CyberSecure Specialist

30 Jun

DoS and DDoS Attacks against Multiple Sectors

Attacks, Insights, Malware

CISA is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against multiple organizations in multiple sectors. These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible. If you think you or your business is experiencing a DoS or DDoS attack, it is important to contact the appropriate technical professionals for assistance. Contact your network administrator to confirm whether the service…

Read More
30 Jun

Employee monitoring: is ‘bossware’ right for your company?

Information

While employee monitoring software may boost productivity, it may also be a potential privacy minefield and it can affect your relationship with your employees Things may not always run smoothly in the workplace and bosses and workers may not always see eye to eye on many things. But there may be another “threat” in town: remote employee monitoring. In some cases, employee surveillance software, also called “bossware” and “tattleware”, threatens to drive a wedge between…

Read More
30 Jun

S3 Ep141: What was Steve Jobs’s first job?

Information, Malware

by Paul Ducklin PONG FOR ONE!? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Emergency Apple patches, justice for the 2020 Twitter hack, and “Turn off…

Read More
29 Jun

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Information, Insights

Nikita Kislitsin, formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States. Nikita Kislitsin, at a security conference in Russia. Kislitsin is…

Read More
29 Jun

Cyware Snags $30M for Threat Intel Infrastructure Tech

Information, News

Threat intelligence infrastructure startup Cyware on Thursday announced it had secured $30 million in new financing alongside plans to take advantage of the demand for AI-powered security tools. The New York-based Cyware said the $30 million Series C round was led by Ten Eleven Ventures, an investment firm dedicated to making bets on cybersecurity companies. Prior investors Advent International, Zscaler, Emerald Development Managers, Prelude (the venture practice at Mercato Partners) and Great Road Holdings also…

Read More
29 Jun

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

Attacks, Insights, Malware

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-17621 D-Link DIR-859 Router Command Execution Vulnerability CVE-2019-20500 D-Link DWL-2600AP Access Point Command Injection Vulnerability CVE-2021-25487 Samsung Mobile Devices Out-of-Bounds Read Vulnerability CVE-2021-25489 Samsung Mobile Devices Improper Input Validation Vulnerability CVE-2021-25394 Samsung Mobile Devices Race Condition Vulnerability CVE-2021-25395 Samsung Mobile Devices Race Condition Vulnerability CVE-2021-25371 Samsung Mobile Devices Unspecified Vulnerability CVE-2021-25372 Samsung Mobile Devices Improper Boundary Check Vulnerability These types of vulnerabilities are frequent attack…

Read More
29 Jun

2023 CWE Top 25 Most Dangerous Software Weaknesses

Attacks, Insights, Malware

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. The CWE Top 25 is calculated by analyzing public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to CWE weaknesses for the previous two calendar years. These weaknesses lead to serious vulnerabilities in software. An attacker can often…

Read More
29 Jun

CISA Releases Nine Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released nine Industrial Control Systems (ICS) advisories on June 29, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-180-01 Delta Electronics InfraSuite Device Master ICSA-23-180-02 Schneider Electric EcoStruxure ICSA-23-180-03 Ovarro TBox RTUs ICSA-23-180-04 Mitsubishi Electric MELSEC-F Series ICSMA-23-180-01 Medtronic Paceart Optima System ICSA-19-120-01 Rockwell Automation CompactLogix 5370 (Update A) ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update F) ICSA-22-333-05 Mitsubishi Electric FA Engineering Software (Update B) ICSA-23-171-02 Enphase Installer…

Read More
29 Jun

Interested in $10,000,000? Ready to turn in the Clop ransomware crew?

Information

by Naked Security writer The latest high-profile cybercrime exploits attributed to the Clop ransomware crew aren’t your traditional sort of ransomware attacks (if “traditional” is the right word for an extortion mechanism that goes back only to 1989). Conventional ransomware attacks are where your files get scrambled, your business gets totally derailed, and a message appears telling you that a decryption key for your data is available… …for what is typically an eye-watering amount of…

Read More