Author: nlqip
A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform! Dive into six things…
Read More
Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible. However, even though it released WhatsUp Gold 24.0.1, which addressed the issues last Friday and published an advisory on Tuesday, the company has yet to provide any details regarding these flaws. “The WhatsUp Gold…
Read More
The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware…
Read More
As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion”…
Read More
Microsoft has released the September 2024 preview cumulative update for Windows 11 23H2 and 22H2, with 13 improvements and fixes for multiple issues, including Edge and task manager freezes. KB5043145 is a monthly optional update designed to help Windows admins test bug fixes, new features, and improvements that will be rolled out to all customers…
Read More
Sep 27, 2024Ravie LakshmananGenAI / Cybercrime Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery…
Read More
Sep 27, 2024The Hacker NewsCybersecurity Certifications In today’s fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you’re a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you’re always…
Read More
The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through cybercrime. The…
Read More
Sep 27, 2024Ravie LakshmananContainer Security / Cloud Computing A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of…
Read More
Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26. Background The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a series of vulnerabilities in the Common UNIX Printing System (CUPS). We will update this blog…
Read More