Trending Now
LATEST
ISC StormCast for Wednesday, November 30th, 2022
LinkedIn Bots https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282 Oracle Fusion Middle Ware Exploited CVE-2021-35587 https://www.cisa.gov/known-exploited-vulnerabilities-catalog
SN 899: Freebie Bots & Evil Cameras – iSpoofer no more, Boa server vulnerability, CISA on Mastodon
Picture of the Week.
iSpoof you no more.
Here come the Freebie Bots!
Anatomy of the real-time Cryptocurrency heist.
Lookin' for something to do?
Boa server vulnerability.
The dilemma of closed-source Chinese networking products.
The Cyber Defense Index....
Gartner: How to Respond to the 2022 Cyberthreat Landscape
A new Gartner® report, How to Respond to the 2022 Cyberthreat Landscape, focuses on the new threats organizations will face as they prepare for the future of work and accelerate digital transformations. Gartner’s advice will help security and risk...
Gartner MQ WAAP 2022
Research shows that web applications and API attacks continued to explode in the first half of 2022. Does your organization have the best defense today? Akamai recommends deploying a holistic web application and API protection (WAAP) solution. The right...
How Akamai Helps to Mitigate the OWASP API Security Top 10 Vulnerabilities
Experts warn that API attacks will soon become the most common type of web application attack. As a result, organizations and their security vendors need to align across people, processes, and technologies to institute the right protections. The Open...
What is Account Takeover and How to Prevent It in 2022
An account takeover (ATO), in which criminals impersonate legitimate account owners to take control of an account, are on the rise in Asia and across the world. Fraudsters are swindling money and digital assets from consumers across industries, with...
The OWASP Top 10 – How Akamai Helps
OWASP publishes a list of the 10 most common vulnerabilities in web applications. This white paper details how Akamai can help mitigate these threat vectors.
The post The OWASP Top 10 – How Akamai Helps appeared first on TechRepublic.
Risky Business #687 — Shady deeds in sunny places: Ransomware smashes Vanuatu, Guadeloupe
On this week’s show Patrick Gray and Adam Boileau discuss the...
OpenAI upgrades GPT-3, stunning with rhyming poetry and lyrics
Enlarge / An AI-generated image inspired by Leonardo da Vinci. (credit: Ars Technica)
On Monday, OpenAI announced a new model in the GPT-3 family of AI-powered large language models, text-davinci-003,...
Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access
Cyble observed Initial Access Brokers (IABs) offering access to enterprise networks compromised via a critical flaw in Fortinet products.
Researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical flaw,...
How secure a Twitter replacement is Mastodon? Let us count the ways
Enlarge (credit: Getty Images)
As Elon Musk critics flee from Twitter, Mastodon seems to be the most common replacement. In the last month, the number of monthly active users on...
BSW #286 – Todd Fitzgerald
Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they...
Microsoft Defender Gets New Security Protections
The new Microsoft Defender for Endpoint capabilities include built-in protection and scanning network traffic for malicious activity.
How to Use Cyber Deception to Counter an Evolving and Advanced Threat Landscape
Organizations must be prepared to root out bad actors by any means possible, even if it means setting traps and stringing lures.
Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw
The vulnerability, disclosed In October, gives an unauthenticated attacker a way to take control of an affected product.
DDoS as a holiday-season threat to e-commerce. TikTok challenge spreads malware. Meta's GDPR fine. US Cyber Command describes support for Ukraine's cyber defense.
DDoS as a holiday-season threat to e-commerce. A TikTok challenge spreads malware. Meta's GDPR fine. Mr. Security Answer Person John Pescatore has thoughts on phishing resistant MFA. Joe Carrigan describes Intel’s...
Criminals use trending TikTok challenge to make data-stealing malware invisible
PSA: Don't download unknown apps even if they promise naked people Malware-slinging miscreants are taking advantage of a trending TikTok challenge — and viewers' dirty minds — to spread data-stealing malware via a phony app that's had more than...
Oracle Fusion Middleware Flaw Flagged by CISA
The bug could allow unauthorized access and takeover, earning it a spot on the Known Exploited Vulnerabilities Catalog.
The Metaverse Could Become a Top Avenue for Cyberattacks in 2023
Expect to see attackers expand their use of current consumer-targeting tactics while exploring new ways to target Internet users — with implications for businesses.
ASW #221 – Kenn White
Crossing tenants with AWS AppSync, more zeros in C++ to defeat vulns, HTTP/3 connection contamination, Thinkst Quarterly review of research, building a research team MongoDB recently announced the industry’s first encrypted search scheme using breakthrough cryptography engineering called...
A Ride on the Wild Side with Hacking Heavyweight Sick Codes
Beverage of Choice: Krating Daeng (Thai Red Bull) Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies (Present & Past): Motorcycling & Australian Football Bucket...
Killnet Gloats About DDoS Attacks Downing Starlink, White House
Elon Musk-owned Starlink, WhiteHouse.gov, and the Prince of Wales were targeted by Killnet in apparent retaliation for its support of Ukraine.
Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild: CISA
The bug allows unauthenticated attackers with network access to compromise Oracle Access Manager
Used thin client PCs are an unsexy, readily available Raspberry Pi alternative
Enlarge / This ThinkCentre M90n-1 Nano from 2019, passively cooled with a big heatsink, was $145 when the author last looked on eBay. It's not a Raspberry Pi, and it looks...
Why the Culture Shift on Privacy and Security Means Today's Data Looks Different
A lack of federal regulatory legislation leaves US privacy concerns to battle for attention with other business priorities.
LEADERS
Charles V of Spain Secret Code Cracked
Diplomatic code cracked after 500 years:
In painstaking work backed by computers, Pierrot found “distinct families” of about 120 symbols used by Charles V. “Whole words are encrypted with a single symbol” and the emperor replaced vowels coming after consonants...
U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based...
Computer Repair Technicians Are Stealing Your Data
Laptop technicians routinely violate the privacy of the people whose computers they repair:
Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six...
Weekly Update 323
Presently sponsored by: Kolide is an endpoint security solution for teams that want to meet SOC2 compliance goals without sacrificing privacy. Learn more here.Finally, after nearly 3 long years, I'm back in Norway! We're here at last, leaving our...
Operation Elaborate – UK police text 70,000 people thought to have fallen victim to iSpoof bank fraudsters
UK police are texting 70,000 people who they believe have fallen victim to a worldwide scam that saw fraudsters steal at least £50 million from bank accounts.
Read more in my article on the Tripwire State of Security blog.
