Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Threat Intel & Info Sharing

"An increase of attacks can currently be assumed, particularly in light of the upcoming European elections. These may include phishing attacks to publish stolen data or documents," a BSI spokesperson told Information Security Media Group.

 Feed

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of

 Check Point

Source: www.cybertalk.org – Author: slandau Cindi Carter, Field CISO West at Check Point, and Pete Nicoletti, Field CISO East at Check Point, recently advanced the following discussion at Check Point’s flagship event, CPX 2024. The evolving CISO role is an important and interesting topic in cyber security,   show more ...

which is why we’re empowering you with foundational, […] La entrada Mastering the CISO role: Navigating the leadership landscape – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Android

Source: www.bitdefender.com – Author: Graham Cluley Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps. The company is taking action after scammers reportedly tricked victims with bogus   show more ...

promises of high returns from Android apps offering cryptocurrency investment opportunities. At […] La entrada Google sues crypto investment app makers over alleged massive “pig butchering” scam – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI and ML in Security

Source: securityboulevard.com – Author: Michael Vizard Salt Security this week revealed it has embedded a generative artificial intelligence (AI) assistant, dubbed Pepper, into its application programming interface (API) security platform. Pepper provides a natural language interface through which cybersecurity   show more ...

teams can launch queries to discover, for example, how to configure a platform without having to […] La entrada Salt Security Applies Generative AI to API Security – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Careers

Source: securityboulevard.com – Author: Ryan Healey-Ogden Think of it this way: The more your team is knowledgeable about cyber attacks, the more likely they will be able to spot and stop them. By providing your team with cyber security awareness training, they become your first line of defense against cyber   show more ...

criminals.  The most impactful way […] La entrada Small business cyber security guide: What you should prioritize & where you should spend your budget – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Application Security

Source: securityboulevard.com – Author: Christopher Maddalena Let’s dive into what makes this so exciting! There’s so much to cover that we won’t be offended if you want to look at the CHANGELOG for a quick synopsis. Introducing Customizable Fields Over the years, we’ve had many requests for database   show more ...

adjustments to make it easier for Ghostwriter […] La entrada Ghostwriter v4.1: The Custom Fields Update – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Analytics & Intelligence

Source: securityboulevard.com – Author: Richi Jennings The Federal Communications Commission is finally minded to address decades-old vulnerabilities. Dusty, moldy, prehistoric protocols from the 1980s and ’90s still underpin our phone networks. Full of security holes, they allow scrotes to track our   show more ...

locations—whether mobile or wired (ask your parents). The FCC is asking the industry to do […] La entrada FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: securityboulevard.com – Author: Jeffrey Burt The chief executive of vulnerability-plagued Ivanti said the management software maker is revamping its security practices after months of reports of China-linked and other attackers exploiting the flaws. In an open letter to customers and partners,   show more ...

accompanied by a six-minute video, CEO Jeff Abbot wrote that “events in recent […] La entrada Ivanti CEO Promises Stronger Security After a Year of Flaws – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 automation

Source: securityboulevard.com – Author: Mahesh Raj Mohan Hot Topics FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair? Ivanti CEO Promises Stronger Security After a Year of Flaws Automating and maintaining SBOMs xz backdoor Part 2: On the Importance of Runtime Security in the Age of   show more ...

OSS Backdoors CISA Unveils Critical […] La entrada Automating and maintaining SBOMs – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: securityboulevard.com – Author: Mike Larkin It’s been a week since the xz backdoor dropped. I stand by my earlier conclusion that the community really dodged a bullet, and this is reaffirmed by many other well-respected voices in the community. Since this incident is likely going to go down in history   show more ...

as a watershed moment […] La entrada xz backdoor Part 2: On the Importance of Runtime Security in the Age of OSS Backdoors – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cybercrime , Fraud Management & Cybercrime CoralRaider Looks for Social Media Accounts That Contain Payment Information Mihir Bagwe (MihirBagwe) • April 5, 2024     Cisco Talos traced the IP address of CoralRaider, financially motivated hackers, to Hanoi,   show more ...

Vietnam, pictured. (Image: Shutterstock) Vietnamese financially motivated hackers are targeting businesses across […] La entrada Vietnamese Threat Actor Targeting Financial Data Across Asia – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Healthcare , Industry Specific Threat Modeling Expert Adam Shostack on Critical Mistakes to Avoid Marianne Kolbasuk McGee (HealthInfoSec) • April 5, 2024     18 Minutes    Adam Shostack, threat modeling expert, Shostack &   show more ...

