Lohrman on Security

AUGUST 27, 2023

NIST has released a draft version 2.0 of the Cybersecurity Framework. Here’s what you need to know and how to get your recommendations included.

Cybersecurity 240

Cybersecurity 240

The Hacker News

AUGUST 27, 2023

An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out its capabilities and the attack surface. "The binary now includes support for Telnet scanning and support for more CPU architectures," Akamai security researcher Larry W. Cashdollar said in an analysis published this month.

IoT 98

IoT Malware Architecture Internet 98

Security Affairs

AUGUST 27, 2023

The leak of the source code of the LockBit 3.0 ransomware builder in 2022 allowed threat actors to create new variants of the threat. Lockbit v3 , aka Lockbit Black , was detected in June 2022, but in September 2022 a builder for this variant was leaked online. The availability of the builder allowed anyone to create their own customized version of the ransomware.

Ransomware 98

Ransomware Encryption Malware Hacking 98

WIRED Threat Level

AUGUST 27, 2023

The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.

Hacking 98

Hacking 98

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

AUGUST 27, 2023

Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. Cisco this week addressed multiple flaws in its products, including three high-severity flaws in NX-OS and FXOS software. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. Below is the list of flaws addressed by the vendor as part of the company’s semiannual FXOS and NX-OS Software Security Advisory Bundled Publication on August 23

Software 98

Software Authentication Firewall Hacking 98

WIRED Threat Level

AUGUST 27, 2023

A ramshackle team of American scientists scrambled to decode the Nazi cipher before the time ran out. Luckily, they had a secret weapon.

Encryption 98

Encryption Hacking 98

Bleeping Computer

AUGUST 27, 2023

Microsoft is experimenting with different approaches to introduce new users to Windows 11's features as soon as they complete the initial setup, also known as the "Out of Box Experience" (OOBE). [.

Software 98

Software 98

Security Affairs

AUGUST 27, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Cloud and hosting provider Leaseweb took down critical systems after a cyber attack French employment agency Pôle emploi data breach impacted 10M people Crypto investor data exposed by a SIM swapping attack against a Kroll employee China-linked Fl

Hacking 98

Hacking Cybercrime Cryptocurrency Ransomware 98

Security Boulevard

AUGUST 27, 2023

NIST has released a draft version 2.0 of the Cybersecurity Framework. Here’s what you need to know and how to get your recommendations included. The post What’s New in the NIST Cybersecurity Framework 2.0 Draft? appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity 98

Malwarebytes

AUGUST 27, 2023

Last week on Malwarebytes Labs: Teenage members of Lapsus$ ransomware gang convicted Update now! Google Chrome's first weekly update has arrived Smart lightbulb and app vulnerability puts your Wi-Fi password at risk Malwarebytes acquires Cyrus Security Ivanti Sentry critical vulnerability—don't play dice, patch DarkGate reloaded via malvertising and SEO poisoning campaigns Adobe ColdFusion vulnerability exploited in the wild Alert Prioritization and Guided Remediation: The future of EDR Up

Ransomware 97

Ransomware Phishing Passwords Malware 97

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

AUGUST 27, 2023

As cloud computing continues to evolve, an intriguing new trend is emerging – cloud repatriation. This concept, also known as cloud reversal, cloud exit or the "cloud boomerang effect", entails moving applications or data from a public cloud back to a private cloud or on-premises environment. At first glance, this may appear counterintuitive. After.

92

92

Graham Cluley

AUGUST 27, 2023

Graham Cluley Security News is sponsored this week by the folks at PlexTrac. Thanks to the great team there for their support! If you are investing in solutions for continuous assessment and validation or breach and attack simulation, you know that managing the data and remediation efforts necessary to make real progress can be overwhelming. … Continue reading "Ready to enhance your continuous assessment efforts?

85

85

Bleeping Computer

AUGUST 27, 2023

The Rhysida ransomware gang has claimed responsibility for the massive cyberattack on Prospect Medical Holdings, claiming to have stolen 500,000 social security numbers, corporate documents, and patient records. [.

Ransomware 76

Ransomware 76

Security Boulevard

AUGUST 27, 2023

Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Cheltenham 2023 – Simon Gurney – Making Your Own Cool Conference Badges! appeared first on Security Boulevard.

Architecture 52

Architecture CISO Education Risk 52

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Troy Hunt

AUGUST 27, 2023

Somehow in this week's video, I forgot to talk about the single blog post I wrote this week! So here's the elevator pitch: Cloudflare's Turnstile is a bot-killing machine I've had enormous success with for the "API" (quoted because it's not meant to be consumed by others), behind the front page of HIBP. It's unintrusive, is super easy to implement and kills bots dead.

237

237