Continuous Monitoring and Protection
Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Firefox iOS 120 Firefox 120 Firefox ESR 115.5 Thunderbird 115.5.0
Read MoreEnd-to-end generative AI security startup Lasso Security has emerged from stealth mode with $6 million in a seed funding round led by Entrée Capital, with additional investment from Samsung Next. Established earlier this year, the Tel Aviv-based company is building technology to tackle the cyber threats faced by generative AI and large language models (LLMs) and prevent data exposure, and security and compliance risks. By protecting every LLM touchpoint, Lasso wants to help secure businesses…
Read MoreToday, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: LockBit Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (along with an accompanying analysis report MAR-10478915-1.v1 Citrix Bleed), in response to LockBit 3.0 ransomware affiliates and multiple threat actor groups exploiting CVE-2023-4966. Labeled Citrix Bleed, the vulnerability affects Citrix’s NetScaler…
Read MoreThe US cybersecurity agency CISA has published new guidance to help healthcare and public health organizations understand the cyber threats and risks to their sector and apply mitigations. Titled Mitigation Guide: Healthcare and Public Health (HPH) Sector (PDF), the document was released as a supplemental companion to a Cyber Risk Summary distributed in July, and comes roughly one month after CISA and HHS announced cybersecurity resources for the HPH sector. Using data collected from the…
Read MoreOur Cybersecurity Awareness Month may have come to a close at the end of October — but the importance of enhancing cybersecurity and engaging with our international partners to enhance cybersecurity is at the forefront of our minds all year long. Here are some updates on our international work: NIST is also currently working with industry partners to amplify our international outreach — as an example, we recently hosted a webinar along with the Coalition…
Read MoreVideo An attack against a port operator that ultimately hobbled some 40 percent of Australia’s import and export capacity highlights the kinds of supply chain shocks that a successful cyberattack can cause 17 Nov 2023 This week, one of Australia’s major port operators, DP World, had to pull the plug on its internet connection and shut down ports around the country for several days due to a cyberattack. The incident, which ultimately crippled some 40…
Read MoreChatGPT-maker Open AI said Friday it has pushed out its co-founder and CEO Sam Altman after a review found he was “not consistently candid in his communications” with the board of directors. “The board no longer has confidence in his ability to continue leading OpenAI,” the artificial intelligence company said in a statement. In the year since Altman catapulted ChatGPT to global fame, he has become Silicon Valley’s sought-after voice on the promise and potential…
Read MoreSocial Media How much contact and personal information do you give away in your LinkedIn profile and who can see it? Here’s why less may be more. Daniel Cunha Barbosa 16 Nov 2023 • , 4 min. read Several friends recently asked me how cybercriminals could gain access to their contact data, especially their mobile phone numbers and email addresses. I basically told them that there are several methods that criminals can use to gather…
Read MoreTwo environmentalists told a federal judge Thursday that the public was the real victim of a global computer hacking campaign that targeted those fighting big oil companies to get the truth out about global warming. A climate scientist and the director of a fund that creates initiatives to address climate change spoke at the sentencing of an Israeli man who prosecutors said enabled the hacking of thousands of individuals and entities worldwide. Aviram Azari, 52,…
Read MoreWisconsin teenager Joseph Garrison has pleaded guilty to his involvement in a scheme to access user accounts at a fantasy sports and betting website. According to court documents, on November 18, 2022, Garrison launched a credential stuffing attack against the betting site, obtaining access to approximately 60,000 user accounts. The defendant and others then stole about $600,000 from approximately 1,600 victim accounts, by adding a new payment method to the accounts, depositing $5 to each…
Read More