Recent Security News
-
In Other News: Ubisoft Hack, NASA Security Guidance, TikTok Requests iPhone Passcode
December 29, 2023 at 08:54AM SecurityWeek weekly roundup provides a concise compilation of cybersecurity stories that may have been overlooked. This week’s stories include a $60 million crypto theft, Android backdoor infection, Microsoft warning of malware distribution, Mint Mobile data breach, and NASA’s space security guidance. Other topics covered are hacking claims, Chrome Safety Check,…
-
Pentagon Wants Feedback on Revised Cybersecurity Maturity Model Certification Program
December 29, 2023 at 07:54AM The US Department of Defense has proposed a rule for the Cybersecurity Maturity Model Certification (CMMC) program, seeking public feedback. The program aims to ensure defense contractors and subcontractors implement security measures to protect federal contract information and controlled unclassified information. The revision allows for self-assessment, emphasizes cooperation with industry,…
-
UAE Banks on AI to Boost Cybersecurity
December 29, 2023 at 07:04AM The UAE faces relentless cyberattacks due to its aggressive push for a digitized economy. To counter this, it has strengthened its digital borders, forming cybersecurity partnerships with the US, Morocco, and Chad. With a focus on AI, the UAE is also addressing the need for skilled professionals and the potential…
-
Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover
December 29, 2023 at 07:00AM Palo Alto Networks reports that an attacker with access to a Kubernetes cluster could exploit vulnerabilities in FluentBit and Anthos Service Mesh (ASM) within Google Kubernetes Engine (GKE) to gain complete control of the cluster. Google has released patches for the issues, but urges users to manually update their clusters…
-
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
December 29, 2023 at 06:54AM Ukraine’s CERT-UA has warned of a new phishing campaign by the Russia-linked APT28 group targeting government entities through email messages, deploying malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The attacks utilize various tools, including the Python-based MASEPIE and the C#-based OCEANMAP, with communications employing encrypted channels.…