CyberSecure Specialist

14 Jul

S3 Ep143: Supercookie surveillance shenanigans

Information

by Paul Ducklin SING A SONG OF SUPERCOOKIES Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple’s rapid patch that needed a rapid patch. User-Agent considered harmful. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that…

Read More
14 Jul

In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
14 Jul

Zluri Raises $20 Million for SaaS Management Platform

Information, News

SaaS management platform Zluri on Thursday announced that it has raised $20 million in a Series B funding round, which brings the total raised by the firm to $32 million. Led by Lightspeed, the new investment round saw participation from existing investors Endiya Partners, Kalaari Capital, and MassMutual Ventures. Founded in 2020, the US-based startup helps organizations manage their SaaS applications, mitigate associated risks, and optimize costs, from a single dashboard. Zluri’s SaaS operations (SaaSOps)…

Read More
14 Jul

Industry Reactions to EU-US Data Privacy Framework: Feedback Friday

Information, News

The European Union and the United States this week reached an agreement on the Data Privacy Framework focusing on the secure transfer of information from Europe to the US.   The framework is the culmination of a yearslong battle between Brussels and Washington over the security of European citizen data stored by tech giants such as Google and Meta in the United States, where data privacy rules are not as strict as in the EU. While…

Read More
13 Jul

SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge

Data Breaches, Information, Insights

[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling…

Read More
13 Jul

ESET Research Podcast: Finding the mythical BlackLotus bootkit

Information

A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat Towards the end of 2022 an unknown threat actor boasted on an underground forum that they’d created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could bypass UEFI Secure Boot – a feature built into all modern computers to prevent them from running unauthorized software. What at first sounded like…

Read More
13 Jul

The danger within: 5 steps you can take to combat insider threats

Information

Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar? It all began innocently enough when a Tesla employee received an invitation from a former associate to catch up over drinks. Several wining and dining sessions later, the old acquaintance made his real intentions clear: he offered the Tesla employee $1 million for smuggling malware into the automaker’s computer network in a a scheme…

Read More
13 Jul

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers

Information

by Paul Ducklin This Tuesday, 2023-07-11, was Microsoft’s Patch Tuesday for July 2023, so here’s a brief reminder to do two things: Patch early, patch often. More than 100 vulnerabilities were patched this month, including four zero-day security holes for which working exploit code already exists. Even though everyone was at risk until Tuesday, it’s important not to be one of those people who remains at risk longer than necessary. When defenders close off holes…

Read More
13 Jul

Juniper Networks Patches High-Severity Vulnerabilities in Junos OS

Information, News

Networking appliances maker Juniper Networks on Wednesday announced software updates that patch multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space. The company published 17 advisories detailing roughly a dozen Junos OS-specific security defects, and nearly three times as many issues in third-party components used in its products. Of the new advisories, three describe high-severity vulnerabilities in Junos OS and Junos OS Evolved that could lead to denial-of-service (DoS). The flaws impact…

Read More