CISA released four Industrial Control Systems (ICS) advisories on July 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read MoreCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing…
Read More
Kristen Bride’s 16-year-old son died by suicide after being cyberbullied on Snapchat. Setting her sites on anonymous messaging apps that intentionally traumatize children, Bride heads to Washington DC to fight for change. While the Snapchat messaging apps that Kristin’s son Carson used are no longer available, a new one called NGL actually markets a service…
Read More
It has been revealed that earlier this month a website which offered a DDoS-for-hire service was taken offline by law enforcement, but only after they collected data about its criminal customers. Anyone visiting DigitalStress’s website today will no longer be greeted with messages bragging about its ability to “stress-test networks for ease” for as little…
Read More
British police have arrested a 17-year-old boy believed to be linked to a cybercriminal gang that launched devastating ransomware attacks last year on MGM Resorts and other companies. Last September, hotel and casino giant MGM Resorts was hit by a cyber attack which resulted left guests queuing for hours to check in to hotels, residents…
Read More
CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. Since Friday, when the buggy CrowdStrike Falcon update caused global IT outages, threat actors have quickly begun to capitalize on the news to deliver malware through fake fixes. A new campaign conducted through phishing emails…
Read More
Researchers have linked a previously unattributed Mac backdoor and a new Windows Trojan to a Chinese APT group known as Daggerfly that has been around for over a decade and targets organizations and individuals around the world. The group appears to be using the same modular malware development framework to create threats for Windows, Linux,…
Read More
For those who have machines back up and recovered post-CrowdStrike, there are certain items you should review. First is consider reissuing Bitlocker recovery keys. If you handed out the recovery key manually, consider reissuing and rotating keys. If you are considering changes to your infrastructure, rather than ripping out your technology and replacing it with…
Read More
In a surprising turn of events, Israeli cybersecurity startup Wiz has decided to end its acquisition talks with Google-parent Alphabet, which would have resulted in a $23 billion deal, the largest ever for Google. This decision was communicated through an internal memo from Wiz CEO Assaf Rappaport, who emphasized the company’s renewed focus on pursuing…
Read More
According to the latest reports, the average cost of a data breach rose to 4.45 million USD which is a 15% over the previous three years[1] indicating that potential risks from cyber threats to organizations is only going to rise and business leaders are looking to security teams to make the right choices to reduce…
Read More