CyberSecure Specialist

23 Oct

China Crackdown on Cyber Scams in Southeast Asia Nets Thousands but Leaves Networks Intact

Information, News

Zhang Hongliang, a former restaurant manager in central China, took various gigs in and outside China to support his family after losing his job during the COVID-19 pandemic. In March, a job offer to teach Chinese cooking at a restaurant led him into a cyber scam compound in Myanmar, where he was instead ordered to lure Chinese into giving up their savings for fake investment schemes via social media platforms. Zhang is one of tens…

Read More
23 Oct

NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

Information, Insights

A 22-year-old New Jersey man has been sentenced to more than 13 years in prison for participating in a firebombing and a shooting at homes in Pennsylvania last year. Patrick McGovern-Allen was the subject of a Sept. 4, 2022 story here about the emergence of “violence-as-a-service” offerings, where random people from the Internet hire themselves out to perform a variety of local, physical attacks, including firebombing a home, “bricking” windows, slashing tires, or performing a…

Read More
23 Oct

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Attacks, Insights, Malware

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these vulnerabilities for the 17.9 Cisco IOS XE software release train with the 17.9.4a update. According to Cisco’s Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature, fixes are still to be determined for the following Cisco IOS XE software release…

Read More
22 Oct

Spearphishing targets in Latin America – Week in security with Tony Anscombe

Information

Video ESET’s analysis of cybercrime campaigns in Latin America reveals a notable shift from opportunistic crimeware to more complex threats, including those targeting enterprises and governments 20 Oct 2023 This week, ESET researchers announced the release of a report that looked at more than a dozen publicly documented malicious campaigns targeting Latin America between 2019 and 2023. Over the past few years, there has been a notable rise in both the number and complexity of…

Read More
21 Oct

Strengthening the weakest link: top 3 security awareness topics for your employees

Information

Business Security Knowledge is a powerful weapon that can empower your employees to become the first line of defense against threats Phil Muncaster 19 Oct 2023  •  , 5 min. read It’s Cybersecurity Awareness Month (CSAM) time again this October. This is an awareness-raising initiative that spans both consumer and corporate worlds, although there’s plenty of crossover: every employee is also a consumer, after all. In fact, as we increasingly work from home or our…

Read More
20 Oct

Okta Support System Hacked, Sensitive Customer Data Stolen

Data Breaches, Information, News

Identity and access management tech firm Okta on Friday warned that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users. A security notice from Okta security chief David Bradbury said the company found “adversarial activity” that leveraged access to a stolen credential to access the support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part…

Read More
20 Oct

Hackers Stole Access Tokens from Okta’s Support Unit

Data Breaches, Information, Insights

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion. In an advisory sent to an undisclosed…

Read More
20 Oct

In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack

Data Breaches, Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
20 Oct

Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks

Information, News

The Philippine defense chief has ordered all defense personnel and the 163,000-member military to refrain from using digital applications that harness artificial intelligence to generate personal portraits, saying they could pose security risks. Defense Secretary Gilberto Teodoro Jr. issued the order in an Oct. 14 memorandum, as Philippine forces have been working to weaken decades-old communist and Muslim insurgencies and defend territorial interests in the disputed South China Sea. The Department of National Defense on…

Read More
20 Oct

CISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet on the effort to revise the National Cyber Incident Response Plan (NCIRP). Through the Joint Cyber Defense Collaborative (JCDC), CISA will work to ensure that the updated NCIRP addresses significant changes in policy and cyber operations since the initial NCIRP was released. First published in 2016, the NCIRP was developed in accordance with Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination…

Read More