Tech Republic Security
OCTOBER 20, 2023
The Five Eyes coalition's principles focus on reducing the possibility of IP theft, particularly from nation-state-sponsored threat actors.
Bleeping Computer
OCTOBER 20, 2023
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 20, 2023
NordVPN or ExpressVPN? Read this in-depth comparison to find out which VPN provider comes out on top in terms of features, security, speed, and more.
Bleeping Computer
OCTOBER 20, 2023
Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
OCTOBER 20, 2023
Law enforcement agencies throughout Europe and the United States took a big swing at the notorious RagnaLocker ransomware group, arresting a malware developer, seizing parts of its infrastructure, and shutting down negotiations and leak sites on the Tor network. During the operation, which stretched over the last four days and multiple European countries, authorities also.
Bleeping Computer
OCTOBER 20, 2023
Cisco disclosed a new high-severity zero-day (CVE-2023-20273) today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
OCTOBER 20, 2023
Vilnius, Lithuania, Oct. 20, 2023 — The UN Office on Drugs and Crime estimates that 5% of global GDP (£1.6 trillion) is laundered yearly , with increasing volumes of online data and the digitization of the economy making fraudsters more creative and difficult to catch. “Enterprises in the finance, banking, and telecommunications sectors are the most susceptible to online fraud, but it can happen to any company,” said Vaidotas Sedys , Head of Risk Management at Oxylabs.
The Hacker News
OCTOBER 20, 2023
Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices. Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 as part of an exploit chain.
Security Affairs
OCTOBER 20, 2023
US CISA added the vulnerability CVE-2021-1435 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2021-1435 in Cisco IOS XE. The vulnerability is a command injection vulnerability in the web user interface that could allow a remote, authenticated attacker to inject commands that can be executed as the root user.
Dark Reading
OCTOBER 20, 2023
If we really want to move the dial on security habits, it's time to think beyond phishing tests. Our panel of CISOs and other security heavy-hitters offer expert tips that go beyond the obvious.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
OCTOBER 20, 2023
Even though it had a long run for a ransomware group, it seems the bell might be tolling for Ragnar Locker. On October 19, 2023, the group’s leak site was seized by an international group of law enforcement agencies. The take down action was carried out between 16 and 20 October. During the action searches were conducted in Czechia, Spain and Latvia.
Dark Reading
OCTOBER 20, 2023
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
Security Boulevard
OCTOBER 20, 2023
In recent investigations, the Obsidian Threat Research team has observed multiple instances of cross-tenant impersonation used to establish persistence and escalate user privileges within Okta environments. This technique poses a significant risk to organizations that rely on Okta for identity management, as it allows attackers to access and impersonate any legitimate user, accessing critical systems […] The post Behind the Breach: Cross-tenant Impersonation in Okta appeared first on Obsidian Se
Dark Reading
OCTOBER 20, 2023
A patch for the max severity zero-day bug tracked as CVE-2023-20198 is coming soon, but the bug has already led to the compromise of tens of thousands of Cisco devices. And now, there's a new unpatched threat.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
OCTOBER 20, 2023
A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine. [.
The Hacker News
OCTOBER 20, 2023
A new information stealer named ExelaStealer has become the latest entrant to an already crowded landscape filled with various off-the-shelf malware designed to capture sensitive data from compromised Windows systems.
Bleeping Computer
OCTOBER 20, 2023
Two weeks into an ongoing IT outage, Kwik Trip finally confirmed that it's investigating a cyberattack impacting the convenience store chain's internal network since October 9. [.
The Hacker News
OCTOBER 20, 2023
Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail stealer. "The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace," WithSecure said in a report published today.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
OCTOBER 20, 2023
Law enforcement agencies arrested a malware developer linked with the Ragnar Locker ransomware gang and seized the group's dark web sites in a joint international operation. [.
The Hacker News
OCTOBER 20, 2023
Due to the rapid evolution of technology, the Internet of Things (IoT) is changing the way business is conducted around the world. This advancement and the power of the IoT have been nothing short of transformational in making data-driven decisions, accelerating efficiencies, and streamlining operations to meet the demands of a competitive global marketplace.
Security Affairs
OCTOBER 20, 2023
A joint international law enforcement investigation led to the arrest of a malware developer who was involved in the Ragnar Locker ransomware operation. Yesterday we became aware of a joint law enforcement operation that led to the seizure of the Ragnar Locker ransomware’s infrastructure. The police on Thursday seized the Tor negotiation and data leak sites, group’s infrastructure was located the Netherlands, Germany and Sweden.
Dark Reading
OCTOBER 20, 2023
Attackers compromised customer support files containing cookies and session tokens, which could result in malicious impersonation of valid Okta users.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CompTIA on Cybersecurity
OCTOBER 20, 2023
CompTIA Security+ ranks among the top 10 cybersecurity certifications in 2023. See how CompTIA Security+ (SY0-701) compares to SY0-601.
Dark Reading
OCTOBER 20, 2023
Cybersecurity exceptions are a fact of life in most organizations, but there's work that should be done to make sure those exceptions are justified and worth the risk.
Heimadal Security
OCTOBER 20, 2023
Choosing the best patch management tool boils down to what your organization needs. Consider how complex your IT setup is and how much you’re willing to spend. For instance, large companies with diverse operating systems and applications will need a more powerful and scalable patch management solution. Imagine trying to manually update hundreds of devices […] The post Best Patch Management Software & Tools 2023 appeared first on Heimdal Security Blog.
Dark Reading
OCTOBER 20, 2023
Users could hold up to five SIM cards previously, but now they can only have two; it's a move that the government says is intended to cut down mobile spam levels.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Heimadal Security
OCTOBER 20, 2023
Over 40,000 Cisco devices running the IOS XE operating system have been compromised after threat actors exploited a recently disclosed vulnerability, tracked as CVE-2023-20198. At the time of writing this article, there is neither a fix nor a solution for the issue, so the customers are only advised to “disable the HTTP Server feature on […] The post Thousands of Cisco IOS XE Devices Compromised Due to Zero-Day Vulnerability appeared first on Heimdal Security Blog.
Dark Reading
OCTOBER 20, 2023
Though there is speculation regarding potential candidates, the Department of Defense will likely not nominate someone in the near term.
GlobalSign
OCTOBER 20, 2023
The ramifications of the MOVEit hack were felt globally. Find out how your business can defend against similar attacks with encryption and automation.
Dark Reading
OCTOBER 20, 2023
Vietnamese cybercrime groups are using multiple different MaaS infostealers and RATs to target the digital marketing sector.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
171 
Let's personalize your content