CyberSecurity Updates

24 Oct

CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes

Attacks, Insights, Malware

Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guide aids software manufacturers in establishing secure software deployment processes to help ensure software is reliable and safe for customers. Additionally, it offers guidance on how to deploy in an efficient manner as part of the software development lifecycle (SDLC). A well-designed software deployment process can help guarantee customers receive new features, security, and reliability…

Read More
24 Oct

Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software

Attacks, Insights, Malware

Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication to address vulnerabilities in Cisco ASA, FMC, and FTD. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review the following advisory and apply the necessary updates:   Cisco Event Response: October 2024 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Read More
23 Oct

Google Voice scams: What are they and how do I avoid them?

Information

Scams Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers Phil Muncaster 21 Oct 2024  •  , 5 min. read In our hyper-connected world, technology has transformed the way we communicate, enabling us to connect with anyone, anywhere, at the touch of a button. One of the most popular services to take advantage of the near ubiquity of high-speed internet coverage is Google…

Read More
23 Oct

The Global Surveillance Free-for-All in Mobile Ad Data

Information, Insights

Not long ago, the ability to digitally track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a dangerous power that should remain only within the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by…

Read More
22 Oct

IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption

Insights

The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report:  “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations…

Read More
19 Oct

Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe

Information

Video The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year 18 Oct 2024 As many as 97 out of the 138 vulnerabilities disclosed as actively exploited in the wild in 2023 were zero-days, according to a report from Mandiant. The rest of the software flaws under review were exploited as n-days; i.e., vulnerabilities first…

Read More
18 Oct

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

Data Breaches, Information, Insights

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI’s InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population. USDoD’s InfraGard sales thread…

Read More
17 Oct

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Information, Insights

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. The younger brother is facing charges that could land him life in prison for allegedly seeking to kill people with his attacks. Image: FBI Active since at least January…

Read More
17 Oct

Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

Attacks, Insights, Malware

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates:  Oracle Critical Patch Update Advisory – October 2024

Read More
17 Oct

Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

Information

Scams Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details Phil Muncaster 15 Oct 2024  •  , 5 min. read Many countries and regions across the world have been moving quickly on electric cars in recent years. Around 14 million new cars were registered in 2023 alone, a 35% annual increase which brings the worldwide total to over 40 million. But with new technology comes new…

Read More