Month: May 2024
Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. “The impacts enabled by these flaws are manifold: from the implant of ransomware on the ultrasound machine to the…
Read MoreCyber resilience is becoming increasingly complex to achieve with the changing nature of computing. Appropriate for this year’s conference theme, organizations are exploring “the art of the possible”, ushering in an era of dynamic computing as they explore new technologies. Simultaneously, as innovation expands and computing becomes more dynamic, more threats become possible – thus,…
Read MoreTo meet the requirements, most public companies take proactive measures to ensure they have systems in place to assess, evaluate, and respond to incidents. “Unfortunately, in many cases, these processes are established outside of the operational resilience framework, and as a result, they are not integrated with the company’s crisis management program,” says Nolan, who…
Read MoreESET researchers discovered two previously unknown backdoors – which we named LunarWeb and LunarMail – compromising a European ministry of foreign affairs (MFA) and its diplomatic missions abroad. We believe that the Lunar toolset has been used since at least 2020 and, given the similarities between the tools’ tactics, techniques, and procedures (TTPs) and past…
Read MoreMay 16, 2024NewsroomBrowser Security / Vulnerability Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It…
Read MoreMay 16, 2024NewsroomRansomware / Incident Response The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. “Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware,” the company said in a…
Read MoreThe companies say they will ‘facilitate the migration’ of QRadar SaaS customers to Palo Alto Networks’ Cortex XSIAM platform once the deal closes. Palo Alto Networks said Wednesday that it has reached a deal to acquire IBM’s QRadar software-as-a-service assets, as part of the cybersecurity giant’s drive to bring more customers onto its Cortex XSIAM…
Read More“We will deliver innovation at an unprecedented pace and scale to organizations around the globe,” Cisco CEO Chuck Robbins said on Wednesday’s earnings call. Cisco Systems CEO Chuck Robbins plans to leverage “Cisco’s robust partner and customer ecosystem in markets where Splunk had limited or no presence” to grow the business of his new security…
Read MoreWith the Series E financing round the company achieves “unicorn” status with a $1.6 billion valuation as data-intensive AI and generative AI applications boost demand for the company’s software. Data management platform developer WekaIO has raised $140 million in an oversubscribed Series E round of funding that boosts the company’s valuation to $1.6 billion, the…
Read MoreApply appropriate updates provided by Google to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.4: Perform…
Read More