Monday, September 25, 2023
SC Magazine

What the National Cyber Strategy Implementation Plan means for critical infrastructure

The Department of Transportation has led the way in leveling-up security for the energy and transportation industries – and more critical infrastructure sectors will follow.
SC Magazine

New AI phishing tool FraudGPT tied to same group behind WormGPT

Much like WormGPT, Netenrich researchers said this new set of phishing tools has also focused on business emails compromises (BEC).
SC Magazine

Hacktivism: is it fashionable again or just a sly cover?

Reports of individuals and groups hacking for political reasons are everywhere, but experts tell SC Media that "true" hacktivism may be dead as we redefine the term to include a broader range of motivations.
SC Magazine

Google Messages to feature MLS support for improved security

Google is set to adopt Message Layer Security protocol for its Messages app for Android in a bid to advance end-to-end encryption across different platforms, The Hacker News reports.
SC Magazine

Nubeva’s ransomware encryption key capturing tech shows promise

Nubeva's ransomware encryption key capturing technology dubbed 'Nubeva Ransomware Reversal' yielded a 100% success rate in intercepting the encryption keys of the ALPHV/BlackCat, LockBit 3.0, Play, Cl0p, Ragnar Locker, Conti, Black Basta, and REvil ransomware strains launched on Windows...
SC Magazine

Lacking CISO succession plans sparks concern

No succession plans for chief information security officers have been established by almost 41% of companies even though 75% of CISOs expressed being very or entirely open to transferring to another company over the next three years, CNBC reports.
SC Magazine

Privilege escalation attacks possible with Atera Windows installer zero-days

Threat actors could leverage already patched zero-day flaws in Atera remote monitoring and management software installers for Windows to facilitate privilege escalation attacks, reports The Hacker News.
SC Magazine

Actively exploited Ivanti Endpoint Manager Mobile zero-day addressed

Patches have been issued by Ivanti for a zero-day authentication bypass flaw in its Endpoint Manager Mobile device management software previously known as MobileIron Core, which has already been actively exploited by threat actors, BleepingComputer reports.
SC Magazine

Third-party breach hits law firm Quinn Emanuel

Reuters reports that U.S. law firm Quinn Emanuel Urquhart & Sullivan had data from a limited number of clients potentially stolen following a ransomware attack against its third-party data center provider last year.
SC Magazine

New Rapid7 solution offers hybrid environment risk scoring

SiliconANGLE reports that cybersecurity firm Rapid7 has recently introduced a new tool called Executive Risk View that provides streamlined risk scoring for on-premises, cloud, or hybrid IT environments.
SC Magazine

Spectro Cloud launches Palette with government-grade security

Spectro Cloud has unveiled a new edition of its Palette Kubernetes lifecycle management platform, called Palette VerteX, which offers security features that meet the more stringent requirements imposed on government agencies and other public sector organizations, SiliconANGLE reports.
SC Magazine

Fortinet expands next-generation firewall lineup

SDxCentral reports that two new next-generation firewalls have joined Fortinet's portfolio geared toward data centers.
SC Magazine

Cyberattack claimed by ransomware gangs disclosed by Yamaha Canada Music

Cyberattack claimed by ransomware gangs disclosed by Yamaha Canada Music Yamaha Canada Music has confirmed having its data exfiltrated in a cyberattack following separate claims that it had been compromised by the BlackByte and Akira ransomware operations, according to...
SC Magazine

Self-hosted VMware Tanzu Mission Control launches

VMware announced that a new edition of its Tanzu Mission Control offering can be deployed in an on-premises IT environment, according to Cloud Native Now.
SC Magazine

Nasuri adds ransomware recovery tool to Microsoft SIEM

A partnership between Microsoft Sentinel and file data service firm Nasuri has led to the Microsoft Sentinel security information and event management platform receiving Nasuri's cloud-native File Data Platform, which provides ransomware recovery capabilities, VentureBeat reports.
Infosecurity Magazine

Almost US 900 Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident

Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
The Hacker News

New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously...
The Register

T-mobile exposes some customer data – but don’t call it a breach

PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief  T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...

Cisco Disrupts Observability & Cybersecurity Markets with Splunk Acquisition

Cisco's acquisition of Splunk benefits Cisco's ongoing b shift towards more software and subscription-based services, but will cause churn in the market,