CyberSecure Specialist

12 Sep

CISA Releases its Open Source Software Security Roadmap

Today, CISA released an Open Source Software Security Roadmap to lay out—in alignment with the National Cybersecurity Strategy and the CISA Cybersecurity Strategic Plan—how we will partner with federal agencies, open source software (OSS) consumers, and the OSS community, to secure OSS infrastructure. To that end, the roadmap details four key goals: Establish CISA’s role in supporting the security of OSS, Understand the prevalence of key open source dependencies, Reduce risks to the federal government,…

12 Sep

Apple Releases Security Updates for iOS and macOS

Attacks, Insights, Malware

Apple has released security updates to address a vulnerability in multiple products. A cyber threat actor could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. iOS 15.7.9 and iPadOS 15.7.9 macOS Monterey 12.6.9 macOS Big Sur 11.7.10

12 Sep

Microsoft Releases September 2023 Updates

Attacks, Insights, Malware

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s September 2023 Security Update Guide and apply the necessary updates.

11 Sep

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

Information

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor

11 Sep

MGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down Systems

Data Breaches, Information, News

Hospitality and entertainment giant MGM Resorts on Monday said a “cybersecurity issue” forced the shutdown of certain computer systems, including the websites for some of the biggest Las Vegas and New York properties. A brief note posted to X (the website formerly known as Twitter) said external cybersecurity experts and law enforcement are involved in an investigation that has all the hallmarks of a ransomware extortion attack. Here’s the full MGM Resorts statement: “MGM Resorts…

11 Sep

Hands-On Learning Experiences Encourage Cybersecurity Career Discovery

Insights

With a mention in the newNational Cyber Workforce and Education Strategy and even adedicated state law, K–12 cybersecurity education clearly has the eye of policymakers. However, despite public attention and new opportunities for high school students to pursue cybersecurity coursework, high schools often struggle to provide students with a clear understanding of what cybersecurity careers actually look like. Hands-on learning experiences, like those we’ve had at our schools and during our internship with NICE at…

10 Sep

Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cybercrime

Information, News

One of Myanmar’s biggest and most powerful ethnic minority militias has arrested and repatriated more than 1,200 Chinese nationals allegedly involved in criminal online scam operations, an official of the group said Saturday. The arrests were carried out in territory controlled by the United Wa State Army, or UWSA, in eastern Shan state in raids on Tuesday and Wednesday, Nyi Rang, a liaison officer from the militia, told The Associated Press. He said in a…

09 Sep

Will you give X your biometric data? – Week in security with Tony Anscombe

Information

The update to X’s privacy policy has sparked some questions among privacy and security folks, including how long X will retain users’ biometric information and how the data will be stored and secured

08 Sep

Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks

Information, News

Cisco this week raised the alarm on a zero-day in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that has been exploited in Akira ransomware attacks since August. Tracked as CVE-2023-20269 (CVSS score of 5.0, medium severity), the issue exists in the remote access VPN feature of Cisco ASA and FTD and can be exploited remotely, without authentication, in brute force attacks. “This vulnerability is due to improper separation of authentication, authorization, and…

08 Sep

New Phishing Campaign Launched via Google Looker Studio

Information, News

Cybersecurity firm Check Point is warning of a new type of phishing attacks that abuse Google Looker Studio to bypass protections. Google Looker Studio is a legitimate online tool for creating customizable reports, including charts and graphs, that can be easily shared with others. As part of the observed attacks, threat actors are using Google Looker Studio to create fake crypto pages that are then delivered to the intended victims in emails sent from the…

CISA Releases its Open Source Software Security Roadmap

Apple Releases Security Updates for iOS and macOS

Microsoft Releases September 2023 Updates

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

MGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down Systems

Hands-On Learning Experiences Encourage Cybersecurity Career Discovery

Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cybercrime

Will you give X your biometric data? – Week in security with Tony Anscombe

Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks

New Phishing Campaign Launched via Google Looker Studio

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources