Threat Actor: Apple Inc. | Apple Inc. Victim: Mobile device owners | mobile device owners
Key Point :
Settlement covers the period from Sept.…Threat Actor: Apple Inc. | Apple Inc. Victim: Mobile device owners | mobile device owners
Key Point :
Settlement covers the period from Sept.…Threat Actor: Cybercriminals | cybercriminals Victim: Small Businesses | small businesses
Key Point :
43% of cyberattacks target small businesses, with 95% linked to human error.…Threat Actor: Unknown | unknown Victim: Cyberhaven | Cyberhaven
Key Point :
Attackers used social engineering to gain access rights to Cyberhaven’s Chrome extension.…Summary: The UN has adopted a groundbreaking treaty aimed at combating cybercrime, marking a significant milestone in international cooperation. This treaty will enhance collaboration among nations to protect individuals and uphold human rights in the digital realm.
Threat Actor: UN Member States | UN Member States Victim: Global Community | Global Community
Key Point :
The Convention against Cybercrime is the first international criminal justice treaty negotiated in over two decades.…Summary: A critical vulnerability in Active Directory’s LDAP protocol, tracked as CVE-2024-49113, allows attackers to crash multiple unpatched Windows servers simultaneously, raising concerns about organizational vulnerabilities. Experts emphasize the urgency of patching systems to mitigate potential exploitation.
Threat Actor: Unknown | unknown Victim: Organizations running Windows Servers | organizations running Windows Servers
Key Point :
The vulnerability allows for denial-of-service attacks and potential remote code execution.…Summary: The Chief Digital and Artificial Intelligence Office (CDAO) has completed a pilot program utilizing crowdsourced red-teaming to assess vulnerabilities in Large-Language Model (LLM) chatbots for military medicine applications. This initiative aims to enhance AI assurance and risk mitigation within the Department of Defense (DoD).…
Summary: A US Army soldier, Cameron John Wagenius, was arrested for unlawfully transferring confidential phone records, including call logs of high-profile officials. He is linked to the Snowflake hacking campaign and has been accused of leaking sensitive data from major telecom providers.…
Summary: Volkswagen Group faced a significant data breach due to a misconfiguration in an Amazon cloud storage system, exposing sensitive information of around 800,000 electric vehicle owners. The breach was reported by an ethical hacker to the Chaos Computer Club, which confirmed the vulnerability before notifying Volkswagen.…
Summary: Researchers at Palo Alto Networks’ Unit 42 have discovered a new jailbreak technique called the Bad Likert Judge attack, which significantly increases the likelihood of large language models (LLMs) generating harmful content. This method exploits the LLM’s ability to evaluate responses based on a psychometric scale, allowing attackers to refine harmful outputs effectively.…
Researchers at IBM and VU Amsterdam have developed a new attack that exploits speculative execution mechanisms in modern computer processors to bypass checks in operating systems against what are known as race conditions.
The attack leverages a vulnerability (CVE-2024-2193) that the researchers found affecting Intel, AMD, ARM, and IBM processors.…
This week, a division of the National Health Service (NHS) Scotland was struck by a cyberattack, potentially disrupting services and exposing patient and employee data. Meanwhile, a researcher disclosed a Salesforce configuration error that exposed millions of Irish citizens’ COVID vaccination data from that country’s Health Service Executive (HSE).…
In late 2023, I wrote an article comparing how well ChatGPT and Google Bard handle writing security policies. Given that ChatGPT 4.0 has been available as a paid version, called ChatGPT Plus, for some time now, and Google recently rebranded Google Bard as Gemini (with Gemini Advanced available as paid offering), it’s a good time to compare how the two perform in a head-to-head of the top 10 use cases for information security professionals.…
The reality of cybersecurity for companies is that adversaries compromise systems and networks all the time, and even well-managed breach-prevention programs often have to deal with attackers inside their perimeters.
On March 5, the National Security Agency continued its best-practice recommendation to federal agencies, publishing its latest Cybersecurity Information Sheet (CIS) on the Network and Environment pillar of its zero-trust framework.…
PRESS RELEASE
DENVER, March 5, 2024 – Red Canary today announced full coverage of its detection and response capabilities to include all major cloud infrastructure and platform services providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Red Canary can detect suspicious activity across all major cloud environments and seamlessly correlate that data with other leading cloud security products, enabling enterprises to find and stop threats before they can cause damage.…
PRESS RELEASE
HERNDON, Va., March 13, 2024 — (BUSINESS WIRE) — Expel, the leading managed detection and response (MDR) provider, today unveiled the updated version of its National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) Getting Started toolkit. The kit, which includes a “getting started” guide and a self-scoring spreadsheet, helps security leaders and operators assess their cybersecurity postures, aligned with the recently released version 2.0 of the NIST CSF.…
SAN FRANCISCO, March 13, 2024 — Nozomi Networks Inc. today announced a $100 million Series E funding round to help accelerate innovative cyber defenses and expand cost-efficient go-to-market expansion globally. This latest round includes investments from Mitsubishi Electric, a global leader in digital manufacturing, electronics and electrical equipment and Schneider Electric, a global leader in digital automation and energy management.…
The Federal Communications Commission (FCC) will be rolling out a voluntary cybersecurity labeling program for Internet of Things (IoT) products for consumers
At its public meeting today, the Commission unanimously voted to approve the program, which will allow IoT manufacturers to slap US Cyber Trust Certification Marks onto products that meet certain minimum criteria defined by the National Institute for Standards and Technology (NIST).…
Fortinet has patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) for managing endpoint devices.
The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage component of the server. It gives unauthenticated attackers a way to execute arbitrary code and commands with system admin privileges on affected systems, using specially crafted requests.…
Congress voted in favor of banning the popular social media app TikTok on Wednesday, following its passage last week by the House Energy Committee. The bill requires any company controlled by a “foreign adversary” to be divested within 180 days.
Pressure against the app, owned by Chinese parent company ByteDance, has been mounting for years.…
DarkGate malware operators have been exploiting a now-patched Windows SmartScreen bypass flaw through a phishing campaign that distributes fake Microsoft software installers to propagate the malicious code.
Trend Micro researchers, among others, discovered a then zero-day Internet Shortcut Files security feature bypass vulnerability tracked as CVE-2024-21412 earlier this year, which Microsoft patched as part of its February raft of Patch Tuesday updates.…