Month: May 2024
Video More than 40,000 security experts descended on San Francisco this week. Let’s now look back on some of the event’s highlights – including the CISA-led ‘Secure by Design’ pledge also signed by ESET. 10 May 2024 That’s a wrap on this year’s RSA Conference! More than 40,000 security professionals descended on San Francisco this…
Read More
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. On February 19, Operation Cronos took down LockBit’s infrastructure and converted its data leak site into…
Read More
Some of the biggest names in the tech industry signed onto a public pledge, backed by the US Cybersecurity and Infrastructure Security Agency, promising to implement important software security measures in their products. The CISA “Secure By Design” pledge outlines seven areas in which signatories are expected to make significant improvements. Multifactor authentication should be…
Read MoreFriday Squid Blogging: Squid Mating Strategies Some squids are “consorts,” others are “sneakers.” The species is healthiest when individuals have different strategies randomly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Tags: squid Posted on…
Read More
Between RMM, PSA and AI-generated tools, here are the 10 coolest MSP tools. As more and more solutions and offerings come to market, there’s still a big focus on cybersecurity. This year, with the explosion of GenAI and AI tools, MSPs are looking to add to products that make their teams more efficient in doing…
Read More
Spyware vendors are responsible for most exploits In a March report, researchers from Google’s Threat Analysis Group (TAG) and Mandiant, a Google subsidiary, counted 97 zero-day exploits being used in attacks during 2023. Commercial surveillance vendors that sell spyware to government customers were responsible for over 60% of the 37 exploits impacting browsers and mobile…
Read MoreToday, CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) #StopRansomware: Black Basta to provide cybersecurity defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) used by known Black Basta…
Read MoreSUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to…
Read More
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. Yesterday, BleepingComputer reported that Dell had begun to send notifications warning customers that their personal data was stolen in a data breach. This data breach contained customer order data, including warranty information,…
Read More
Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. A set of eight separate issues, seven of them with identifiers CVE-2023-47610 through CVE-2023-47616 and another that has yet to be registered, were disclosed last November by security researchers…
Read More