October 11, 2023 at 10:07AM Several US government agencies, including CISA, the FBI, the NSA, and the US Department of Treasury, have released new cybersecurity guidance for using open source software (OSS) in operational technology (OT). The guidance aims to promote understanding and best practices for implementing OSS in industrial control systems and other OT … Read more
October 11, 2023 at 09:59AM Simpson Manufacturing, a leading American building and structural materials producer, disclosed a cybersecurity incident via an SEC filing. The company detected IT problems and application outages caused by a cyberattack, leading them to take impacted systems offline. The disruption in business operations is expected to continue as remediation efforts are … Read more
October 11, 2023 at 09:59AM Hackers are exploiting LinkedIn Smart Links in phishing attacks to steal Microsoft account credentials. The Smart Links, used for marketing and tracking, appear to come from a trustworthy source and bypass email protections. The recent attacks targeted a range of sectors, including finance, manufacturing, energy, construction, and healthcare. The phishing … Read more
October 11, 2023 at 09:09AM Microsoft introduced Patch Tuesday in October 2003, a monthly release of software fixes on the second Tuesday of each month. The change brought predictability and stability for IT administrators, who previously faced chaotic patching processes. The number of patches has increased significantly over the years, and other vendors have joined … Read more
October 11, 2023 at 08:54AM Over 17,000 WordPress websites were hacked in September 2023, double the number from the previous month. Around 9,000 of these websites were infiltrated using a security flaw in the tagDiv Composer plugin, allowing for cross-site scripting attacks. The Balada Injector malware is responsible for these attacks, which aim to redirect … Read more
October 11, 2023 at 08:54AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2023-21608, is a use-after-free bug that allows for remote code execution. Adobe released a patch for the flaw in January 2023, but details … Read more
October 11, 2023 at 08:54AM Password reuse is a significant security risk for organizations, as it makes it easier for cybercriminals to access sensitive data and deploy ransomware. Many organizations lack a comprehensive system to prevent password reuse, relying on multi-factor authentication which can still be bypassed. Specops Password Policy offers a solution by enforcing … Read more
October 11, 2023 at 08:42AM Protect AI, the maker of Huntr, a bug bounty program for open source software, has licensed three of its AI/ML security tools under the permissive Apache 2.0 terms. The first tool, NB Defense, helps protect machine learning projects in Jupyter Notebooks. The second tool, ModelScan, scans ML models for attacks … Read more
October 11, 2023 at 08:24AM Google has released Chrome 118 with fixes for 20 vulnerabilities, including a critical bug in Site Isolation that could allow sites to steal data. Google has yet to determine the bug bounty reward for this vulnerability. The release also addresses eight medium-severity flaws and five low-severity vulnerabilities. The latest version … Read more
October 11, 2023 at 08:24AM Tech companies including Cloudflare, AWS, and Google have responded to the HTTP/2 zero-day vulnerability that led to massive distributed denial-of-service attacks. The attacks exploited the HTTP/2 Rapid Reset feature, resulting in servers being taken down. Organizations like CISA, Microsoft, NGINX, F5, Netty, Apache, Swift, and Linux distributions have issued advisories … Read more