What the National Cyber Strategy Implementation Plan means for critical infrastructure
The Department of Transportation has led the way in leveling-up security for the energy and transportation industries – and more critical infrastructure sectors will follow.
New AI phishing tool FraudGPT tied to same group behind WormGPT
Much like WormGPT, Netenrich researchers said this new set of phishing tools has also focused on business emails compromises (BEC).
Hacktivism: is it fashionable again or just a sly cover?
Reports of individuals and groups hacking for political reasons are everywhere, but experts tell SC Media that "true" hacktivism may be dead as we redefine the term to include a broader range of motivations.
Google Messages to feature MLS support for improved security
Google is set to adopt Message Layer Security protocol for its Messages app for Android in a bid to advance end-to-end encryption across different platforms, The Hacker News reports.
Nubeva’s ransomware encryption key capturing tech shows promise
Nubeva's ransomware encryption key capturing technology dubbed 'Nubeva Ransomware Reversal' yielded a 100% success rate in intercepting the encryption keys of the ALPHV/BlackCat, LockBit 3.0, Play, Cl0p, Ragnar Locker, Conti, Black Basta, and REvil ransomware strains launched on Windows...
Lacking CISO succession plans sparks concern
No succession plans for chief information security officers have been established by almost 41% of companies even though 75% of CISOs expressed being very or entirely open to transferring to another company over the next three years, CNBC reports.
Privilege escalation attacks possible with Atera Windows installer zero-days
Threat actors could leverage already patched zero-day flaws in Atera remote monitoring and management software installers for Windows to facilitate privilege escalation attacks, reports The Hacker News.
Actively exploited Ivanti Endpoint Manager Mobile zero-day addressed
Patches have been issued by Ivanti for a zero-day authentication bypass flaw in its Endpoint Manager Mobile device management software previously known as MobileIron Core, which has already been actively exploited by threat actors, BleepingComputer reports.
Third-party breach hits law firm Quinn Emanuel
Reuters reports that U.S. law firm Quinn Emanuel Urquhart & Sullivan had data from a limited number of clients potentially stolen following a ransomware attack against its third-party data center provider last year.
New Rapid7 solution offers hybrid environment risk scoring
SiliconANGLE reports that cybersecurity firm Rapid7 has recently introduced a new tool called Executive Risk View that provides streamlined risk scoring for on-premises, cloud, or hybrid IT environments.
Spectro Cloud launches Palette with government-grade security
Spectro Cloud has unveiled a new edition of its Palette Kubernetes lifecycle management platform, called Palette VerteX, which offers security features that meet the more stringent requirements imposed on government agencies and other public sector organizations, SiliconANGLE reports.
Fortinet expands next-generation firewall lineup
SDxCentral reports that two new next-generation firewalls have joined Fortinet's portfolio geared toward data centers.
Cyberattack claimed by ransomware gangs disclosed by Yamaha Canada Music
Cyberattack claimed by ransomware gangs disclosed by Yamaha Canada Music Yamaha Canada Music has confirmed having its data exfiltrated in a cyberattack following separate claims that it had been compromised by the BlackByte and Akira ransomware operations, according to...
Self-hosted VMware Tanzu Mission Control launches
VMware announced that a new edition of its Tanzu Mission Control offering can be deployed in an on-premises IT environment, according to Cloud Native Now.
Nasuri adds ransomware recovery tool to Microsoft SIEM
A partnership between Microsoft Sentinel and file data service firm Nasuri has led to the Microsoft Sentinel security information and event management platform receiving Nasuri's cloud-native File Data Platform, which provides ransomware recovery capabilities, VentureBeat reports.
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time.
"While this activity occurred around the same time and in some instances even simultaneously...
T-mobile exposes some customer data – but don’t call it a breach
PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...
Cisco Disrupts Observability & Cybersecurity Markets with Splunk Acquisition
Cisco's acquisition of Splunk benefits Cisco's ongoing b shift towards more software and subscription-based services, but will cause churn in the market,
