January 12, 2024 at 09:18AM The emergence of Medusa ransomware, notorious for targeting various industries, has led to increased activity, including the launch of a data leak site. Victims are given options such as time extension or data deletion, each with a price tag. With a focus on multi-extortion and professional tactics, this highlights the … Read more
January 12, 2024 at 08:51AM FBI Director Christopher Wray and NSA Director Gen. Paul Nakasone highlighted the resilience of the election defense system against illegal interference. They warned about potential chaos caused by foreign adversaries using misinformation and cyber attacks. China was emphasized as a major threat in cyber warfare, with the US focusing on … Read more
January 12, 2024 at 08:44AM Organizations are facing data challenges as the use of cybersecurity solutions grows, leading to compartmentalized and costly data storage. Implementing a security data lake can break down data silos and improve visibility for threat detection. However, successful implementation requires identifying data gaps, standardizing and normalizing data, and prioritizing security best … Read more
January 12, 2024 at 08:22AM GitHub’s popularity presents challenges and opportunities. Its appeal to developers worldwide makes it difficult to block, benefitting dissidents but posing security risks. Despite being relatively immune to Chinese censorship, it is abused for malware distribution. GitHub’s advantages and disadvantages make it a complex platform for both legitimate and malicious activities. … Read more
January 12, 2024 at 08:11AM The article emphasizes the necessity of a proactive cybersecurity approach and the role of Breach and Attack Simulation (BAS) in strengthening defenses. It highlights the gap between perceived and actual security, the mechanics of BAS, and steps to integrate BAS into an organization’s cyber strategy. The piece is authored by … Read more
January 12, 2024 at 06:32AM HelloFresh faces a £140,000 fine from Britain’s data privacy watchdog for sending 79 million spam emails and 1 million texts in seven months. The company misled customers about opt-in statements for marketing messages, failing to provide clear information or an easy opt-out process. The ICO issued the fine for breaching … Read more
January 12, 2024 at 06:15AM Apple announced a firmware update for the Magic Keyboard to fix a Bluetooth vulnerability disclosed by SkySafe engineer. The vulnerability could allow attackers to inject keystrokes without authentication. The update, version 2.0.6, is being rolled out and reportedly mitigates the attack. Users can check for the update in their system … Read more
January 12, 2024 at 06:15AM The recently discovered Ivanti Connect Secure zero-day vulnerabilities are being exploited by threat actors linked to China, aiming to steal valuable data. These vulnerabilities, CVE-2023-46805 and CVE-2024-21887, pose a serious threat, with over 7,000 internet-exposed instances vulnerable to attacks. Patches are expected by the week of January 22, but CISA … Read more
January 12, 2024 at 03:42AM In this week’s edition of On Call, “Alvin” faced a predicament when a client suspected their network engineer of improperly accessing HR files. Alvin’s astute handling of the situation led to the engineer’s dismissal and the discovery of unauthorized servers in his apartment, ultimately vindicating the decision to let him … Read more
January 12, 2024 at 03:09AM Cybersecurity researchers have discovered a new attack using misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners and conceal them with rootkits. The attackers exploit flaws to run remote code on targeted systems and hide mining processes. Mitigations include deploying agent-based security solutions to detect and prevent such attacks. … Read more