June 7, 2024 at 12:59PM A software vulnerability in Ariane Systems’ kiosk platform (CVE-2024-37364, CVSS 3.0 score 6.8) allows attackers to access hotel guests’ personal data stored in check-in terminals. The exploit bypasses kiosk mode, enabling access to reservations, invoices, PII, and the ability to create room keys. The manufacturer has released a fix, emphasizing … Read more
June 4, 2024 at 10:05AM SUMMARY Successful sports coaching relies on a playbook, and the same applies to cybersecurity. A proactive security playbook should include an incident response plan, an effective measurement strategy, and assessments of team strengths and weaknesses. This proactive approach is critical for maintaining data confidentiality and combating evolving threats. Cyber-insurance engagement … Read more
June 3, 2024 at 07:45AM SecurityWeek Network provides cybersecurity news, webcasts, virtual events, and covers various topics including malware, cyberwarfare, data breaches, fraud, ransomware, vulnerabilities, incident response, and more. It also addresses security in areas such as IoT, cloud, mobile, network, and offers insights on risk management, cyber insurance, and CISO strategy, among other subjects. … Read more
June 2, 2024 at 10:13AM Digital forensics investigators are in demand beyond cybersecurity, assisting in document authentication for legal cases and eDiscovery. Their ability to uncover data manipulation has transformed legal disputes into significant matters. Their expertise can uncover important but overlooked data sets in investigations. Boards often struggle to understand the ongoing nature of … Read more
May 30, 2024 at 11:52AM Everbridge, a crisis management software company, revealed a breach where attackers accessed business and user data. The breach used employee-targeted phishing and affects customer data. Everbridge is working with experts to evaluate the impact and is implementing multi-factor authentication for all accounts by June 3, following the advice to guard … Read more
May 30, 2024 at 03:09AM Okta warns of credential stuffing susceptibility in Customer Identity Cloud, mentioning proactive communication with impacted customers. Users are advised to review tenant logs for unusual login events, rotate credentials, and restrict cross-origin authentication. Other mitigations include breached password detection, strong password enforcement, and passwordless, phishing-resistant authentication. The warning follows an … Read more
May 29, 2024 at 10:56AM The BlackSuit ransomware gang, linked to the Royal gang, targets US-based companies in critical sectors with a focus on financial gain. Using advanced methods, the group’s attack tactics include lateral movement, Kerberoasting, FTP exfiltration, and ransomware deployment. Mitigation tactics involve network configuration management and strengthening password encryption to prevent such … Read more
May 28, 2024 at 05:33AM Check Point advises customers to review VPN configurations to prevent abuse by threat actors, citing attempts to gain access through old VPN local accounts with password-only authentication. The company recommends using additional authentication measures, deploying products on security gateways, and disabling unnecessary local accounts. It also provides a script and … Read more
May 23, 2024 at 03:08PM Google’s Matt Linton argues against federally mandated phishing tests, comparing them to early fire drills. He points out the increasing phishing attacks despite anti-phishing controls, arguing for a different approach. Current tests are criticized for lack of evidence in reducing successful phishing campaigns, eroding trust, and burdening incident responders. Linton … Read more
May 22, 2024 at 07:42AM SecurityWeek’s TDIR Summit on May 22nd is a virtual event focusing on post-incident forensics and tools for combating malware and ransomware attacks. The agenda includes sessions on topics like fortifying cyber defense, ransomware preparedness, and AI-driven malware detection. The event also features demos, resources, and a virtual expo hall. Based … Read more