CyberSecure Specialist

14 Feb

Deepfakes in the global election year of 2024: A weapon of mass deception?

Information

Digital Security As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern Phil Muncaster 13 Feb 2024  •  , 5 min. read Fake news has dominated election headlines ever since it became a big story during the race for the White House back in 2016. But eight years later, there’s an arguably bigger threat: a combination of disinformation and…

Read More
14 Feb

U.S. Internet Leaked Years of Internal, Customer Emails

Data Breaches, Information, Insights

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web…

Read More
14 Feb

NIST Celebrates National Entrepreneurship Week

Insights

What is National Entrepreneurship (NatlEshipWeek) Week?  Celebrated February 10-17, 2024, “NatlEshipWeek is a congressionally chartered week dedicated to empowering entrepreneurship across the United States. The annual initiative was relaunched in 2017 as NatlEshipWeek to bring together a network of partners from Maui to Miami to educate, engage, and build equitable access to America’s Entrepreneurship Ecosystem.” Follow along online with #NatlEshipWeek. You can learn more about the initiative here: https://www.natleshipweek.org/about. Supporting Entrepreneurship is at the Heart of NIST’s…

Read More
13 Feb

Fat Patch Tuesday, February 2024 Edition

Information, Insights

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Top of the heap on this Fat Patch Tuesday is CVE-2024-21412, a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits. Redmond’s advisory for this bug says an attacker would need…

Read More
12 Feb

Priorities of the Joint Cyber Defense Collaborative for 2024

Attacks, Insights, Malware

Today, CISA—on behalf of the collective group of industry and government partners that comprise the Joint Cyber Defense Collaborative (JCDC)—released JCDC’s 2024 Priorities. Similar to the 2023 JCDC Planning Agenda, JCDC’s 2024 Priorities will help focus the collective group on developing high-impact and collaborative solutions to the most pressing cybersecurity challenges. Resulting from the trusted partnerships the collaborative has fostered, the focused goals of the 2024 priorities are to: Defend against Advanced Persistent Threat (APT)…

Read More
10 Feb

Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe

Information

Video, Ransomware Called a “watershed year for ransomware”, 2023 marked a reversal from the decline in ransomware payments observed in the previous year 09 Feb 2024 Ransomware payments in 2023 reached a record-breaking $1.1 billion in 2023, according to an analysis by Chainalysis, a blockchain research firm. Calling 2023 a “watershed year for ransomware”, Chainalysis also said that last year marked a reversal from the decline observed in 2022, when the payments were “only” half…

Read More
09 Feb

The buck stops here: Why the stakes are high for CISOs

Information

Business Security Heavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses? Phil Muncaster 08 Feb 2024  •  , 5 min. read Cybersecurity is finally becoming a board-level issue. That’s as it should be, given the increasingly important role cyber-risk management plays in strategic decision making. Cyber-risk is fundamentally a core…

Read More
09 Feb

Juniper Support Portal Exposed Customer Device Info

Information, Insights

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal. Sunnyvale, Calif. based Juniper Networks makes high-powered Internet routers and switches, and its…

Read More
09 Feb

Fortinet Releases Security Advisories for FortiOS

Attacks, Insights, Malware

Fortinet released security updates to address critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313). A cyber threat actor could exploit these vulnerabilities to take control of an affected system. Note: According to Fortinet, CVE-2024-21762 is potentially being exploited in the wild.  CISA encourages users and administrators to review the following advisories and apply necessary updates: FG-IR-24-015 FortiOS FG-IR-24-029 FortiOS

Read More
09 Feb

JetBrains Releases Security Advisory for TeamCity On-Premises

Attacks, Insights, Malware

JetBrains released a security advisory to address a vulnerability (CVE-2024-23917) in TeamCity On-Premises. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Critical Security Issue Affecting TeamCity On-Premises-CVE-2024-23917 and apply the necessary update or workarounds.

Read More