October 11, 2023 at 04:24PM The cybersecurity community anxiously awaited the disclosure of two security flaws in the open source proxy resolution tool, Curl. However, after patches and bug details were unveiled, neither vulnerability lived up to the hype. The first flaw could allow data corruption or remote code execution, but it only affects a … Read more
October 11, 2023 at 02:20PM The Cybersecurity Infrastructure & Security Agency (CISA) has added an Adobe Acrobat Reader bug to its list of exploited vulnerabilities. The bug (CVE-2023-21608) exists in multiple versions of Adobe Acrobat and Reader and allows remote execution of malicious code. CISA advises users to update their software, which was patched in … Read more
October 11, 2023 at 02:06PM Israeli cybersecurity companies are expected to play a crucial role in the war effort against Hamas, given their expertise and capabilities. As the Gaza crisis intensifies, hacktivists have already launched cyberattacks, including DDoS attacks, with experts predicting more sophisticated attacks targeting infrastructure, civilians, and military targets. The Israeli military has … Read more
October 11, 2023 at 10:43AM According to a survey of 600 US-based CISOs, the pay gap between top-earning and bottom-earning CISOs is widening, with the highest-paid executives seeing their salaries increase at three times the rate of those in lower positions. The majority of CISOs earn either below $400,000 or above $700,000 annually. Overall, CISO … Read more
October 11, 2023 at 10:35AM A Chinese-backed threat group, known as Storm-0062 or DarkShadow, has been exploiting a zero-day vulnerability in Atlassian Confluence Data Center and Server since September 2023. Microsoft has shared more information about the group’s involvement and identified four offending IP addresses. The vulnerability allows the group to create arbitrary administrator accounts. … Read more
October 11, 2023 at 10:08AM Global cyberattacks have risen by 38% in 2022, as reported by Check Point. The cost of a data breach is also increasing, averaging $9.44 million in the US and $4.25 million globally in 2022. To combat this, the National Institute of Standards and Technology (NIST) has updated its Cybersecurity Framework … Read more
October 11, 2023 at 10:07AM Several US government agencies, including CISA, the FBI, the NSA, and the US Department of Treasury, have released new cybersecurity guidance for using open source software (OSS) in operational technology (OT). The guidance aims to promote understanding and best practices for implementing OSS in industrial control systems and other OT … Read more
October 11, 2023 at 08:54AM Password reuse is a significant security risk for organizations, as it makes it easier for cybercriminals to access sensitive data and deploy ransomware. Many organizations lack a comprehensive system to prevent password reuse, relying on multi-factor authentication which can still be bypassed. Specops Password Policy offers a solution by enforcing … Read more
October 11, 2023 at 06:42AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities catalog. These include an Adobe Acrobat and Reader flaw that can be exploited for remote code execution, an out-of-bounds write flaw in Cisco IOS and IOS XE, two zero-days impacting Skype for … Read more
October 10, 2023 at 04:47PM Researchers have discovered a vulnerability in a library used by the GNOME desktop environment for Linux systems. Exploiting the vulnerability through a malicious link could allow attackers to take over machines. The issue lies in a dependency called “libcue” used by a default GNOME application called “tracker-miners.” The researchers have … Read more