Information

25 Aug

Cypago Raises $13 Million for GRC Automation Platform

Israeli startup Cypago on Thursday announced that it has raised $13 million in a funding round led by Entrée Capital, Axon Ventures, and Jump Capital, with participation from various angel investors. Founded in 2020, the Tel Aviv-based company also launched its governance, risk management and compliance (GRC) automation (CGA) platform, which aims to bring management, security, and operations together. Combining a SaaS architecture with advanced analysis and correlation, generative AI, and automation, the platform helps…

24 Aug

Using WinRAR? Be sure to patch against these code execution bugs…

Information, Uncategorized

by Paul Ducklin The venerable RAR program, short for Roshal’s Archiver after its original creator, has been popular in file sharing and software distribution circles for decades, not least because of its built-in error recovery and file reconstruction features. Early internet users will remember, with little fondness, the days when large file transfers were shipped either as compressed archives split across multiple floppy disks, or uploaded to size-conscious online forums as a series of modestly-sized…

24 Aug

Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks

Information, News

Cisco on Wednesday announced patches for six vulnerabilities in its products, including three high-severity bugs in NX-OS and FXOS software that could be exploited to cause a denial-of-service (DoS) condition. Impacting the FXOS software of Firepower 4100 and Firepower 9300 security appliances and of UCS 6300 series fabric interconnects, the most severe of these flaws is CVE-2023-20200, described as the improper handling of specific SNMP requests. The issue allows an authenticated, remote attacker to send…

23 Aug

Scarabs colon-izing vulnerable servers

Information

Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle

23 Aug

A Bard’s Tale – how fake AI bots try to install malware

Information

The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about. Heydays for cybercriminals!

23 Aug

Smart light bulbs could give away your password secrets

Information

by Paul Ducklin A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb. The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] best seller on Amazon Italy,” so we don’t know how other smart bulbs stack up, but their report has plenty to teach us anyway. The…

23 Aug

The End of “Groundhog Day” for the Security in the Boardroom Discussion?

Information, News

It’s been eight and half years since I first wrote about the need for security leadership representation in the boardroom. I then revisited the topic last year, when the SEC initially proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting. Now, as the SEC cyber incident disclosure rules come into effect, organizations will finally be forced to seriously consider giving security leaders a seat at…

22 Aug

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

Information, Insights

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like data theft and ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior. In a…

22 Aug

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

Information, Malware

by Paul Ducklin Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity. We’ll start with the good news: the tricks that Jamf discovered can’t magically be triggered remotely, for example merely by enticing you to a booby-trapped website. Attackers need to implant rogue software onto your iPhone first in order to pull off a “fake airplane” attack. The bad news, however,…

22 Aug

TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks

Information, News

Four vulnerabilities identified by academic researchers from Italy and the UK in the TP-Link Tapo L530E smart bulb and its accompanying mobile application can be exploited to obtain the local Wi-Fi network’s password. Currently a best-seller on Amazon Italy, the TP-Link Tapo smart Wi-Fi light bulb (L530E) is cloud-enabled and can be controlled using a Tapo application (available on both Android and iOS) and a Tapo account. The most severe of the identified issues is…

Cypago Raises $13 Million for GRC Automation Platform

Using WinRAR? Be sure to patch against these code execution bugs…

Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks

Scarabs colon-izing vulnerable servers

A Bard’s Tale – how fake AI bots try to install malware

Smart light bulbs could give away your password secrets

The End of “Groundhog Day” for the Security in the Boardroom Discussion?

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources