CyberSecurity Updates

19 Oct

Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe

Information

Video The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year 18 Oct 2024 As many as 97 out of the 138 vulnerabilities disclosed as actively exploited in the wild in 2023 were zero-days, according to a report from Mandiant. The rest of the software flaws under review were exploited as n-days; i.e., vulnerabilities first…

Read More
18 Oct

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

Data Breaches, Information, Insights

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI’s InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population. USDoD’s InfraGard sales thread…

Read More
17 Oct

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Information, Insights

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. The younger brother is facing charges that could land him life in prison for allegedly seeking to kill people with his attacks. Image: FBI Active since at least January…

Read More
17 Oct

Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

Attacks, Insights, Malware

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates:  Oracle Critical Patch Update Advisory – October 2024

Read More
17 Oct

Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

Information

Scams Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details Phil Muncaster 15 Oct 2024  •  , 5 min. read Many countries and regions across the world have been moving quickly on electric cars in recent years. Around 14 million new cars were registered in 2023 alone, a 35% annual increase which brings the worldwide total to over 40 million. But with new technology comes new…

Read More
17 Oct

Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)

Information

Video, Kids Online “Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online and even be the start of a predatory relationship 16 Oct 2024 “Hey, wanna chat?” What sounds like a casual and innocent phrase between adults can take a sinister turn when it comes from an adult to a child online – and even be the start of a predatory relationship.…

Read More
16 Oct

CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design initiative. This joint guidance supplies an overview of exceptionally risky product security bad practices for software manufacturers who produce software in support of critical infrastructure or national critical functions.  The bad practices presented in this guidance are organized into three categories: product properties, security features,…

Read More
16 Oct

CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force

Attacks, Insights, Malware

Today, CISA—with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and international partners—released joint Cybersecurity Advisory Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure. This advisory provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by Iranian actors to impact organizations across multiple critical infrastructure sectors. Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain…

Read More
16 Oct

Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships

Information

In a day and age where everything is digital, a data breach or cyberattack can cost any organization dearly, affecting it financially, operationally, legally and reputationally – to the point of possibly jeopardizing its very existence. What’s more, successful attacks on providers of critical services such as healthcare and energy supplies can cause large-scale disruptions, putting people’s lives at risk and leading to widespread chaos. Worryingly, the global demand for security professionals continues to outpace…

Read More
15 Oct

Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

Attacks, Insights, Malware

Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. This resource serves as the detailed foundation of SBOM, defining SBOM concepts and related terms and offering an updated baseline of how software components are to be represented. This…

Read More