Continuous Monitoring and Protection
Fortinet has released a security update to address a vulnerability (CVE-2023-29182) affecting FortiOS. A remote attacker can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Fortinet security release [FG-IR-23-149] and apply the necessary updates.
Read MoreResilience Cyber Insurance Solutions has raised $100 million through a Series D funding round to support global expansion of its cyber risk platform that was launched earlier this year. By connecting leaders in finance, risk, and security, the Resilience Solution helps cyberinsurance policyholders to quantify their cyber risk and prioritize their security program based on a return-on-investment (ROI) analysis of their controls. “The increase in ransomware attacks proves that there are longstanding gaps in today’s cybersecurity and cyber…
Read MoreBrowser fingerprinting is supposedly a more privacy-conscious tracking method, replacing personal information with more general data. But is it a valid promise?
Read MoreWhen you invest in a company, do you check its cybersecurity? The U.S. Securities and Exchange Commission has adopted new cybersecurity rules.
Read Moreby Paul Ducklin Back in August 2016, Heather Morgan, a.k.a. Razzlekhan, a.k.a. the Crocodile of Wall Street (actually, there’s a double-barrelled expletive in front of the word ‘crocodile’, but this is a family-friendly website so we’ll leave you to extrapolate for yourself), and her husband Ilya Lichtenstein got their hands on 120,000 of your finest bitcoins. At the time, BTC was trading at about $600, so their stash was worth a cool $72,000,000. For a…
Read MoreA cyberattack has disrupted hospital computer systems in several states, forcing some emergency rooms to close and ambulances to be diverted, and many primary care services remained closed on Friday as security experts worked to determine the extent of the problem and resolve it. The “data security incident” began Thursday at facilities operated by Prospect Medical Holdings, which is based in California and has hospitals and clinics there and in Texas, Connecticut, Rhode Island and…
Read MoreSecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…
Read MoreOne frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents. KrebsOnSecurity recently heard from a reader who was puzzled over an email he’d just…
Read MoreThreat actors have been observed abusing an open source tool named Cloudflared to maintain persistent access to compromised systems and to steal information without being detected, cybersecurity firm GuidePoint Security reports. Cloudflared is a command-line client for Cloudflare Tunnel, a tunneling daemon for proxying traffic between the Cloudflare network and the user’s origin. The tool creates an outbound connection over HTTPS, with the connection’s settings manageable via the Cloudflare Zero Trust dashboard. Through Cloudflared, services…
Read MoreToday, CISA released a strategic plan to lay out how we will fulfill our cybersecurity mission over the next three years. The CISA Cybersecurity Strategic Plan aligns the following nine objectives to specific enabling measures and measures of effectiveness to drive accountability: Increase visibility into, and ability to disrupt, cybersecurity threats and campaigns Coordinate disclosure of, hunt for, and drive mitigation of critical and exploitable vulnerabilities Plan for, exercise, and execute joint cyber defense operations…
Read More