November 20, 2024 at 12:32AM A contest invites submissions for a cybersecurity-related caption about the work-from-anywhere trend, with a $25 gift card prize for the best entry. Submissions are due by December 11 via email or social media. Last month’s winner was Matthew Tompkins for his caption on the “The Big Jump” cartoon. ### Meeting … Read more
November 20, 2024 at 12:25AM RIIG, a Charlottesville-based cybersecurity provider, leverages AI and machine learning for advanced threat detection. With partnerships among 17 intelligence agencies, it offers risk intelligence and cybersecurity solutions, including vulnerability assessments. Recently emerging from stealth, RIIG raised $3 million in seed funding to enhance product development and client support. ### Meeting … Read more
November 20, 2024 at 12:18AM Apple has released security updates for multiple operating systems to fix two actively exploited zero-day vulnerabilities: CVE-2024-44308, allowing arbitrary code execution, and CVE-2024-44309, enabling cross-site scripting (XSS) attacks. Users are urged to update their devices promptly to mitigate security risks. **Meeting Takeaways: November 20, 2024 – Security Updates on Zero-Day … Read more
November 20, 2024 at 12:18AM Oracle has alerted users about a high-severity vulnerability (CVE-2024-21287) in the Agile Product Lifecycle Management Framework, which is being actively exploited. This flaw allows unauthenticated access to sensitive files. Users are urged to apply patches immediately for protection, as details on the attackers remain unknown. **Meeting Takeaways – Nov 20, … Read more
November 19, 2024 at 10:45PM The SWEEPS initiative, funded by a $2.5 million grant, aims to enhance secure coding skills among software developers through workshops, courses, and bootcamps. Targeting all career stages, it addresses the skills gap in software security, promoting best practices to defend against cyberattacks. Enrollment prioritizes U.S. citizens with military backgrounds. **Meeting … Read more
November 19, 2024 at 07:34PM Equinox, a New York health services organization, has informed over 21,000 clients and staff of a data breach involving their personal information. The LockBit ransomware gang is suspected of the incident, which occurred in April. Equinox has since secured its IT environment and is investigating the breach. ### Meeting Notes … Read more
November 19, 2024 at 06:11PM Chinese government-affiliated hackers are exploiting a zero-day vulnerability in Fortinet’s Windows VPN client to steal sensitive information, including credentials. Volexity identified the issue and reported it to Fortinet, which has yet to release a fix. The attackers use a tool called DeepData, capable of extensive data theft. ### Meeting Takeaways … Read more
November 19, 2024 at 05:15PM The emerging Helldown ransomware targets organizations using VMware ESXi servers, exploiting undocumented vulnerabilities in Zyxel firewalls. Since August, it has impacted 31 victims, mainly US businesses. Helldown employs sophisticated tactics to steal and threaten to leak sensitive data, emphasizing the importance of vigilant security measures for virtualized infrastructures. ### Meeting … Read more
November 19, 2024 at 04:59PM Evgenii Ptitsyn, a Russian citizen, was extradited from South Korea to the U.S. for his role in the Phobos ransomware operation, accused of extorting over $16 million from victims. Facing 13 charges, he provided technical support to criminals using the malware. If convicted, he could face over 100 years in … Read more
November 19, 2024 at 04:57PM Apple issued emergency security updates to address two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. The updates aim to enhance security and protect users from potential threats. **Meeting Takeaways:** 1. Apple has released emergency security updates. 2. The updates address two zero-day vulnerabilities. 3. The vulnerabilities … Read more