Troy Hunt
SEPTEMBER 29, 2023
Ah, home 😊 It's been more than a month since I've been able to sit at this desk and stream a weekly video. And now I'm doing it with the glorious spring weather just outside my window, which I really must make more time to start enjoying. Anyway, this week is super casual due to having had zero prep time, but I hope the discussion about the ABC's piece on HIBP and I in particular is interesting.
Tech Republic Security
SEPTEMBER 29, 2023
We talked to Proofpoint researchers about this new malware threat and how it infects Windows systems to steal information.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
SEPTEMBER 29, 2023
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
Tech Republic Security
SEPTEMBER 29, 2023
Google and Mozilla have patched the zero-day vulnerability, which originates in the libvpx library.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Affairs
SEPTEMBER 29, 2023
Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software. A critical zero-day vulnerability, tracked as CVE-2023-42115 (CVSS score 9.8), affects all versions of Exim mail transfer agent (MTA) software. A remote, unauthenticated attacker, can exploit the vulnerability to gain remote code execution (RCE) on Internet-exposed servers.
Tech Republic Security
SEPTEMBER 29, 2023
These open directories could leak sensitive data, intellectual property or technical data and let an attacker compromise the entire system. Follow these security best practices for open directories.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
SEPTEMBER 29, 2023
Automatically create and save passwords, fill in forms and logins, even securely share passwords and sync across all of your devices via WiFi.
The Hacker News
SEPTEMBER 29, 2023
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week.
Security Affairs
SEPTEMBER 29, 2023
The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered. On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 files. A bucket is a container for storing data within AWS’s cloud storage system.
The Hacker News
SEPTEMBER 29, 2023
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bleeping Computer
SEPTEMBER 29, 2023
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. [.
Security Affairs
SEPTEMBER 29, 2023
China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters this week. During a briefing by U.S.
The Hacker News
SEPTEMBER 29, 2023
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta.
Malwarebytes
SEPTEMBER 29, 2023
Google has updated the Stable Channel for Chrome to 117.0.5938.132 for Windows, Mac and Linux. This update includes ten security fixes. According to Google there is an active exploit for one of the patched vulnerabilities, which means cybercriminals are aware of the vulnerability and are using it. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
SEPTEMBER 29, 2023
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight.
Malwarebytes
SEPTEMBER 29, 2023
GitHub is experiencing issues of the “breached account and malicious code” variety. ITPro reports that unnamed individuals have been compromising accounts and using them to install malware capable of password theft. It’s a fairly elaborate scam which even includes imitation of GitHub’s popular Dependabot feature. To make this scam work, attackers first obtained access tokens belonging to their targets.
SecureWorld News
SEPTEMBER 29, 2023
As the clock ticks down to another potential shutdown of the U.S. federal government, concerns are mounting over the impact such an event could have on the cybersecurity of the United States. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the agency tasked with safeguarding the nation's critical infrastructure and defending against cyber threats, is facing the possibility of losing a significant portion of its workforce.
Graham Cluley
SEPTEMBER 29, 2023
Three Californian residents have been convicted of laundering millions of dollars tricked out of older adults who had fallen victim to government-imposter and tech support scams. Read more in my article on the Hot for Security blog.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Bleeping Computer
SEPTEMBER 29, 2023
Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. [.
Graham Cluley
SEPTEMBER 29, 2023
Attackers are using the "ZeroFont" technique to manipulate the preview of a message to suggest it had already been scanned for threats. Read more in my article in the Tripwire State of Security blog.
Bleeping Computer
SEPTEMBER 29, 2023
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers. [.
Heimadal Security
SEPTEMBER 29, 2023
Zero Trust security is evolving from “nice to have” to an absolute must for organizations everywhere. Fortunately, Zero Trust offers numerous advantages to companies of all sizes, including medium-sized ones. While achieving full Zero Trust is a long-term goal, even partial Zero Trust environments help businesses of this size enhance their security posture and benefit […] The post 12 Benefits of Zero Trust for Mid-Sized Businesses appeared first on Heimdal Security Blog.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Dark Reading
SEPTEMBER 29, 2023
An internal memo cites DHS floor plans that could have been accessed in the breach.
SecureWorld News
SEPTEMBER 29, 2023
Single Sign-On (SSO) is a technology that allows users to access multiple applications with a single set of login credentials. This can make it easier for users to log in to applications and can also help to improve security. There are many different SSO vendors available, each with its own strengths and weaknesses. When choosing an SSO vendor, it is important to consider the following factors: Features: What features are important to you?
Dark Reading
SEPTEMBER 29, 2023
Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.
Digital Guardian
SEPTEMBER 29, 2023
Going forward, customers of Digital Guardian Secure Collaboration, formerly Vera, can find everything they need about the product, including support on Digital Guardian's website.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
SEPTEMBER 29, 2023
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
Heimadal Security
SEPTEMBER 29, 2023
Progress Software, the developer behind the MOVEit Transfer file-sharing platform recently issued a patch for a maximum severity vulnerability in its WS_FTP Server software and advises users to deploy the patch quickly. Details About the Vulnerabilities Discovered According to an advisory published on Wednesday, the company disclosed multiple vulnerabilities impacting the software’s manager interface and […] The post Progress Software Releases Urgent Patches to Fix WS_FTP Server Vulnerabil
Dark Reading
SEPTEMBER 29, 2023
The Israeli company developed highly-targeted, mobile malware that would make any APT jealous.
Heimadal Security
SEPTEMBER 29, 2023
A quick search on the Internet retrieved a pack of VMware Carbon Black alternatives for endpoint protection services. I analyzed features, pros, cons and pricing and then I drew conclusions. So, here`s a list of 9 Best Carbon Black Alternatives on the cybersecurity market. It includes details about key features, ease of deployment, support, and […] The post 9 Best Carbon Black Alternatives & Competitors in 2023 appeared first on Heimdal Security Blog.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
304 
Let's personalize your content