CyberSecurity Updates

20 Sep

10 tips to ace your cybersecurity job interview

Information

We Live Progress Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track. Phil Muncaster 18 Sep 2023  •  , 6 min. read The cybersecurity industry has a shortfall of 3.4 million professionals worldwide. But that doesn’t mean that employers have lowered their standards. While there are plenty of opportunities for ambitious job seekers, it…

Read More
19 Sep

UK Minister Warns Meta Over End-to-End Encryption

Information, News, Uncategorized

Britain’s interior minister on Wednesday warned tech giant Meta that rolling out end-to-end encryption on its platforms must “not to come at a cost to our children’s safety”. Suella Braverman and security minister Tom Tugendhat have called on the company, which owns Facebook, Instagram and WhatsApp, to “work with us” and ensure police can access data. “The use of strong encryption for online users remains a vital part of our digital world and I support…

Read More
18 Sep

Who’s Behind the 8Base Ransomware Website?

Information, Insights

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova. The 8Base ransomware group’s victim shaming website on the…

Read More
18 Sep

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Information, News

Researchers at Wiz have flagged another major security misstep at Microsoft that caused the exposure of 38 terabytes of private data during a routine open source AI training material update on GitHub. The exposed data includes a disk backup of two employees’ workstations, corporate secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages, Wiz said in a note documenting the discovery. Wiz, a cloud data security startup founded by ex-Microsoft software engineers, said…

Read More
16 Sep

Imagine Making Shadowy Data Brokers Erase Your Personal Info. Californians May Soon Live the Dream

Information, News

You may not know it, but thousands of often shadowy companies routinely traffic in personal data you probably never agreed to share — everything from your real-time location information to private financial details. Even if you could identify these data brokers, there isn’t much you can do about their activities, including in California, which has some of the strongest digital privacy laws in the U.S. That’s on the verge of changing. Both houses of the…

Read More
16 Sep

Ballistic Bobcat’s Sponsor backdoor – Week in security with Tony Anscombe

Information

Video Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States 14 Sep 2023 This week, ESET researchers unveiled their findings about a campaign by the Ballistic Bobcat APT group that deployed a novel backdoor against businesses mainly in Israel. Ballistic Bobcat – previously tracked by ESET Research as APT35/APT42 and also…

Read More
15 Sep

Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty

Information, News

Russian hacker Dariy Pankov has pleaded guilty to computer fraud and now faces a maximum penalty of five years in federal prison, according to an announcement from the U.S. Attorney’s Office. Pankov, who was extradited from the Eastern European country of Georgia earlier this year, was charged with developing and selling a piece of malware called NLBrute that was used in cybercriminal activities. As part of a plea deal, the government said Pankov will forfeit…

Read More
15 Sep

Pentagon’s 2023 Cyber Strategy Focuses on Helping Allies

Information, News

The US Department of Defense (DoD) this week published an unclassified summary of its 2023 Cyber Strategy, outlining plans for both offensive and defensive efforts. One key focus of the 2023 Cyber Strategy is the commitment to boost the cyber capabilities of allies and partners, and to increase collective resilience against cyberattacks. This includes augmenting the capacity of partners and expanding their access to cybersecurity infrastructure, as well as helping them mature their cyber workforce…

Read More
15 Sep

Fortinet Releases Security Updates for Multiple Products

Attacks, Insights, Malware

Fortinet has released security updates to address vulnerabilities (CVE-2023-29183 and CVE-2023-34984) affecting FortiOS, FortiProxy, and FortiWeb. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Fortinet security advisories (FG-IR-23-106 and FG-IR-23-068) and apply the necessary updates.

Read More
15 Sep

CISA Releases Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture

Attacks, Insights, Malware

Today, CISA released the Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture to help federal civilian departments and agencies integrate their identity and access management (IDAM) capabilities into their ICAM architectures. Prior to this release, there was no singular, authoritative, and recognized reference for architecting an ICAM capability across an enterprise.  This publication provides: a description of the federal ICAM practice area, including how ICAM services and components implement ICAM use…

Read More