Associates Besides not doing cyberthreat modeling at all, some the biggest […] La entrada Medical Device Cyberthreat Modeling: Top Considerations – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloudflare

Source: www.databreachtoday.com – Author: 1 Next-Generation Technologies & Secure Development , Observability Acquiring Baselime Will Give Developers Better Visibility Into Serverless Platforms Michael Novinson (MichaelNovinson) • April 5, 2024     Cloudflare purchased an observability startup founded   show more ...

by an aerospace dynamics expert to enhance the developer experience on serverless platforms. See Also: OnDemand | Realities […] La entrada Cloudflare Enters Observability Space With Baselime Purchase – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISA

Source: securityboulevard.com – Author: Nathan Eddy The Cybersecurity and Infrastructure Security Agency (CISA) issued a Notice of Proposed Rulemaking (NPRM) for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. Under this rule, covered entities must report significant cyber   show more ...

incidents within 72 hours of discovery, along with ransom payments within 24 hours. CISA […] La entrada CISA Unveils Critical Infrastructure Reporting Rule – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Joao Correia The KernelCare team is working on deploying a live patch for CVE-2024-1086 for AlmaLinux 8 and AlmaLinux 9 users. As of April 3, the patches for CVE-2024-1086 are now available in production repos. Instructions for updating AlmaLinux 8 and AlmaLinux 9 can be   show more ...

found here. More details on the […] La entrada Update for KernelCare Live Patches for CVE-2024-1086 in AlmaLinux 8 & 9 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: AnneMarie Avalon Certificate provisioning refers to the process of obtaining, deploying, and managing digital certificates within an organization’s IT infrastructure. These certificates, essentially digital passports, are used to establish trust between devices,   show more ...

services, and users by verifying identities and enabling secure communications over networks. As the cornerstone of modern cybersecurity frameworks, […] La entrada What is Certificate Provisioning? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.proofpoint.com – Author: 1 Source: Yuri Arcurs via Alamy Stock Photo At first, analysts thought the downloader was a variant of well-known malware IcedID — but it turns out Latrodectus is something new altogether. The malware is being used by initial access brokers (IABs) in email threat   show more ...

campaigns, and researchers behind the discovery at […] La entrada Malicious Latrodectus Downloader Picks Up Where QBot Left Off – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.proofpoint.com – Author: 1 Hackers are distributing malware through multiple YouTube channels that promote cracked or pirated video games, according to researchers at Proofpoint. In a report released on Wednesday, the cybersecurity company said it has been tracking a campaign where hackers put links   show more ...

in YouTube video descriptions allegedly taking victims to other sites […] La entrada YouTube channels found using pirated video games as bait for malware campaign – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber

Source: www.proofpoint.com – Author: 1 Jesse Fasolo, Director, Technology Infrastructure & Cyber Security, St. Joseph’s Health When it comes to cybersecurity — and by extension, patient safety — “hope is not a strategy,” said Ryan Witt, VP of Industry Solutions with Proofpoint. Particularly as   show more ...

the environment becomes increasingly complex. “Bad actors’ systems are actually quite […] La entrada “Hope Is Not a Strategy”: Cyber Leaders on the Real Keys to Executing a Defense-in-Depth Strategy – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments William • April 5, 2024 5:21 PM Could you imagine discovering that your identity had been used to take out fraudulent loans and when you tried to resolve the issue and didn’t know the answers to the account security questions connected to   show more ...

the loans, but instead provided […] La entrada Friday Squid Blogging: SqUID Bots – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.proofpoint.com – Author: 1 Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on   show more ...

a private discussion, which is modified to include a […] La entrada Thread Hijacking: Phishes That Prey on Your Curiosity – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw. Shadowserver researchers reported that   show more ...

roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the […] La entrada More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Cisco warns of XSS flaw in end-of-life small business routers Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw. Cisco warns of a Small Business RV016, RV042, RV042G, RV082, RV320, and   show more ...

RV325 routers Cross-Site scripting (XSS) flaw. The medium severity issue, […] La entrada Cisco warns of XSS flaw in end-of-life small business routers – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Magento flaw exploited to deploy persistent backdoor hidden in XML Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores. Sansec researchers observed threat actors are exploiting the   show more ...

recently disclosed Magento vulnerability CVE-2024-20720 to deploy a persistent backdoor on e-stores. The vulnerability CVE-2024-20720 (CVSS score […] La entrada Magento flaw exploited to deploy persistent backdoor hidden in XML – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Apr 06, 2024NewsroomSkimmer / Threat Intelligence Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as   show more ...

a case of “improper neutralization of special elements” that could pave […] La entrada Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft says Windows 10 updates released since the start of the year are breaking Microsoft Connected Cache (MCC) node discovery on enterprise networks. MCC servers are software-only caching solutions that can be deployed on Windows servers, bare-metal   show more ...

servers, or VMs to cache and deliver content downloaded from Microsoft’s content […] La entrada Recent Windows updates break Microsoft Connected Cache delivery – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-04
Aggregator history
Saturday, April 06
MON
TUE
WED
THU
FRI
SAT
SUN
AprilMayJune