Saturday, March 25, 2023

Critical flaw in WooCommerce can be used to compromise WordPress websites

WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers...

Cyberpion rebrands as Ionix, offering new EASM visibility improvements

SaaS-based external attack surface management (EASM) company Cyberpion has rebranded as Ionix, at the same time adding a clutch of new cybersecurity capabilities to its namesake offering.Designed to provide a “wider coverage and deeper focus” into its customers’ internet-facing...

Android-based banking Trojan Nexus now available as malware-as-a-service

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide.First observed in June 2022 as a variant...

UK parliament follows government by banning TikTok over cybersecurity concerns

The commissions of the House of Commons and House of Lords have followed the UK government by banning social media app TikTok over cybersecurity concerns. A parliament spokesman said that TikTok “will be blocked from all parliamentary devices and...

The CSO guide to top security conferences

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your...

Russian hacktivists deploy new AresLoader malware via decoy installers

Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside...

BrandPost: The latest intel on wipers

The mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks. Does the evidence corroborate the theory that the ongoing conflict in Europe is to blame for the rise in wipers? Indeed. Furthermore, given that Russia is the...

Security at the core of Intel’s new vPro platform

Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection into hardware. In combination with endpoint detection and response (EDR) platforms from Intel partners, the new vPro processors promise...

BrandPost: Fortinet 2023 Skills Gap Report: How organizations can fill the talent shortage

The ongoing cybersecurity talent shortage presents challenges for organizations everywhere. As critical roles remain vacant far too long, already overburdened IT and security teams are grappling with a long list of responsibilities to safeguard their corporate networks, and that’s...

Critical flaw in AI testing framework MLflow can lead to server and data compromise

MLflow, an open-source framework that's used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and...

New vulnerabilities found in industrial control systems of major vendors

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors.The vulnerabilities identified by CISA were tracked in products from...

How training and recognition can reduce cybersecurity stress and burnout

Cybersecurity is a demanding profession that comes with significant stress and burnout — it presents a complex problem for many businesses, with constantly evolving threats, ambiguous issues, and no clear-cut solutions. Security professionals bear a great deal of responsibility...

BrandPost: Why the phishing blame game misses the point

Phishing is a big problem that’s getting even bigger as cybercriminals find new ways to hook employees. With threats coming from every direction—emails on company computers, text, and voice messages on mobile devices and in personal communications channels, malicious typosquatting...

BrandPost: Deconstructing Identity Security

Most companies now recognize the serious and insidious nature of cybersecurity threats. But many fail to grasp that the digital transformation, remote work, automation, and cloud migration activities of the last few years have turbocharged the number of identities...

BrandPost: Identity Security: bridging the perception vs. reality gap

In recent years, cybersecurity has become a board-level issue resulting in several executives taking greater responsibility in cybersecurity-related decisions. As a result, the CISO is no longer a technical subject matter expert but an executive risk manager who shares...

Splunk adds new security and observability features

New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.

BrandPost: How to secure secrets in multi-cloud environments

It wasn’t too long ago that using a single cloud for some business operations was cutting-edge technology. Now the cloud is essential for accelerating growth, improving efficiency, and remaining competitive. Most organizations have multiple cloud environments deployed, in addition...

BrandPost: Why intelligent privilege controls are essential for identity security

Organizations are experiencing explosive growth in identities—both machine and human. In fact, machine identities now outnumber human identities 45:1. And in 2023, the total number of identities is expected to at least double. With new norms such as hybrid...

55 zero-day flaws exploited last year show the importance of security risk management

Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available -- the so-called n-day exploits. But...

Landmark UK-Israeli agreement to boost mutual cybersecurity development, tackle shared threats

The UK and Israeli governments have signed a landmark agreement to define bilateral relations between the two countries and boost mutual cybersecurity advancement until 2030. The 2030 Roadmap for Israel-UK Bilateral Relations is the culmination of efforts that began...
The Hacker News

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal...
The Hacker News

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on...
SecurityWeek

US Charges 20-Year-Old Head of Hacker Site BreachForums

The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers. The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.
SC Magazine

Dish customers struggle with service disruptions weeks after ransomware attack

Customers complain that they are still having payment issues and are not able to contact customer service weeks after Dish Network suffered a ransomware attack.
Security Affairs

CISA announced the Pre-Ransomware Notifications initiative

The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs. The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of...