CyberSecurity Updates

01 Jul

Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials

Information, News

An Army combat veteran with extensive cybersecurity and counterterrorism experience is taking over as one of the nation’s top election security officials, the director of the U.S. Cybersecurity Infrastructure Security Agency announced Friday. In the position, Cait Conley will coordinate with federal, state and local officials responsible for ensuring elections are secure ahead of the 2024 presidential election. CISA Director Jen Easterly said Conley’s national security experience made her “ideally suited to help those state…

Read More
01 Jul

The good, the bad and the ugly of AI – Week in security with Tony Anscombe

Information

The growing use of synthetic media and difficulties in distinguishing between real and fake content raises a slew of legal and ethical questions The news cycle is awash with articles about (what’s not always rightly called) artificial intelligence – some good, some bad, and some ugly. The fact that some individuals are using readily available new technology for turning people’s benign public photos into sexually explicit images, including into child sex abuse material, is clearly…

Read More
30 Jun

In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
30 Jun

200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin

Information, News

More than 200,000 WordPress websites are exposed to ongoing attacks targeting a critical vulnerability in the Ultimate Member plugin. Designed to make it easy for users to register and log in on sites, the plugin allows site owners to add user profiles, define roles, create custom form fields and member directories, and more. Tracked as CVE-2023-3460 (CVSS score of 9.8), the recently identified security defect in Ultimate Member allows attackers to add a new user…

Read More
30 Jun

DoS and DDoS Attacks against Multiple Sectors

Attacks, Insights, Malware

CISA is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against multiple organizations in multiple sectors. These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible. If you think you or your business is experiencing a DoS or DDoS attack, it is important to contact the appropriate technical professionals for assistance. Contact your network administrator to confirm whether the service…

Read More
30 Jun

Employee monitoring: is ‘bossware’ right for your company?

Information

While employee monitoring software may boost productivity, it may also be a potential privacy minefield and it can affect your relationship with your employees Things may not always run smoothly in the workplace and bosses and workers may not always see eye to eye on many things. But there may be another “threat” in town: remote employee monitoring. In some cases, employee surveillance software, also called “bossware” and “tattleware”, threatens to drive a wedge between…

Read More
30 Jun

S3 Ep141: What was Steve Jobs’s first job?

Information, Malware

by Paul Ducklin PONG FOR ONE!? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Emergency Apple patches, justice for the 2020 Twitter hack, and “Turn off…

Read More
29 Jun

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Information, Insights

Nikita Kislitsin, formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States. Nikita Kislitsin, at a security conference in Russia. Kislitsin is…

Read More
29 Jun

Cyware Snags $30M for Threat Intel Infrastructure Tech

Information, News

Threat intelligence infrastructure startup Cyware on Thursday announced it had secured $30 million in new financing alongside plans to take advantage of the demand for AI-powered security tools. The New York-based Cyware said the $30 million Series C round was led by Ten Eleven Ventures, an investment firm dedicated to making bets on cybersecurity companies. Prior investors Advent International, Zscaler, Emerald Development Managers, Prelude (the venture practice at Mercato Partners) and Great Road Holdings also…

Read More
29 Jun

CISA Releases Nine Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released nine Industrial Control Systems (ICS) advisories on June 29, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-180-01 Delta Electronics InfraSuite Device Master ICSA-23-180-02 Schneider Electric EcoStruxure ICSA-23-180-03 Ovarro TBox RTUs ICSA-23-180-04 Mitsubishi Electric MELSEC-F Series ICSMA-23-180-01 Medtronic Paceart Optima System ICSA-19-120-01 Rockwell Automation CompactLogix 5370 (Update A) ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update F) ICSA-22-333-05 Mitsubishi Electric FA Engineering Software (Update B) ICSA-23-171-02 Enphase Installer…

Read More