Predator spyware kingpins added to US sanctions list

September 17, 2024 at 09:46AM The US extends sanctions to five individuals and a company connected to Intellexa, a spyware developer. Intellexa’s Predator spyware enables unauthorized access to calls, messages, GPS, and more on iOS and Android devices. The commercial spyware market is worth $12 billion, with Intellexa’s package priced at €8 million. Apple drops … Read more

Dark Reading Confidential: Pen Test Arrests, Five Years Later

September 10, 2024 at 10:36AM Becky Bracken, Senior Editor at Dark Reading, hosted a podcast discussing the aftermath of the pen test arrest of cybersecurity professionals, Gary De Mercurio and Justin Wynn. They were arrested during an authorized pen test at a courthouse in Dallas County, Iowa. The incident highlighted the importance of physical penetration … Read more

Phrack hacker zine publishes new edition after three years

August 21, 2024 at 11:50AM Phrack #71, the first issue since 2021, marks a new phase for the influential underground magazine. Available online for free, it covers technical articles, hacking culture, and ethics. Also distributed in hardcopy at the DEF CON 32, it criticizes technology’s current state and emphasizes hackers’ role in upholding practical knowledge. … Read more

regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely

July 3, 2024 at 06:24AM Qualys discovered a critical OpenSSH vulnerability, CVE-2024-6387, known as regreSSHion, that allows unauthenticated attackers to execute remote code. More than 14 million OpenSSH instances are potentially vulnerable. Exploitation is challenging and not yet confirmed in the wild. While attempts have been made, Palo Alto Networks was unable to achieve remote … Read more

The Fall of the National Vulnerability Database

May 16, 2024 at 10:10AM The National Vulnerability Database (NVD) initially created by NIST to centralize cybersecurity vulnerability intelligence is now struggling due to various factors. Increased accessibility led to a surge in low-quality reports, with inexperienced researchers seeking recognition and monetary incentives. As a result, the NVD has not updated vulnerabilities since February, highlighting … Read more

Tech Companies Promise Secure by Design Products

May 9, 2024 at 10:37AM Over 60 vendors have pledged to develop secure products as part of the “Secure by Design” initiative led by CISA. The focus is on addressing security as a core business requirement, with the onus on manufacturers rather than individual users. Signatories are asked to consider and demonstrate progress towards seven … Read more

Building the Right Vendor Ecosystem – a Guide to Making the Most of RSA Conference

May 2, 2024 at 11:27AM The RSA Conference is happening in San Francisco, offering insights and solutions for cybersecurity challenges. SOC teams face issues with fragmented tools, leading to alert fatigue and burnout. The choice between platform and best-of-breed solutions involves integration, vendor lock-in, and regulatory considerations. Consider assessing security needs, evaluating products, and understanding … Read more

‘Brain Weasels’: Impostor Syndrome in Cybersecurity

March 22, 2024 at 11:36AM The text discusses the prevalence of impostor syndrome in the cybersecurity industry. The author shares personal experiences and insights from experts, highlighting the industry’s technical nature and gatekeeping tendencies. The importance of community support and strategies for managing impostor syndrome are emphasized. The overall message encourages normalization of impostor syndrome … Read more

Cyber Madness Bracket Challenge – Register to Play

March 14, 2024 at 07:57AM SecurityWeek will host a contest called “Cyber Madness” bracket challenge, allowing the cybersecurity community to compete in a fun and competitive manner during the 2024 NCAA Men’s Basketball Tournament. Participants have a chance to win prizes, earn bragging rights, and enjoy the event. The meeting notes outline the plan for … Read more

MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure

December 13, 2023 at 10:48AM MITRE, in collaboration with the cybersecurity community and the industrial sector, has developed EMB3D, a threat model tailored for embedded devices in critical infrastructure. With a focus on mitigating threats, EMB3D provides a knowledge base and mappings to device properties while offering technical mitigations. It aims to enhance device security … Read more