CyberSecure Specialist

18 May

Investors Make $6M Bet on Manifest for SBOM Management Technology

Information, News

Manifest, an early stage startup building technology to help businesses generate, collect, and operationalize software bill of materials (SBOMs), has banked $6 million in venture capital funding as investors race to find value in software supply chain security companies. The $6 million seed round was led by First Round Capital and closes alongside news that Manifest secured two new contracts from the U.S. government to help federal agencies and the military understand what’s in the…

Read More
18 May

Organizations reporting cyber resilience are hardly resilient: Study

Data Breaches, Malware, Social Engineering

While most organizations have a cyber resilience program in place, more than half of them lack a comprehensive approach to assessing resilience, according to a study by Immersive Labs. The study aimed at understanding business preparedness amidst growing incidents found a strong intent to strengthen cybersecurity capabilities driven by external threats. “Rules of engagement for cyberthreat actors are constantly innovating to cause catastrophic and unavoidable situations,” said Michael Sampson, analyst at Osterman Research and author…

Read More
18 May

CISA Releases Five Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released five Industrial Control Systems (ICS) advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-138-01 Carlo Gavazzi Powersoft ICSA-23-138-02 Mitsubishi Electric MELSEC WS ICSA-23-138-03 Hitachi Energy MicroSCADA Pro/X SYS600 ICSA-23-138-04 Johnson Controls OpenBlue Enterprise Manager Data Collector ICSA-20-051-02 Rockwell Automation FactoryTalk Diagnostics Update B   CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Read More
18 May

Aviatrix is transforming cloud network security with distributed firewalling

Data Breaches, Malware, Social Engineering

Cloud networking solutions provider Aviatrix has launched a distributed cloud firewall offering in a bid to strengthen network security for application traffic on multicloud environments. The offering is targeted at distributing both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network security services. “Aviatrix is the first to deliver a distributed cloud firewall,” said Rod Stuhlmuller, vice president of solutions marketing…

Read More
18 May

Russian national indicted for ransomware attacks against the US

Data Breaches, Malware, Social Engineering

Russian national, Mikhail Pavlovich Matveev, has been charged and indicted for launching ransomware attacks against thousands of victims in the US and across the world, the US Department of Justice (DoJ) said in a press release. The US Department of State has also announced an award of up to $10 million for information that leads to the arrest and/or conviction of the Russian national. “According to the indictment obtained in the District of New Jersey,…

Read More
18 May

Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe

Information

Here are some of the key moments from the five hours of Shou Zi Chew’s testimony and other interesting news on the data privacy front As the controversy surrounding TikTok continues, the app’s CEO Shou Zi Chew appeared before the U.S. Congress to explain the app’s data privacy and security practices. Here are some of the key moments from the five hours of the testimony. In other (but related) news, a school district in San…

Read More
18 May

Staying safe on OnlyFans: The naked truth

Information

How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats By now you’ve most probably heard of, or possibly even use, OnlyFans. Launched in 2016, this subscription service for content creators gained momentum over the course of the pandemic and now boasts a user base of more than 170 million people, 2.1 million of which are registered content creators.…

Read More
18 May

Meet “AI”, your new colleague: could it expose your company’s secrets?

Information

Before rushing to embrace the LLM-powered “hire”, make sure your organization has safeguards in place to avoid putting its business and customer data at risk Chatbots powered by large language models (LLMs) are not just the world’s new favorite pastime. The technology is increasingly being recruited to boost workers’ productivity and efficiency, and given its increasing capabilities, it’s poised to replace some jobs entirely, including in areas as diverse as coding, content creation, and customer…

Read More
18 May

US offers $10m bounty for Russian ransomware suspect outed in indictment

Information

by Naked Security writer He goes by many names, according to the US Department of Justice. Mikhail Pavlovich Matveev, or just plain Matveev as he’s repeatedly referred to in his indictment, as well as Wazawaka, m1x, Boriselcin and Uhodiransomwar. From that last alias, you can guess what he’s wanted for. In the words of the charge sheet: conspiring to transmit ransom demands; conspiring to damage protected computers; and intentionally damaging protected computers. Simply put, he’s…

Read More
17 May

IBM acquires Polar Security, bolstering data security capabilities

Data Breaches, Malware, Social Engineering

IBM has purchased application security startup Polar Security, in an attempt to address the security of application data in the cloud and help organizations track vulnerable information. In a statement issued this morning, IBM said that the increased cloud adoption driven by the pandemic has strained organizational capacity to track certain aspects of their application frameworks, including certain types of app data, permissions and more. The company said that this has led to “shadow data,”…

Read More