Tag: SC Magazine
What the National Cyber Strategy Implementation Plan means for critical infrastructure
The Department of Transportation has led the way in leveling-up security for the energy and transportation industries – and more critical infrastructure sectors will follow.
New AI phishing tool FraudGPT tied to same group behind WormGPT
Much like WormGPT, Netenrich researchers said this new set of phishing tools has also focused on business emails compromises (BEC).
Hacktivism: is it fashionable again or just a sly cover?
Reports of individuals and groups hacking for political reasons are everywhere, but experts tell SC Media that "true" hacktivism may be dead as we redefine the term to include a broader range of motivations.
Google Messages to feature MLS support for improved security
Google is set to adopt Message Layer Security protocol for its Messages app for Android in a bid to advance end-to-end encryption across different platforms, The Hacker News reports.
Nubeva’s ransomware encryption key capturing tech shows promise
Nubeva's ransomware encryption key capturing technology dubbed 'Nubeva Ransomware Reversal' yielded a 100% success rate in intercepting the encryption keys of the ALPHV/BlackCat, LockBit 3.0, Play, Cl0p, Ragnar Locker, Conti, Black Basta, and REvil ransomware strains launched on Windows...
Lacking CISO succession plans sparks concern
No succession plans for chief information security officers have been established by almost 41% of companies even though 75% of CISOs expressed being very or entirely open to transferring to another company over the next three years, CNBC reports.
Privilege escalation attacks possible with Atera Windows installer zero-days
Threat actors could leverage already patched zero-day flaws in Atera remote monitoring and management software installers for Windows to facilitate privilege escalation attacks, reports The Hacker News.
Actively exploited Ivanti Endpoint Manager Mobile zero-day addressed
Patches have been issued by Ivanti for a zero-day authentication bypass flaw in its Endpoint Manager Mobile device management software previously known as MobileIron Core, which has already been actively exploited by threat actors, BleepingComputer reports.
Third-party breach hits law firm Quinn Emanuel
Reuters reports that U.S. law firm Quinn Emanuel Urquhart & Sullivan had data from a limited number of clients potentially stolen following a ransomware attack against its third-party data center provider last year.
New Rapid7 solution offers hybrid environment risk scoring
SiliconANGLE reports that cybersecurity firm Rapid7 has recently introduced a new tool called Executive Risk View that provides streamlined risk scoring for on-premises, cloud, or hybrid IT environments.
Spectro Cloud launches Palette with government-grade security
Spectro Cloud has unveiled a new edition of its Palette Kubernetes lifecycle management platform, called Palette VerteX, which offers security features that meet the more stringent requirements imposed on government agencies and other public sector organizations, SiliconANGLE reports.
Fortinet expands next-generation firewall lineup
SDxCentral reports that two new next-generation firewalls have joined Fortinet's portfolio geared toward data centers.
Cyberattack claimed by ransomware gangs disclosed by Yamaha Canada Music
Cyberattack claimed by ransomware gangs disclosed by Yamaha Canada Music Yamaha Canada Music has confirmed having its data exfiltrated in a cyberattack following separate claims that it had been compromised by the BlackByte and Akira ransomware operations, according to...
Self-hosted VMware Tanzu Mission Control launches
VMware announced that a new edition of its Tanzu Mission Control offering can be deployed in an on-premises IT environment, according to Cloud Native Now.
Nasuri adds ransomware recovery tool to Microsoft SIEM
A partnership between Microsoft Sentinel and file data service firm Nasuri has led to the Microsoft Sentinel security information and event management platform receiving Nasuri's cloud-native File Data Platform, which provides ransomware recovery capabilities, VentureBeat reports.
In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover
A critical vulnerability in the TeamCity CI/CD server could allow unauthenticated attackers to execute code and take over vulnerable servers.
The post In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover appeared first on SecurityWeek.
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks.
The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek.
BEC Scammer Pleads Guilty to Part in $6m Scheme
Nigerian was extradited to the US from Canada
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
