Recent Security News
-
How Continuous Pen Testing Protects Web Apps from Emerging Threats
November 29, 2023 at 10:50AM The increasing reliance on web-based apps for various tasks makes them prime targets for hackers due to multiple dependencies, valuable data storage, and insecure APIs. Successful breaches can cause data loss, reputational damage, and spread malware. Continuous monitoring, like Outpost24’s PTaaS, is crucial for real-time vulnerability identification and mitigation. Meeting…
-
New BLUFFS Bluetooth Attack Methods Can Have Large-Scale Impact: Researcher
November 29, 2023 at 09:54AM EURECOM’s Daniele Antonioli uncovered BLUFFS attacks that break Bluetooth’s secrecy by imitating devices and enabling MitM attacks. These exploits affect Bluetooth’s session key derivation across most devices. Antonioli proposed a solution and a toolkit to demonstrate the vulnerabilities, which major tech companies are addressing. Meeting Takeaways: 1. Professor Daniele Antonioli…
-
CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack
November 29, 2023 at 08:36AM Hackers breached the Municipal Water Authority of Aliquippa’s ICS in Pennsylvania but didn’t compromise water safety. CISA linked the attack to the Cyber Av3ngers, possibly Iran-based, targeting an insecure Israeli-made Unitronics PLC. CISA advised stronger security measures for such systems given rising cyber threats to the water sector. **Meeting Takeaways:**…
-
Google Patches Seventh Chrome Zero-Day of 2023
November 29, 2023 at 08:36AM Google has patched a zero-day vulnerability (CVE-2023-6345) impacting Chrome, involving an integer overflow in Skia graphics engine. Acknowledging active exploitation, Google’s update also fixes five other high-risk bugs, and issues $55,000 in bug bounties. This marks the seventh Chrome zero-day addressed in the year. Chrome version 119.0.6045.199/200 is being rolled…
-
Five Cybersecurity Predictions for 2024
November 29, 2023 at 08:36AM In 2023, cybersecurity threats required organizations to strengthen their defenses amid a rise in credential compromise, ransomware, and hacktivism. The White House pushed for better vulnerability management. Going into 2024, Zero Trust adoption, ransomware preparedness, and advanced security awareness programs are key to contending with an evolving threat landscape. **Meeting…