October 10, 2023 at 10:13AM – A Primer on Cyber Risk Acceptance and What it Means to Your Business

October 10, 2023 at 10:13AM This article discusses the concept of risk acceptance in cybersecurity and provides guidelines for making informed decisions about accepting risks. It defines risk acceptance and outlines different levels of risk acceptance, such as accepting the risk forever, accepting temporarily, transferring the risk, and eliminating the risk. The article also emphasizes … Read more

October 10, 2023 at 09:54AM – Twistlock Founders Score Whopping $51M Seed Funding for Gutsy

October 10, 2023 at 09:54AM Gutsy, a new cybersecurity startup founded by the team behind Twistlock, has secured $51 million in seed-stage financing. The company plans to use process mining techniques to address security challenges and provide data-driven insights into an organization’s teams, tools, and processes. Gutsy aims to help security leaders make better decisions … Read more

October 10, 2023 at 09:54AM – New ‘Grayling’ APT Targeting Organizations in Taiwan, US

October 10, 2023 at 09:54AM A new advanced persistent threat (APT) group called Grayling has been targeting Taiwanese organizations, as well as a government entity in the Asia-Pacific region and organizations in the US and Vietnam. The group likely operates from a region with a strategic interest in Taiwan, implying a possible link to China. … Read more

October 10, 2023 at 08:24AM – Magecart Web Skimmer Hides in 404 Error Pages

October 10, 2023 at 08:24AM Akamai’s security researchers have discovered a new Magecart web skimming campaign that incorporates three concealment techniques. One technique involves hiding malicious code in the targeted website’s ‘404’ error page. The campaign, which targets large organizations in the food and retail sectors, follows the typical Magecart pattern of exploiting vulnerabilities, injecting … Read more

October 10, 2023 at 08:24AM – Cable Giant Volex Targeted in Cyberattack

October 10, 2023 at 08:24AM UK cable manufacturer Volex has been hit by a cyberattack, with unauthorized access to its IT systems and data. The company said there has been minimal disruption to production levels and no material financial impact is expected. Volex has engaged third-party consultants to investigate the incident. It is believed the … Read more

October 10, 2023 at 08:24AM – Researcher Conversations: Natalie Silvanovich From Google’s Project Zero

October 10, 2023 at 08:24AM Natalie Silvanovich, a member of Google’s Project Zero, discusses her work in finding and fixing zero-day vulnerabilities. Project Zero aims to make zero-day vulnerabilities difficult to exploit by attackers. Silvanovich explains the team’s disclosure policy, research process, and the necessary skills for being a successful researcher. She also touches on … Read more

October 10, 2023 at 04:33AM – Ransomware attacks register record speeds thanks to success of infosec industry

October 10, 2023 at 04:33AM A study conducted by Secureworks revealed that cyber attackers are now deploying ransomware within 24 hours of gaining initial access to a victim’s environment. In nearly two-thirds of cases, ransomware was deployed within a day, and in over 10% of incidents, it was deployed within five hours. This marks a … Read more

October 10, 2023 at 02:18AM – Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

October 10, 2023 at 02:18AM Threat actors are exploiting a critical flaw in Citrix NetScaler ADC and Gateway devices to conduct a credential harvesting campaign. The flaw, CVE-2023-3519, allows for remote code execution. Attackers are inserting a malicious script into the authentication web page and capturing user credentials. IBM X-Force has identified at least 600 … Read more