November 14, 2022

Phosphorus and Redapt join forces to deliver xIoT security to US enterprises

The new Phosphorus and Redapt partnership will see the two companies jointly delivering a new generation of xIoT security solutions in the US to meet growing enterprise demand for xIoT attack surface management and remediation capabilities. “Enterprises face a growing risk of cyber attacks because of vulnerable IoT and OT endpoints which traditional security companies …

Phosphorus and Redapt join forces to deliver xIoT security to US enterprises Read More »

The Medibank Data Breach – Steps You Can Take to Protect Yourself

Hackers have posted another batch of stolen health records on the dark web—following a breach that could potentially affect nearly 8 million Australian Medibank customers, along with nearly 2 million more international customers.  The records were stolen in October’s reported breach at Medibank, one of Australia’s largest private health insurance providers. Given Australia’s population of …

The Medibank Data Breach – Steps You Can Take to Protect Yourself Read More »

Immersive Labs helps UK Ministry of Defence identify qualified candidates to fill vital cybersecurity roles

Immersive Labs announced that the UK Ministry of Defence (MOD) has deployed Immersive Labs Cyber Pro, Crisis Sim, and AppSec solutions to upskill individuals and teams across its organization to confront the latest cyber threats, prove cyber readiness, and identify cybersecurity talent to fill open roles. The integration supports the MOD’s new Digital Skills for …

Immersive Labs helps UK Ministry of Defence identify qualified candidates to fill vital cybersecurity roles Read More »

Skyworks collaborates with MediaTek to offer end-to-end 5G automotive solutions

Skyworks announced that the company has engaged with MediaTek to offer a complete modem-to-antenna automotive-grade 5G solution. This 5G New Radio Sky5A RF front-end solution will accelerate the deployment of this protocol across an array of automotive OEM and consumer service offerings. “The rollout of 5G is reshaping the automotive market with a variety of …

Skyworks collaborates with MediaTek to offer end-to-end 5G automotive solutions Read More »

State of Phishing Report Reveals More Than 255 Million Attacks in 2022

SlashNext analyzed billions of link-based URLs, attachments, and natural language messages in email, mobile and browser channels over six months in 2022 and found more than 255 million attacks – a 61% increase in the rate of phishing attacks compared to 2021. The latest State of Phishing Report findings highlights that some security strategies are …

State of Phishing Report Reveals More Than 255 Million Attacks in 2022 Read More »

Threat and vulnerability management – No time for complacency

There was some very good news in Coalfire’s 4th Annual Penetration Risk Report. Most notable was that high-risk vulnerabilities have been cut almost in half since 2018 when we first began reporting our pen testing research derived from thousands of direct client engagements. Also of note, the large cloud service providers have successfully reduced their …

Threat and vulnerability management – No time for complacency Read More »

Forecast and Recommendations: 2022 Elastic Global Threat Report

Today, we released our first-ever Global Threat Report at Elastic. Now, customers, partners, and the security community at large will be able to identify many of the focus areas our team has had over the past 12 months. In addition to a technical perspective, this report also brings along a series of strategic recommendations for …

Forecast and Recommendations: 2022 Elastic Global Threat Report Read More »

Elastic’s 2022 Global Threat Report: A roadmap for navigating today’s growing threatscape

Staying up-to-date on the current state of security and understanding the implications of today’s growing threat landscape is critical to my role as CISO at Elastic. Part of this includes closely following the latest security threat reports, highlighting trends, and offering valuable insights into methods bad actors use to compromise environments. Threat intelligence resources like …

Elastic’s 2022 Global Threat Report: A roadmap for navigating today’s growing threatscape Read More »

Protect PC Fleets with Hardware-Enabled…

Devices must remain secure, regardless of where they are being used in today’s work-from-anywhere business model. Software-based security alone is not enough to defend data and IT infrastructure against increasingly sophisticated threats. Hackers can bypass software-based security to exploit vulnerabilities at a lower layer, meaning at the firmware, BIOS, OS, or hypervisor level. This rapid …

Protect PC Fleets with Hardware-Enabled… Read More »

KmsdBot, new botnet infects systems via an SSH & targets the gaming industry, technology industry, and luxury car manufacturers

A brand-new piece of malware dubbed KmsdBot infected Akamai Security Research’s honeypot. Systems are infected by the botnet using a weak login SSH connection. The gaming, IT, and luxury vehicle industries are just a few of the industries that the malware targets. The Internet is covered with a vast network of honeypots operated by the …

KmsdBot, new botnet infects systems via an SSH & targets the gaming industry, technology industry, and luxury car manufacturers Read More »

‘Unauthorized Transactions’ Lead to Missing Funds at FTX

Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime Hundreds of Millions in Cryptocurrency Drained From Bankrupt Trading Platform Rashmi Ramesh (rashmiramesh_) • November 14, 2022     Image: Shutterstock Bankrupt cryptocurrency exchange platform FTX says unsanctioned actors made off with customers’ digital assets, initiating a scramble to cut off digital wallets from …

