CyberSecure Specialist

18 Jul

Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills

Information

While blue teams defend, red teams attack. They share a common goal, however – help identify and address gaps in organizations’ defenses before these weaknesses can be exploited by malicious actors. The blue/red team exercises provide invaluable insights across the technical, procedural and human sides of security and can ultimately help organizations fend off actual attacks. We recently looked at a few open-source tools that blue teams may use while defending against simulated attacks, as…

Read More
17 Jul

Hello, is it me you’re looking for? How scammers get your phone number

Information

Scams Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters. Márk Szabó 15 Jul 2024  •  , 7 min. read What might be one of the easiest ways to scam someone out of their money – anonymously, of course? Would it involve stealing their credit card data, perhaps using digital…

Read More
15 Jul

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Data Breaches, Information, Insights

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain. Until this past weekend, Squarespace’s website had an option…

Read More
15 Jul

Protecting Trained Models in Privacy-Preserving Federated Learning

Insights

This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST’s Privacy Engineering Collaboration Space or RTA’s blog.     The last two posts in our series covered techniques for input privacy in privacy-preserving federated learning in the context of…

Read More
14 Jul

Should ransomware payments be banned? – Week in security with Tony Anscombe

Information

Video The issue of whether to ban ransomware payments is a hotly debated topic in cybersecurity and policy circles. What are the implications of outlawing these payments, and would the ban be effective? 12 Jul 2024 Back in May, we weighed in on the UK’s apparent plan to make it illegal for critical infrastructure entities to pay ransomware attackers. The move would be designed to deter cybercriminals from targeting vital services. Two months later, the…

Read More
12 Jul

Crooks Steal Phone, SMS Records for Nearly All AT&T Customers

Data Breaches, Information, Insights

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent. AT&T also acknowledged the customer records were exposed…

Read More
12 Jul

AT&T Discloses Breach of Customer Data

Attacks, Insights, Malware

On July 12, AT&T released a public statement on unauthorized access of customer data from a third-party cloud platform. AT&T also provided recommendations and resources for affected customers.     CISA encourages customers to review the following AT&T article for additional information and follow necessary guidance to help protect personal information.    AT&T: Unlawful access of customer data

Read More
11 Jul

Understanding IoT security risks and how to mitigate them | Cybersecurity podcast

Information

Video, Internet of Things As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds? 10 Jul 2024 Imagine all traffic lights in a city turning green simultaneously, much like in Die Hard 4. Could a movie plot become a reality? Does it actually require a great leap of the imagination? While the Internet of Things (IoT) and its integration into critical infrastructure…

Read More
11 Jul

CISA Releases Advisory Detailing Red Team Activity During Assessment of US FCEB Organization, Highlighting Necessity of Defense-in-Depth

Attacks, Insights, Malware

Today, CISA released CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth in coordination with the assessed organization. This Cybersecurity Advisory (CSA) details key findings and lessons learned from a 2023 assessment, along with the red team’s tactics, techniques, and procedures (TTPs) and associated network defense activity. The CSA also provides recommendations to assist executives, leaders, and network defenders in all organizations with refining their cybersecurity, detection, response,…

Read More
11 Jul

CISA Releases Twenty-one Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released twenty-one Industrial Control Systems (ICS) advisories on July 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-193-01 Siemens Remote Connect Server ICSA-24-193-02 Siemens RUGGEDCOM APE 1808 ICSA-24-193-03 Siemens Teamcenter Visualization and JT2Go ICSA-24-193-04 Siemens Simcenter Femap ICSA-24-193-05 Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC ICSA-24-193-06 Siemens RUGGEDCOM ICSA-24-193-07 Siemens SIMATIC and SIMIT ICSA-24-193-08 Siemens Mendix Encryption Module ICSA-24-193-09 Siemens SINEMA Remote Connect Server ICSA-24-193-10 Siemens JT…

Read More