News & Updates

UK NCSC, ICO debunk 6 cyberattack reporting myths

/

The UK National Cyber Security Centre (NCSC) and the UK’s data protection regulator the Information Commissioner’s Office (ICO) have published a rare joint article dispelling several myths about cyberattack reporting to tackle the problem of unreported data breaches. The pair argued that, while businesses may be tempted to hide data breaches to avoid negative scrutiny, cybercriminals enjoy greater success when attacks are not reported.

In contrast, greater transparency and open discussion around cyberattacks is a positive for everyone, giving victims access to support and advice, sharing lessons learned to help improve awareness and cyber resilience, and breaking the cycle of crime to prevent others from falling victim. It’s also likely to be viewed more favourably by data protection regulators.

To read this article in full, please click here

News & Updates

Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign

/
Government, aviation, education, and telecom sectors located in South and Southeast Asia have come under the radar of a new hacking group as part of a highly-targeted campaign that commenced in mid-2022 and continued into the first quarter of 2023.
Symantec, by Broadcom Software, is tracking the activity under its insect-themed moniker Lancefly, with the attacks making use of a “powerful”
News & Updates

New ‘MichaelKors’ Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems

/
A new ransomware-as-service (RaaS) operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023.
The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in a report shared with The Hacker News.
“This trend is especially noteworthy given the fact that ESXi
Cybersecurity Tools

The 8 CISSP domains explained

/

The CISSP® (Certified Information Systems Security Professional) qualification is one of the most respected certifications in the information security industry, demonstrating an advanced knowledge of cyber security. We recently discussed the benefits of becoming a CISSP. Now, we turn our attention to the structure of the qualification itself and the domains within it. (ISC)2, which developed and maintains the CISSP qualification, updated the structure of the certificate in 2015, moving from ten domains to eight. We’ll begin by listing the eight domains, and then go on to explain each one in more detail. What are the 8 CISSP domains? CISSP is broken into 8 domains

The post The 8 CISSP domains explained appeared first on IT Governance UK Blog.

Cybersecurity Tools

Third-Party Patch Management: A Comprehensive Guide

/

In today’s digital age, software vulnerabilities are on the rise, and cyber threats are becoming more sophisticated. As a result, businesses must be proactive in their approach to cybersecurity to minimize the risk of a data breach. One way to achieve this is through patch management, and today we’ll be talking about patching third-party applications. […]

The post Third-Party Patch Management: A Comprehensive Guide appeared first on Heimdal Security Blog.

News & Updates

Critical WordPress Plugin Vulnerability Unleashed; Exploits Already Underway

/
Website security and monitoring platform Patchstack has recently disclosed a
significant vulnerability in Advanced Custom Fields, a popular WordPress plugin.
The flaw was made public on May 5 and came equipped with a Proof of Concept
(PoC) exploit, highlighting the severity of the issue.

The vulnerability, tracked as CVE-2023-30777
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30777], is a critical
reflected cross-site scripting (XSS) flaw that lets unauthenticated attackers
steal se

News & Updates

CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware

/
Poorly managed Microsoft SQL (MS SQL) servers are the target of a new campaign that’s designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware.
“Similar to web shell, which can be installed on web servers, SqlShell is a malware strain that supports various features after being installed on an MS SQL server,
News & Updates

Former ByteDance executive alleges TikTok of wrongful conduct

/

A former ByteDance executive revealed that the China government has access to TikTok data, including data stored in the United. Yintao Yu, the head of engineering for ByteDance’s U.S. operations from August 2017 to November 2018, revealed that the Chinese government has access to all TikTok data, including information stored in the United. He explained […]

The post Former ByteDance executive alleges TikTok of wrongful conduct appeared first on Security Affairs.

Scroll to Top