CyberSecure Specialist

19 May

What TikTok knows about you – and what you should know about TikTok

Information

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us TikTok CEO Shou Zi Chew has appeared before the U.S. Congress to give his take on the app’s data security and privacy practices and possible links to the Chinese government amid a nationwide discussion about a blanket ban on TikTok in the US. The…

Read More
19 May

5 useful search engines for internet‑connected devices and services

Information

A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet Internet security is a constant concern for technology and cybersecurity professionals. With the ever-increasing number of online devices and services, it is important to have a clear and accurate view of the online presence of these devices and services in order to protect them and data against online threats. Some…

Read More
19 May

S3 Ep135: Sysadmin by day, extortionist by night

Information

by Paul Ducklin AN INSIDER ATTACK (WHERE THE PERP GOT CAUGHT) No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Inside jobs, facial recognition, and the “S”…

Read More
19 May

Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

Information

by Paul Ducklin Remember that zipped-lipped but super-fast update that Apple pushed out three weeks ago, on 2023-05-01? That update was the very first in Apple’s newfangled Rapid Security Response process, whereby the company can push out critical patches for key system components without going through a full-size operating system update that takes you to a new version number. As we pondered in the Naked Securirty podcast that week: Apple have just introduced “Rapid Security…

Read More
18 May

Critical remote code execution flaws patched in Cisco small business switches

Data Breaches, Malware, Social Engineering

Cisco patched several vulnerabilities this week that affect multiple models of its small business switches and could allow attackers to take full control of the devices remotely. The flaws are all located in the web-based management interface of the devices and can be exploited without authentication. While the company didn’t disclose which specific components of the web interface the flaws are located in, it noted in its advisory that the vulnerabilities are not dependent on…

Read More
18 May

OX Security adds ChatGPT plugin for AppSec

Data Breaches, Malware, Social Engineering

OX Security, an application security vendor, now has a plugin for ChatGPT, allowing users to leverage the power of the headline-making generative AI assistant to protect the software supply chain, generate personalized security recommendations and remedy security issues quickly. The Israel-based company, in a press release issued yesterday, said that generative AI has already altered the security landscape, and not for the better. AI models, according to OX, have been used to seek out new…

Read More
18 May

Investors Make $6M Bet on Manifest for SBOM Management Technology

Information, News

Manifest, an early stage startup building technology to help businesses generate, collect, and operationalize software bill of materials (SBOMs), has banked $6 million in venture capital funding as investors race to find value in software supply chain security companies. The $6 million seed round was led by First Round Capital and closes alongside news that Manifest secured two new contracts from the U.S. government to help federal agencies and the military understand what’s in the…

Read More
18 May

Organizations reporting cyber resilience are hardly resilient: Study

Data Breaches, Malware, Social Engineering

While most organizations have a cyber resilience program in place, more than half of them lack a comprehensive approach to assessing resilience, according to a study by Immersive Labs. The study aimed at understanding business preparedness amidst growing incidents found a strong intent to strengthen cybersecurity capabilities driven by external threats. “Rules of engagement for cyberthreat actors are constantly innovating to cause catastrophic and unavoidable situations,” said Michael Sampson, analyst at Osterman Research and author…

Read More
18 May

CISA Releases Five Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released five Industrial Control Systems (ICS) advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-138-01 Carlo Gavazzi Powersoft ICSA-23-138-02 Mitsubishi Electric MELSEC WS ICSA-23-138-03 Hitachi Energy MicroSCADA Pro/X SYS600 ICSA-23-138-04 Johnson Controls OpenBlue Enterprise Manager Data Collector ICSA-20-051-02 Rockwell Automation FactoryTalk Diagnostics Update B   CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Read More
18 May

Aviatrix is transforming cloud network security with distributed firewalling

Data Breaches, Malware, Social Engineering

Cloud networking solutions provider Aviatrix has launched a distributed cloud firewall offering in a bid to strengthen network security for application traffic on multicloud environments. The offering is targeted at distributing both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network security services. “Aviatrix is the first to deliver a distributed cloud firewall,” said Rod Stuhlmuller, vice president of solutions marketing…

Read More