October 11, 2023 at 06:42AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities catalog. These include an Adobe Acrobat and Reader flaw that can be exploited for remote code execution, an out-of-bounds write flaw in Cisco IOS and IOS XE, two zero-days impacting Skype for … Read more
October 10, 2023 at 04:47PM Researchers have discovered a vulnerability in a library used by the GNOME desktop environment for Linux systems. Exploiting the vulnerability through a malicious link could allow attackers to take over machines. The issue lies in a dependency called “libcue” used by a default GNOME application called “tracker-miners.” The researchers have … Read more
October 10, 2023 at 04:40PM Human Security has revealed the details of a large-scale fraud scheme called “Bandbox,” which involves Android TV streaming devices infected with malware. A consultant, Daniel Milisic, has provided a script and instructions to help users mitigate the threat. Around 74,000 Android devices globally are potentially impacted by the Badbox infection, … Read more
October 10, 2023 at 10:13AM This article discusses the concept of risk acceptance in cybersecurity and provides guidelines for making informed decisions about accepting risks. It defines risk acceptance and outlines different levels of risk acceptance, such as accepting the risk forever, accepting temporarily, transferring the risk, and eliminating the risk. The article also emphasizes … Read more
October 10, 2023 at 09:54AM Gutsy, a new cybersecurity startup founded by the team behind Twistlock, has secured $51 million in seed-stage financing. The company plans to use process mining techniques to address security challenges and provide data-driven insights into an organization’s teams, tools, and processes. Gutsy aims to help security leaders make better decisions … Read more
October 10, 2023 at 09:54AM A new advanced persistent threat (APT) group called Grayling has been targeting Taiwanese organizations, as well as a government entity in the Asia-Pacific region and organizations in the US and Vietnam. The group likely operates from a region with a strategic interest in Taiwan, implying a possible link to China. … Read more
October 10, 2023 at 08:24AM Akamai’s security researchers have discovered a new Magecart web skimming campaign that incorporates three concealment techniques. One technique involves hiding malicious code in the targeted website’s ‘404’ error page. The campaign, which targets large organizations in the food and retail sectors, follows the typical Magecart pattern of exploiting vulnerabilities, injecting … Read more
October 10, 2023 at 08:24AM UK cable manufacturer Volex has been hit by a cyberattack, with unauthorized access to its IT systems and data. The company said there has been minimal disruption to production levels and no material financial impact is expected. Volex has engaged third-party consultants to investigate the incident. It is believed the … Read more
October 10, 2023 at 08:24AM Natalie Silvanovich, a member of Google’s Project Zero, discusses her work in finding and fixing zero-day vulnerabilities. Project Zero aims to make zero-day vulnerabilities difficult to exploit by attackers. Silvanovich explains the team’s disclosure policy, research process, and the necessary skills for being a successful researcher. She also touches on … Read more
October 10, 2023 at 04:33AM A study conducted by Secureworks revealed that cyber attackers are now deploying ransomware within 24 hours of gaining initial access to a victim’s environment. In nearly two-thirds of cases, ransomware was deployed within a day, and in over 10% of incidents, it was deployed within five hours. This marks a … Read more