CyberSecure Specialist

22 Nov

Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets

Data Breaches, Information, News

Researchers at Aqua Security are calling urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations and open-source projects are vulnerable to this “ticking supply chain attack bomb.” In a research paper, Aqua researchers Yakir Kadkoda and Assaf Morag said they found Kubernetes secrets in public repositories that allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat.  “Among the…

Read More
22 Nov

185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone 

Data Breaches, Information, News

Car parts giant AutoZone, which has over 7,000 stores across the Americas, is informing nearly 185,000 individuals that their personal information was compromised as a result of the massive MOVEit hacking campaign. AutoZone revealed that cybercriminals have stolen information, including social security numbers, after exploiting a vulnerability in the MOVEit Transfer managed file transfer application. However, the company is not aware of instances where the exposed information has been used for fraud. Nevertheless, impacted customers…

Read More
22 Nov

Mozilla Releases Security Updates for Firefox and Thunderbird

Attacks, Insights, Malware

Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Firefox iOS 120 Firefox 120 Firefox ESR 115.5 Thunderbird 115.5.0

Read More
21 Nov

LLM Security Startup Lasso Emerges From Stealth Mode

Information, News

End-to-end generative AI security startup Lasso Security has emerged from stealth mode with $6 million in a seed funding round led by Entrée Capital, with additional investment from Samsung Next. Established earlier this year, the Tel Aviv-based company is building technology to tackle the cyber threats faced by generative AI and large language models (LLMs) and prevent data exposure, and security and compliance risks. By protecting every LLM touchpoint, Lasso wants to help secure businesses…

Read More
21 Nov

CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: LockBit Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (along with an accompanying analysis report MAR-10478915-1.v1 Citrix Bleed), in response to LockBit 3.0 ransomware affiliates and multiple threat actor groups exploiting CVE-2023-4966. Labeled Citrix Bleed, the vulnerability affects Citrix’s NetScaler…

Read More
20 Nov

CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations

Information, News

The US cybersecurity agency CISA has published new guidance to help healthcare and public health organizations understand the cyber threats and risks to their sector and apply mitigations. Titled Mitigation Guide: Healthcare and Public Health (HPH) Sector (PDF), the document was released as a supplemental companion to a Cyber Risk Summary distributed in July, and comes roughly one month after CISA and HHS announced cybersecurity resources for the HPH sector. Using data collected from the…

Read More
20 Nov

NIST’s International Cybersecurity and Privacy Engagement Update – Trade Missions, Workshops, and Translations

Insights

Our Cybersecurity Awareness Month may have come to a close at the end of October — but the importance of enhancing cybersecurity and engaging with our international partners to enhance cybersecurity is at the forefront of our minds all year long. Here are some updates on our international work: NIST is also currently working with industry partners to amplify our international outreach — as an example, we recently hosted a webinar along with the Coalition…

Read More
18 Nov

Safeguarding ports from the rising tide of cyberthreats – Week in security with Tony Anscombe

Information

Video An attack against a port operator that ultimately hobbled some 40 percent of Australia’s import and export capacity highlights the kinds of supply chain shocks that a successful cyberattack can cause 17 Nov 2023 This week, one of Australia’s major port operators, DP World, had to pull the plug on its internet connection and shut down ports around the country for several days due to a cyberattack. The incident, which ultimately crippled some 40…

Read More
18 Nov

ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company

Information, News

ChatGPT-maker Open AI said Friday it has pushed out its co-founder and CEO Sam Altman after a review found he was “not consistently candid in his communications” with the board of directors. “The board no longer has confidence in his ability to continue leading OpenAI,” the artificial intelligence company said in a statement. In the year since Altman catapulted ChatGPT to global fame, he has become Silicon Valley’s sought-after voice on the promise and potential…

Read More
17 Nov

Is your LinkedIn profile revealing too much?

Information

Social Media How much contact and personal information do you give away in your LinkedIn profile and who can see it? Here’s why less may be more. Daniel Cunha Barbosa 16 Nov 2023  •  , 4 min. read Several friends recently asked me how cybercriminals could gain access to their contact data, especially their mobile phone numbers and email addresses. I basically told them that there are several methods that criminals can use to gather…

Read More