🕴 EU Tightens Cybersecurity Requirements for Critical Infrastructure and Services 🕴Organizations in sectors deemed "essential" or "important" have until October 2024 to comply with the Network and Information Systems Directive 2022 (NIS2).
📖 Read
via "Dark Reading".
🕴 After Critical Bug Disclosures, TETRA Emergency Comms Code Goes Public 🕴After the encryption algorithm used by public safety, military, and governments globally was found to allow eavesdropping, standard maintainers are making TETRA open source.
📖 Read
via "Dark Reading".
🕴 Oil Giant Aramco Drills Down on Saudi ICS Security 🕴Saudi Arabia's national oil and gas company is investing in an operational technology security training academy for organizations across the Kingdom.
📖 Read
via "Dark Reading".
🕴 Combining Agentless and Agent-Based Cloud Security in CNAPPs 🕴Combining both approaches using a cloud-native application protection platform helps organizations make their cybersecurity holistic by tapping into richer automation and prioritization features.
📖 Read
via "Dark Reading".
🕴 Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation 🕴Another two bugs in this month's set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.
📖 Read
via "Dark Reading".
🛠 Faraday 4.6.2 🛠Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
📖 Read
via "Packet Storm Security".
🕴 Google Goes After Scammers Abusing Its Bard AI Chatbot 🕴A pair of lawsuits are part of a wider strategy to establish guardrails preventing AI-powered scams, frauds, and harassment, Google's general counsel says.
📖 Read
via "Dark Reading".
🕴 Molerats Group Wields Custom Cybertool to Steal Secrets in the Middle East 🕴The so-called TA402 group continues to focus on cyber espionage against government agencies.
📖 Read
via "Dark Reading".
🛠 Samhain File Integrity Checker 4.5.0 🛠Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
📖 Read
via "Packet Storm Security".
🦿 Sandworm, a Russian Threat Actor, Disrupted Power in Ukraine Via Cyberattack 🦿Any company that is strategic could be targeted for the same kind of actions as this cyberattack. Follow these tips to mitigate your company’s risk to this cybersecurity threat.
📖 Read
via "Tech Republic".
🕴 Q&A: Generative AI Comes to the Middle East, Driving Security Changes 🕴The influx of generative AI could cause security leaders to learn new skills and defensive tactics.
📖 Read
via "Dark Reading".
🕴 SEC Suit Ushers in New Era of Cyber Enforcement 🕴A federal push to enforce cybersecurity requirements is holding public companies and government contractors accountable as a matter of law and for national security.
📖 Read
via "Dark Reading".
🕴 SaaS Vendor Risk Assessment in 3 Steps 🕴SaaS applications are the new supply chain and, practically speaking, SaaS is the modern vendor. Here are three straightforward steps to manage this new vendor risk.
📖 Read
via "Dark Reading".
♟️ It’s Still Easy for Anyone to Become You at Experian ♟️In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hijacked, and the only way I could recover access was by recreating the account.
📖 Read
via "Krebs on Security".
🦿 Microsoft and SysAid Find Clop Malware Vulnerability 🦿SysAid has patched a zero-day vulnerability that could allow attackers to exfiltrate data and launch ransomware.
📖 Read
via "Tech Republic".
🕴 Cyber Resilience Requires Maturity, Persistence & Board Engagement 🕴Women in Cyber Security Middle East highlight a requirement for resilience in the face of increased business and cyber challenges.
📖 Read
via "Dark Reading".
🕴 Qatar & Rwanda Partner to Boost Cybersecurity in Africa 🕴The two countries will work on AI security guardrails, public key infrastructure, smart city cyber, and more.
📖 Read
via "Dark Reading".
🕴 Defending Against Attacks on Vulnerable IoT Devices 🕴Organizations must approach cybersecurity as if they are defending themselves in a cyberwar.
📖 Read
via "Dark Reading".
♟️ Microsoft Patch Tuesday, November 2023 Edition ♟️Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already being exploited in active attacks.
📖 Read
via "Krebs on Security".
🕴 Danish Energy Attacks Portend Targeting More Critical Infrastructure 🕴Targeted attacks against two dozen related companies is just the latest evidence that hackers want a piece of energy.
📖 Read
via "Dark Reading".
🦿 Red Hat: UK Leads Europe in IT Automation, But Key Challenges Persist 🦿The U.K.'s position as a financial services hub puts it ahead in enterprise-wide IT automation, says Red Hat. But skills shortages remain an issue for all IT leaders surveyed.
📖 Read
via "Tech Republic".
🕴 Royal Ransom Demands Exceed $275M, Rebrand in Offing 🕴The swift-moving ransomware crew continues to evolve quickly and has already attacked more than 350 victims since it was first detected just over a year ago.
📖 Read
via "Dark Reading".
🕴 Steps CISOs Should Take Before, During & After a Cyberattack 🕴By creating a plan of action, organizations can better respond to attacks.
📖 Read
via "Dark Reading".
🕴 'Hunters International' Cyberattackers Take Over Hive Ransomware 🕴Hunters International appears to have acquired Hive ransomware from its original operators and may be seeking to cash in on the malware's reputation.
📖 Read
via "Dark Reading".
🕴 A Closer Look at State and Local Government Cybersecurity Priorities 🕴Complexity impedes the universal and consistent application of security policy, which is an obstacle to adequately securing government environments.
📖 Read
via "Dark Reading".
🕴 Ducktail Malware Targets the Fashion Industry 🕴Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
📖 Read
via "Dark Reading".
🕴 Security Is a Process, Not a Tool 🕴Process failures are the root cause of most serious cybersecurity incidents. We need to treat security as a process issue, not try to solve it with a collection of tools.
📖 Read
via "Dark Reading".
🦿 Australian Nonprofit Cyber Security Is So Poor It Might Be Affecting Donations 🦿Research from Infoxchange indicates that poor cyber security practices in Australia’s not-for-profit sector are putting its donors’ and communities’ data at risk.
📖 Read
via "Tech Republic".
🕴 Intel Faces 'Downfall' Bug Lawsuit, Seeking $10K Per Plaintiff 🕴A class action suit claims Intel knowingly sold billions of faulty chips for years. The outcome could help define where poor vulnerability remediation becomes outright negligence.
📖 Read
via "Dark Reading".
🕴 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank 🕴Meanwhile, CISA joins the call to patch CVE-2023-4966 immediately amid reports of mass-exploit activity; at least 5,000 orgs remain exposed.
📖 Read
via "Dark Reading".