CyberSecure Specialist

09 May

DigiCert’s DigiCert ONE platform now available on Oracle Cloud Infrastructure

Data Breaches, Malware, Social Engineering

Digital trust firm DigiCert has announced a partnership with Oracle to make DigiCert ONE available on Oracle Cloud Infrastructure (OCI). DigiCert ONE is a cloud-native SaaS platform that secures and centrally manages users, devices, servers, documents, and software. Companies use OCI for various functions including secure infrastructure, application, and workload management. The partnership makes DigiCert ONE on OCI easy to deploy and scalable within customers’ single or multi-cloud environments, allowing users to find the right…

Read More
09 May

Nebulon’s TripLine offers ransomware encryption protection for on-prem systems

Data Breaches, Malware, Social Engineering

Smart infrastructure provider Nebulon today announced the immediate availability of TripLine, an early warning system for cryptographically based ransomware attacks on on-premises systems. It’s designed to quickly identify the precise time and system location where an attack has occurred. Nebulon said that the new service uses two techniques to achieve this aim. The first is the “secure enclave,” which is a domain isolated from the infrastructure that includes core management and storage functions. Second, it…

Read More
09 May

CISA and Partners Disclose Snake Malware Threat From Russian Cyber Actors

Attacks, Insights, Malware

Today, CISA and partners released a joint advisory for a sophisticated cyber espionage tool used by Russian cyber actors. Hunting Russian Intelligence “Snake” Malware provides technical descriptions of the malware’s host architecture and network communications, and mitigations to help detect and defend against this threat. CISA urges organizations to review the advisory for more information and apply the recommended mitigations and detection guidance. For more information on FSB and Russian state-sponsored cyber activity, please see…

Read More
09 May

Mozilla Releases Security Advisories for Multiple Products

Attacks, Insights, Malware

Mozilla has released security advisories to address vulnerabilities in Firefox and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply the necessary updates: Security Vulnerabilities fixed in Firefox 113 Mozilla Foundation Security Advisory 2023-16 Security Vulnerabilities fixed in Firefox ESR 102.11 Mozilla Foundation Security Advisory 2023-17 For updates addressing lower severity vulnerabilities, see the…

Read More
09 May

Microsoft Releases May 2023 Security Updates

Attacks, Insights, Malware

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s May 2023 Security Update Guide and Deployment Information and apply the necessary updates.

Read More
09 May

Majority of US, UK CISOs unable to protect company ‘secrets’: Report

Data Breaches, Malware, Social Engineering

About 52% of chief information and security officers (CISOs) in the US and UK organizations are unable to fully secure their company secrets, according to a report by code security platform GitGuardian. The report pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way. About three-quarters of the respondents to the survey reported at least one past leak. The…

Read More
09 May

Small- and medium-sized businesses: don’t give up on cybersecurity

Data Breaches, Malware, Social Engineering

In today’s increasingly hostile environment, every enterprise, be they big or small, should be concerned about cybersecurity and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world. Yet time and again, we see small- and medium-sized businesses (SMBs) left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too…

Read More
09 May

7 VPN alternatives for securing remote network access

Data Breaches, Malware, Social Engineering

Once the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically. Since then, it has become the norm for large numbers of employees to regularly work from home, with many only going to the office…

Read More
08 May

RSA Conference 2023 – How AI will infiltrate the world

Information

As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications Okay, so there’s this ChatGPT thing layered on top of AI – well, not really, it seems even the practitioners responsible for some of the most impressive machine learning (ML) based products don’t always stick to the basic terminology of their fields of expertise… At RSAC, the niceties of…

Read More
08 May

What was hot at RSA Conference 2023? – Week in security with Tony Anscombe

Information

The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated Thousands of security professionals descended on San Francisco this week to attend RSA Conference, the world’s leading gathering of the security community. What was the hottest topic at the event? You guessed it – ChatGPT and large language models (LLMs) as such. But while these emerging technologies may have many benefits, they also…

Read More