health Service Executive (HSE) during the COVID pandemic, according to an AppOmni security researcher. This information included   show more ...

individuals’ vaccine status and type received, which could have been accessed by anyone who registered […] La entrada HSE Misconfiguration Exposed Over a Million Irish Citizens’ Vaccine Status – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 African

Source: www.darkreading.com – Author: John Leyden, Contributing Writer Source: Christophe Coat via Alamy South African government officials are investigating reports that a ransomware gang stole and then leaked online 668GB of sensitive national pension data. The alleged compromise of the Government Pensions   show more ...

Administration Agency (GPAA) data on March 11 has not yet been publicly confirmed, […] La entrada South African Government Pension Data Leak Fears Spark Probe – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber security

Source: securityboulevard.com – Author: Tom Eston In episode 321, the hosts discuss how connected cars are sharing driving data with insurance companies, potentially leading to increased rates for drivers. They also talk about the anti-TikTok bill passed by the House, which could force ByteDance to sell TikTok   show more ...

or face a ban in app stores. The […] La entrada The TikTok Ban Bill, Your Car is Spying on You, Signal’s Username Update – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.proofpoint.com – Author: 1 Employee ratings highlight Proofpoint’s positive company outlook and exemplary functional departments  SUNNYVALE, Calif., March 14, 2024 – Proofpoint, Inc., a leading cybersecurity and compliance company, announced today its recent recognition in Comparably’s   show more ...

2024 quarterly Best Places to Work Awards in multiple prominent categories, including Best Company Outlook, Best Global Culture, Best Engineering […] La entrada Proofpoint Honored with Comparably Best Places to Work Awards in Multiple Categories – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cybertalk.org – Author: slandau Ori Abramovsky is the Head of Data Science of the Developer-First group at Check Point, where he leads the development and application of machine learning models to the source code domain. With extensive experience in various machine learning types, Ori specializes in   show more ...

bringing AI applications to life. He is committed […] La entrada Anticipating the future of malicious open-source packages: next gen insights – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 comptia certification

Source: www.techrepublic.com – Author: TechRepublic Academy Published March 18, 2024 We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Kickstart a lucrative career in IT with this   show more ...

extensive bundle that includes 10 […] La entrada Get on CompTIA Certification Track With These $30 Study Guides – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Appliances

Source: go.theregister.com – Author: Team Register The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to security nonprofit Shadowserver’s latest data, the   show more ...

number of Fortinet appliances vulnerable to CVE-2024-21762 stands at more than […] La entrada More than 133,000 Fortinet appliances still vulnerable to month-old critical bug – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Mar 18, 2024NewsroomVulnerability / Threat Mitigation Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers.   show more ...

Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum […] La entrada Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier Fascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is   show more ...

planning to buy 1,763 of the aircraft, which […] La entrada Drones and the US Air Force – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments This message will be deleted… • March 15, 2024 5:16 PM I’ll save you the time of reading echo’s posts and just leave this message here, IMO: Men are always wrong and Women are always right. Gay parades for all you must all be gay or   show more ...

kneel […] La entrada Friday Squid Blogging: Operation Squid – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier Improving C++ C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem “is” that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by   show more ...

stricter enforcement of known rules for type, […] La entrada Improving C++ – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cars

Source: www.schneier.com – Author: Bruce Schneier Kasmir Hill has the story: Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.   show more ...

M., Honda, Kia and Hyundai, have started offering optional features […] La entrada Automakers Are Sharing Driver Data with Insurers without Consent – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data. Fujitsu is the world’s sixth largest IT services provider, employing 124,000 people and having an annual   show more ...

revenue of $23.9 billion. Its portfolio includes computing products like servers and […] La entrada Fujitsu found malware on IT systems, confirms data breach – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sponsored by Adaptive Shield Article written by Hananel Livneh, Head of Product Marketing at Adaptive Shield. The SaaS ecosystem has exploded in the six years since the National Institute of Standards and Technology’s (NIST) cybersecurity framework 1.1 was released.   show more ...

Back in 2016-2017, when version 1.1 was initially drafted, SaaS held a […] La entrada How the New NIST 2.0 Guidelines Help Detect SaaS Threats – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to   show more ...

confirm the legitimacy of […] La entrada AT&T says leaked data of 70 million people is not from its systems – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-03
Aggregator history
Monday, March 18
FRI
SAT
SUN
MON
TUE
WED
THU
MarchAprilMay