‘Unauthorized Transactions’ Lead to Missing Funds at FTX Read More »

Anesthesiology Services Firm Faces 5 Class Action Lawsuits

Breach Notification , HIPAA/HITECH , Legislation & Litigation At Least 24 Medical Practices, 450,000 Patients Affected By Breach So Far Marianne Kolbasuk McGee (HealthInfoSec) • November 14, 2022     Somnia Inc., a vendor to anesthesiology practices, is facing at least five class action lawsuits linked to a July hack. Proposed class action lawsuits are …

Anesthesiology Services Firm Faces 5 Class Action Lawsuits Read More »

Jerry Bessette joins Surefire Cyber as COO

Surefire Cyber announced the appointment of Jerry Bessette as Chief Operating Officer (COO). As COO Jerry will accelerate execution of the company’s strategy by driving growth of its incident preparation services, deepening its experienced team of response experts, and leading efforts to help clients increase their resiliency after an incident. Jerry joins Surefire Cyber from …

Jerry Bessette joins Surefire Cyber as COO Read More »

Critical Local Privilege Escalation Vulnerability in Linux kernel. Patch immediately

The local privilege escalation vulnerability in the Linux Kernel was reported by Redhat, and its CVE code is 2022-3977. The problem is that the most recent Linux kernel upstream contains a use-after-free vulnerability called mctp sk unhash that may be exploited to elevate privileges to root. When a program tries to utilize memory that has …

Critical Local Privilege Escalation Vulnerability in Linux kernel. Patch immediately Read More »

Facebook’s $90M Privacy Deal Gets Final Nod Over Objections

By Allison Grande (November 14, 2022, 11:02 PM EST) — A California federal judge has finalized a $90 million settlement, which includes $26.1 million for attorney fees, to end long-running litigation accusing Facebook of unlawfully tracking logged-out users’ browsing activity, rejecting arguments that the payout to class members could have been much higher…. Read more

microSD and SD Card Buying Guide

If it’s been a while since you’ve bought portable flash memory, you might be surprised by the broad availability and affordability of high-speed and large capacity microSD and SD cards. In this guide, we break down what all the different codes and ratings mean, and offer the best choices for…Read more

Swimlane Introduces Low-Code, Automation Approach to OT Security

Security teams are tasked with the challenge of processing large amounts of operational technology (OT) and IT security telemetry. To make this easier, Swimlane announced a low-code security automation platform to create a centralized system of record and control point. The platform integrates with other OT security providers, including Nozomi Networks, Dataminr and 1898 & …

Swimlane Introduces Low-Code, Automation Approach to OT Security Read More »

Uber Cybersecurity Incident: Which Logs Do IR Teams Need to Focus On?

Originally published by Mitiga. Written by Or Aspir, Mitiga. On September the 16th, Uber announced they experienced a major breach in their organization in which malicious actor was able to log in and take over multiple services and internal tools used at Uber. In this incident, the attacker announced its actions to the public, sharing …

Uber Cybersecurity Incident: Which Logs Do IR Teams Need to Focus On? Read More »

CFTC Dropped Ball On FTX Regulation, Watchdog Group Says

By Jessica Corso (November 14, 2022, 10:57 PM EST) — Nonprofit market watchdog Better Markets accused the U.S. Commodity Futures Trading Commission of lying down on the job of regulating FTX’s derivatives arm, which on Monday pulled its application to create an organization that would allow it to clear crypto futures and options on margin. … …

CFTC Dropped Ball On FTX Regulation, Watchdog Group Says Read More »

6 Chatbot Security Measures to Implement

Most people are familiar with chatbots. They are an artificial intelligence technology that site visitors can use to ask questions and find solutions. Chatbots have provided several advantages to online businesses. Customer support representatives use them to handle simple customer inquiries while they can focus on more complex customer issues. They also decrease sales cycles …

6 Chatbot Security Measures to Implement Read More »

Google Reaches $391.5 Million Settlement With States Over Location Tracking Practices

Some advocates said the $391.5 million settlement, which included the monetary payment as well as new transparency requirements and limits on use of location data, didn’t go far enough. Google parent Alphabet reported revenue of $69.1 billion in its most recent quarter. “It’s a big number, but not nearly as big as you’d hope for” considering the …

Google Reaches $391.5 Million Settlement With States Over Location Tracking Practices Read More »

GitHub sets up private vulnerability reports for public repos to avoid ‘naming and shaming’

GitHub is offering a scheme for security researchers to privately report vulnerabilities found in public repositories. Being able to privately report code flaws is important to researchers who are often left with choices that can lead to more security problems, GitHub said in a blog post. “Security researchers often feel responsible for alerting users to …

GitHub sets up private vulnerability reports for public repos to avoid ‘naming and shaming’ Read More »