CyberSecurity Updates

10 Sep

Bug Left Some Windows PCs Dangerously Unpatched

Information, Insights

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year. By far the most curious security weakness Microsoft disclosed today has the snappy name of CVE-2024-43491, which Microsoft…

Read More
10 Sep

Citrix Releases Security Updates for Citrix Workspace App for Windows

Attacks, Insights, Malware

Citrix released security updates to address multiple vulnerabilities in the Citrix Workspace App for Windows. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following and apply necessary updates:  Citrix Workspace app for Windows Security Bulletin for CVE-2024-7889 and CVE-2024-7890

Read More
10 Sep

Microsoft Releases September 2024 Security Updates

Attacks, Insights, Malware

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for September

Read More
10 Sep

Ivanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control

Attacks, Insights, Malware

Ivanti released security updates to address multiple vulnerabilities in Ivanti Endpoint Manager, Cloud Service Application 4.6, and Workspace Control. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary guidance and updates:  Ivanti Endpoint Manager Ivanti Cloud Service Application 4.6 Ivanti Workspace Control

Read More
10 Sep

Cisco Releases Security Updates for Cisco Smart Licensing Utility

Attacks, Insights, Malware

Cisco released security updates to address two vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in Cisco Smart Licensing Utility. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisory and apply the necessary updates:  Cisco Smart Licensing Utility Vulnerabilities

Read More
08 Sep

Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe

Information

Video The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams 06 Sep 2024 Consumers in the United States lost more than $114 million to scams involving Bitcoin ATMs (BTMs) last year, with the figure soaring ten-fold from 2020, according to data released by the US Federal Trade Commission (FTC) this week. As consumers lost $65 million…

Read More
07 Sep

ESET Research Podcast: HotPage

Information

ESET Research ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver ESET Research 05 Sep 2024  •  , 1 min. read Usually when someone mentions adware, people think of low-quality half-baked malicious code used to spam victims with sketchy ads. But as we explain in this episode of our podcast, not all adware is created equal. HotPage is a recently discovered trojan using a vulnerable, Microsoft-signed, kernel driver…

Read More
05 Sep

FBI, CISA, NSA, and US and International Partners Release Advisory on Russian Military Cyber Actors Targeting US and Global Critical Infrastructure

Attacks, Insights, Malware

Today, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs) associated with Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) cyber actors, both during and succeeding their…

Read More
05 Sep

The key considerations for cyber insurance: A pragmatic approach

Information

Business Security Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options Tony Anscombe 04 Sep 2024  •  , 3 min. read There must be a consideration of the ethical question of contributing to the payment of extortion demands of cybercriminals. Any company that is paying a cyber insurance premium, regardless of whether they suffer…

Read More
04 Sep

Learning, Sharing, and Exploring with NIST’s New Human-Centered Cybersecurity Community of Interest

Insights

Human-centered cybersecurity (also known as ‘usable security’) involves the social, organizational, and technological influences on people’s understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity (HCC) approach, we can both improve people’s cybersecurity experiences and achieve better cybersecurity outcomes, which is so important in today’s digitally interconnected world.  At NIST, we understand the value of making connections, listening, and interactivity. We also understand that researchers and practitioners want to hear directly from each…

Read More