CyberSecure Specialist

22 Oct

Spearphishing targets in Latin America – Week in security with Tony Anscombe

Information

Video ESET’s analysis of cybercrime campaigns in Latin America reveals a notable shift from opportunistic crimeware to more complex threats, including those targeting enterprises and governments 20 Oct 2023 This week, ESET researchers announced the release of a report that looked at more than a dozen publicly documented malicious campaigns targeting Latin America between 2019 and 2023. Over the past few years, there has been a notable rise in both the number and complexity of…

Read More
21 Oct

Strengthening the weakest link: top 3 security awareness topics for your employees

Information

Business Security Knowledge is a powerful weapon that can empower your employees to become the first line of defense against threats Phil Muncaster 19 Oct 2023  •  , 5 min. read It’s Cybersecurity Awareness Month (CSAM) time again this October. This is an awareness-raising initiative that spans both consumer and corporate worlds, although there’s plenty of crossover: every employee is also a consumer, after all. In fact, as we increasingly work from home or our…

Read More
20 Oct

Okta Support System Hacked, Sensitive Customer Data Stolen

Data Breaches, Information, News

Identity and access management tech firm Okta on Friday warned that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users. A security notice from Okta security chief David Bradbury said the company found “adversarial activity” that leveraged access to a stolen credential to access the support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part…

Read More
20 Oct

Hackers Stole Access Tokens from Okta’s Support Unit

Data Breaches, Information, Insights

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion. In an advisory sent to an undisclosed…

Read More
20 Oct

In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack

Data Breaches, Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
20 Oct

Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks

Information, News

The Philippine defense chief has ordered all defense personnel and the 163,000-member military to refrain from using digital applications that harness artificial intelligence to generate personal portraits, saying they could pose security risks. Defense Secretary Gilberto Teodoro Jr. issued the order in an Oct. 14 memorandum, as Philippine forces have been working to weaken decades-old communist and Muslim insurgencies and defend territorial interests in the disputed South China Sea. The Department of National Defense on…

Read More
20 Oct

CISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet on the effort to revise the National Cyber Incident Response Plan (NCIRP). Through the Joint Cyber Defense Collaborative (JCDC), CISA will work to ensure that the updated NCIRP addresses significant changes in policy and cyber operations since the initial NCIRP was released. First published in 2016, the NCIRP was developed in accordance with Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination…

Read More
20 Oct

CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Attacks, Insights, Malware

Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could exploit these vulnerabilities to take control of an affected system. Specifically, these vulnerabilities allow the actor to create a privileged account that provides complete control over the device.    CISA urges organizations running Cisco IOS XE Web UI to review CISA’s guidance…

Read More
20 Oct

Better safe than sorry: 10 tips to build an effective business backup strategy

Information

Business Security How robust backup practices can help drive resilience and improve cyber-hygiene in your company Phil Muncaster 18 Oct 2023  •  , 5 min. read Could your company survive if its most critical data stores were suddenly encrypted or wiped out by cybercriminals? This is the worst-case scenario many organizations have been plunged into as a result of ransomware. But there are also many other scenarios that could create serious business risk for companies.…

Read More
19 Oct

Harmonic Lands $7M Funding to Secure Generative AI Deployments

Information, News

A British startup called Harmonic Security has attracted $7 million in seed-stage investment to build technology to help secure generative AI deployments in the enterprise. Harmonic, based in London and San Francisco, said it is working on software to mitigate against the ‘wild west’ of unregulated AI apps harvesting company data at scale. The company said the early-stage financing was led by Ten Eleven Ventures, an investment firm actively investing in cybersecurity startups. Storm Ventures…

Read More