January 17, 2024 at 12:52PM TAG.Global now mandates all employees to take a cybersecurity fluency assessment to enhance awareness and responsibility for information security. The test, covering various security subjects, aims to build a strong cybersecurity culture. Tawfiq Talhouni plans to extend the program outside the company, contributing to cybersecurity awareness in the Middle East. … Read more
January 17, 2024 at 11:36AM CISA and FBI have issued a joint advisory warning about Androxgh0st malware creating a botnet to target vulnerable networks. The malware primarily targets .env files containing sensitive information for AWS, Microsoft Office 365, SendGrid, and Twilio. It can abuse SMTP for scanning, exploit stolen credentials and APIs, and deploy web … Read more
January 17, 2024 at 11:26AM Info-stealers like KeySteal, Atomic Infostealer, and CherryPie are increasingly targeting macOS by evading Apple’s built-in malware protection. These sophisticated stealers have evolved with new variants that can bypass detection engines, such as macOS’s XProtect. Even with recent updates, these malware strains pose a continued threat, necessitating ongoing vigilance from macOS … Read more
January 17, 2024 at 11:04AM Over 6,700 WordPress sites were infected with the Balada Injector malware through a vulnerable Popup Builder plug-in, exploiting a cross-site scripting vulnerability (CVE-2023-6000). This long-running campaign has compromised over 1 million WordPress sites. Security experts advise implementing integrity monitoring and conducting routine updates to mitigate these threats. Based on the … Read more
January 17, 2024 at 10:36AM The ‘LeftoverLocals’ vulnerability affects GPUs from AMD, Apple, Qualcomm, and Imagination Technologies, allowing data retrieval from local memory. Discovered by Trail of Bits researchers Tyler Sorensen and Heidy Khlaaf, it exploits incomplete memory isolation in GPU frameworks, enabling unauthorized data access. Mitigation efforts are underway, including patching and recommending automatic … Read more
January 17, 2024 at 10:30AM Atlassian warns of a critical vulnerability in out-of-date Confluence Data Center and Server versions allowing remote code execution (RCE) without authentication, with a CVE-2023-22527 (CVSS score of 10). This template injection flaw impacts Confluence 8 versions released before Dec. 5, 2023. Atlassian advises immediate patching and recommends updating to the … Read more
January 17, 2024 at 10:14AM Cybersecurity architecture involves designing an organization’s security approach to protect digital assets from a wide range of cyber threats. While implementing security solutions can be costly, leveraging open source tools offers advantages such as cost-effectiveness, flexibility, and community support. Various open source security tools, including Wazuh, ClamAV, Suricata, pfSense, ModSecurity, … Read more
January 17, 2024 at 10:10AM The Border0 security researchers have identified a malicious extortion bot targeting publicly exposed PostgreSQL and MySQL databases with weak passwords. This bot autonomously wipes out vulnerable databases and leaves a ransom note, claiming to back up the data when in reality it only saves a small portion. It has managed … Read more
January 17, 2024 at 10:07AM A recent CloudSEK XVigil report reveals a 95% surge in cyberattacks on government agencies in 2022. The public sector faces greater cybersecurity challenges due to limited resources and widespread personal data. A whole-of-state (WoS) cybersecurity strategy is proposed for collaborative defense, supported by the State and Local Cybersecurity Grant Program. … Read more
January 17, 2024 at 10:07AM Cybersecurity architecture involves designing an organization’s approach to securing its information systems. It aims to establish a resilient defense against cyber threats. Leveraging open source tools offers cost-effectiveness and flexibility. Selecting tools like Wazuh, ClamAV, Suricata, pfSense, ModSecurity, VeraCrypt, OpenDLP, and OpenVAS helps build a robust cybersecurity architecture. Wazuh, in … Read more