CyberSecure Specialist

04 Aug

CISA Releases its Cybersecurity Strategic Plan

Today, CISA released a strategic plan to lay out how we will fulfill our cybersecurity mission over the next three years. The CISA Cybersecurity Strategic Plan aligns the following nine objectives to specific enabling measures and measures of effectiveness to drive accountability: Increase visibility into, and ability to disrupt, cybersecurity threats and campaigns Coordinate disclosure of, hunt for, and drive mitigation of critical and exploitable vulnerabilities Plan for, exercise, and execute joint cyber defense operations…

03 Aug

The grand theft of Jake Moore’s voice: The concept of a virtual kidnap

Information

With powerful AI, it doesn’t take much to fake a person virtually, and while there are some limitations, voice-cloning can have some dangerous consequences.

03 Aug

S3 Ep146: Tell us about that breach! (If you want to.)

Information

by Paul Ducklin WEIRD BUT TRUE No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG. Firefox updates, another Bug With An Impressive Name, and the SEC demands disclosure.…

03 Aug

CISA Calls Urgent Attention to UEFI Attack Surfaces

Information, News

The US government’s cybersecurity agency CISA is calling attention to under-researched attack surfaces in UEFI, warning that the dominant firmware standard presents a juicy target for malicious hackers. “UEFI is a critical attack surface. Attackers have a clear value proposition for targeting UEFI software,” the agency said in a call-to-action penned by CISA technical advisor Jonathan Spring and vulnerability management director Sandra Radesky. Noting that UEFI code represents a compilation of several components (security and…

03 Aug

CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022

Attacks, Insights, Malware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners are releasing a joint Cybersecurity Advisory (CSA), 2022 Top Routinely Exploited Vulnerabilities. This advisory provides details on the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2022, and the associated Common Weakness Enumeration(s) (CWE), to help organizations better understand the impact exploitation could have on their systems. International partners include:…

03 Aug

How Malicious Android Apps Slip Into Disguise

Information, Insights

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a mobile malware obfuscation method identified by researchers at ThreatFabric, a security firm based in Amsterdam. Aleksandr Eremin, a senior malware analyst at the company, told KrebsOnSecurity…

02 Aug

Quantum computing: Will it break crypto security within a few years?

Information

Current cryptographic security methods watch out – quantum computing is coming for your lunch.

02 Aug

Performance and security clash yet again in “Collide+Power” attack

Information

by Paul Ducklin Another week, another BWAIN! As you’ll know if you listened to last week’s podcast (hint, hint!), BWAIN is short for Bug With An Impressive Name: It’s a nickname we apply when the finders of a new cybersecurity attack get so excited about their discovery that they give it a PR-friendly moniker, register a vanity domain name for it, build it a custom website, and design it a special logo. This time, the…

02 Aug

Microsoft Catches Russian Government Hackers Phishing with Teams Chat App

Information, News

Software giant Microsoft on Wednesday sounded an alarm after catching a known Russian government-linked hacking group using its Microsoft Teams chat app to phish for credentials at targeted organizations. According to a research report from Redmond’s Threat Intelligence team, the hacking team is linked to the Foreign Intelligence Service of the Russian Federation (also known as the SVR) and has been caught targeting government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.…

02 Aug

Mozilla Releases Security Updates for Firefox and Firefox ESR

Attacks, Insights, Malware

Mozilla has released security updates to address vulnerabilities for Firefox 116, Firefox ESR 115.1, and Firefox ESR 102.14. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 116, Firefox ESR 115.1, and Firefox ESR 102.14 for more information and apply the necessary updates.

CISA Releases its Cybersecurity Strategic Plan

The grand theft of Jake Moore’s voice: The concept of a virtual kidnap

S3 Ep146: Tell us about that breach! (If you want to.)

CISA Calls Urgent Attention to UEFI Attack Surfaces

CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022

How Malicious Android Apps Slip Into Disguise

Quantum computing: Will it break crypto security within a few years?

Performance and security clash yet again in “Collide+Power” attack

Microsoft Catches Russian Government Hackers Phishing with Teams Chat App

Mozilla Releases Security Updates for Firefox and Firefox ESR

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources