December 14, 2023 at 09:03AM Zoom has introduced a new Vulnerability Impact Scoring System (VISS) to help cybersecurity teams prioritize threats. It analyzes 13 impact aspects, produces a 0-100 score, and can be adjusted using compensating controls. In testing, critical vulnerabilities increased by 28%, while medium-severity ones decreased by 57%. Zoom aims to enhance security … Read more
December 13, 2023 at 05:31AM Close to a million records containing personally identifiable information of donors to non-profits were exposed in an online database owned by DonorView, provider of a fundraising platform for schools, charities, and religious institutions. The exposed data included donor names, addresses, phone numbers, emails, and payment methods, raising concerns about potential … Read more
December 8, 2023 at 11:48AM Summary: This SecurityWeek post highlights lesser-known stories including a fake Lockdown Mode, a new Linux RAT, AI being jailbroken, and a country’s DNS being hijacked. Based on the meeting notes, the notable security-related stories that were discussed are: 1. Fake Lockdown Mode 2. New Linux RAT 3. Jailbreaking AI 4. … Read more
December 8, 2023 at 08:36AM The US and UK have charged and imposed sanctions on two hackers affiliated with Russia’s FSB security service. Takeaways from the Meeting: 1. The United States and the United Kingdom have publicly announced charges against two hackers. 2. These two hackers are purported to be collaborating with Russia’s Federal Security … Read more
December 8, 2023 at 06:42AM Cyberattackers disrupted an Irish water utility, resulting in a two-day water outage for residents. (15 words) Meeting Takeaways: – A cyberattack targeted an Irish water utility. – The attack caused significant disruption to services. – The aftermath of the attack left residents without water for a period of two days. … Read more
December 7, 2023 at 06:23PM Cybersixgill has launched new features for its cyber threat intelligence platform, including an Identity Intelligence module for compromised account monitoring, an improved Alerts page for faster threat response, and OSV Support for open-source vulnerability awareness. These tools aim to enhance threat detection, decision-making, and pre-emptive action to protect against cyber-attacks. … Read more
December 7, 2023 at 01:12PM An Apple-commissioned study indicates 2.6 billion personal data records were compromised in breaches over the last two years, underscoring the need for end-to-end encryption. Meeting Takeaways: 1. Apple commissioned a study focusing on data breaches. 2. The study found that 2.6 billion personal data records were compromised over the past … Read more
December 7, 2023 at 10:54AM Five Eyes government agencies issued guidance for developing strategies to address memory safety vulnerabilities. Takeaway from Meeting: – Government agencies from the Five Eye countries (United States, United Kingdom, Canada, Australia, and New Zealand) have released new guidelines to assist in the development of roadmaps for memory safety. – The … Read more
December 7, 2023 at 10:28AM Star Blizzard, believed to be linked to Russia’s FSB, continues targeted spear-phishing attacks for intelligence gathering. They impersonate trusted contacts using researched information to deceive individuals and organizations in the UK and beyond. Numerous cyber security agencies warn of their expanded targeting since 2019, including the defense industry and energy … Read more
December 7, 2023 at 08:54AM The ‘Pool Party’ is a collection of eight novel Windows process injection methods that escape detection by endpoint detection and response (EDR) tools. Takeaways from the meeting notes: 1. “Pool Party” is a name given to a new collection of eight Windows process injection techniques. 2. These techniques are capable … Read more