CyberSecure Specialist

08 Feb

Left to their own devices: Security for employees using personal devices for work

Business Security As personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut it Christian Ali Bravo 06 Feb 2024 • , 6 min. read Since it helped organizations ride out the disruption wrought by the pandemic, remote work (that later often morphed into hybrid work) has cemented its staying power. With the boundaries between work and home becoming blurrier than ever, many people want, or indeed need, to access…

08 Feb

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Attacks, Insights, Malware

Today, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecosystems, this framework lays out voluntary security maturity levels for package repositories. This publication supports Objective 1.2 of CISA’s Open Source Software Security Roadmap, which states the goal of “working collaboratively [with relevant working groups] to develop security principles…

08 Feb

Cisco Releases Security Advisory for Vulnerabilities in Cisco Expressway Series

Attacks, Insights, Malware

Cisco released a security advisory to address vulnerabilities affecting Cisco Expressway Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Expressway Series advisory and apply the necessary updates.

08 Feb

NIST’s International Cybersecurity and Privacy Engagement Update – International Dialogues, Workshops, and Translations

Insights

Credit: Shutterstock/Michael Traitov With the new year under way, NIST is continuing to engage with our international partners to enhance cybersecurity. Here are some updates on our international work from the end of 2023 into the beginning of 2024: Conversations have continued with our partners throughout the world on the update to the NIST Cybersecurity Framework (CSF) 2.0. The current Draft CSF 2.0 has been shared in a public comment period that ended in November 2023. Stay…

07 Feb

From Cybercrime Saul Goodman to the Russian GRU

Information, Insights

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU, the foreign military intelligence agency…

07 Feb

VMware Releases Security Advisory for Aria Operations for Networks

Attacks, Insights, Malware

VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware security advisory VMSA-2024-0002 and apply the necessary updates.

07 Feb

CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance

Attacks, Insights, Malware

Today, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques. The following federal agencies and international organizations are additional co-authors on the joint advisory and guidance: U.S. Department of Energy (DOE) U.S. Environmental Protection Agency (EPA) U.S. Transportation Security Administration (TSA) Australian…

06 Feb

Could your Valentine be a scammer? How to avoid getting caught in a bad romance

Information

Scams With Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heart Imogen Byers 05 Feb 2024 • , 7 min. read Online dating has revolutionized how people connect and find love. Now, any of us can flick through an online catalog of potential love interests in the palm of their hands – no more terrible chat-up lines at bars or being set up at…

03 Feb

Grandoreiro banking malware disrupted – Week in security with Tony Anscombe

Information

Video The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows 02 Feb 2024 This week, law enforcement in Brazil took action to disrupt the Grandoreiro banking malware in a joint effort that was also supported by the ESET research team, who contributed technical analysis, statistics, and known C&C server domain names and IP addresses. The operation – which…

02 Feb

VajraSpy: A Patchwork of espionage apps

Information

ESET researchers have identified twelve Android espionage apps that share the same malicious code: six were available on Google Play, and six were found on VirusTotal. All the observed applications were advertised as messaging tools apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan (RAT) code called VajraSpy, used for targeted espionage by the Patchwork APT group. VajraSpy has a range of espionage functionalities that…

Left to their own devices: Security for employees using personal devices for work

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Cisco Releases Security Advisory for Vulnerabilities in Cisco Expressway Series

NIST’s International Cybersecurity and Privacy Engagement Update – International Dialogues, Workshops, and Translations

From Cybercrime Saul Goodman to the Russian GRU

VMware Releases Security Advisory for Aria Operations for Networks

CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance

Could your Valentine be a scammer? How to avoid getting caught in a bad romance

Grandoreiro banking malware disrupted – Week in security with Tony Anscombe

VajraSpy: A Patchwork of espionage apps

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources