October 11, 2023 at 11:41AM Attackers are using a new method of certificate abuse to spread info-stealing malware, including stealing cryptocurrency from Windows systems. The campaign involves search engine optimization poisoning to deliver malicious pages promoting illegal software downloads. The malware uses special certificates with long strings of non-English characters, making them difficult to detect. … Read more
October 11, 2023 at 11:32AM Microsoft has officially ended support for Windows Server 2012 and Windows 11, version 21H2. This means that these operating systems will no longer receive security updates, bug fixes, or technical support. Microsoft advises users to upgrade to newer versions or obtain Extended Security Updates (ESUs) to continue receiving essential updates. … Read more
October 11, 2023 at 10:43AM According to a survey of 600 US-based CISOs, the pay gap between top-earning and bottom-earning CISOs is widening, with the highest-paid executives seeing their salaries increase at three times the rate of those in lower positions. The majority of CISOs earn either below $400,000 or above $700,000 annually. Overall, CISO … Read more
October 11, 2023 at 10:35AM A Chinese-backed threat group, known as Storm-0062 or DarkShadow, has been exploiting a zero-day vulnerability in Atlassian Confluence Data Center and Server since September 2023. Microsoft has shared more information about the group’s involvement and identified four offending IP addresses. The vulnerability allows the group to create arbitrary administrator accounts. … Read more
October 11, 2023 at 10:35AM Microsoft Copilot is an AI assistant integrated into Microsoft 365 apps that aims to improve productivity by searching and compiling data across documents, presentations, emails, and more. However, this access to sensitive data raises security concerns for information security teams. Varonis offers a Data Security Platform that can help address … Read more
October 11, 2023 at 10:08AM Global cyberattacks have risen by 38% in 2022, as reported by Check Point. The cost of a data breach is also increasing, averaging $9.44 million in the US and $4.25 million globally in 2022. To combat this, the National Institute of Standards and Technology (NIST) has updated its Cybersecurity Framework … Read more
October 11, 2023 at 10:07AM Spanish airline Air Europa is urging customers to cancel their payment cards due to a recent hack. The company detected unauthorized access to a system storing payment card data, potentially compromising partial card numbers, expiration dates, and CVV codes. Impacted customers are advised to contact their bank and watch out … Read more
October 11, 2023 at 10:07AM Citrix has released patches for a critical vulnerability in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. The vulnerability, CVE-2023-4966, could lead to sensitive information disclosure and can be exploited without authentication. Citrix advises customers to upgrade their appliances to the supported versions. The company has also addressed a denial-of-service … Read more
October 11, 2023 at 10:07AM Several US government agencies, including CISA, the FBI, the NSA, and the US Department of Treasury, have released new cybersecurity guidance for using open source software (OSS) in operational technology (OT). The guidance aims to promote understanding and best practices for implementing OSS in industrial control systems and other OT … Read more
October 11, 2023 at 09:59AM Simpson Manufacturing, a leading American building and structural materials producer, disclosed a cybersecurity incident via an SEC filing. The company detected IT problems and application outages caused by a cyberattack, leading them to take impacted systems offline. The disruption in business operations is expected to continue as remediation efforts are … Read more