Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity
Despite a focus on the future, there’s no indication of how well the cybersecurity basics needed to stay safe are being applied.
News & Updates
News & Updates
UK Cyber CTO: Vendors’ Security Failings Are Rampant
The NCSC’s Ollie Whitehouse criticizes security vendors for actively working against organizations in their fight against breaches and ransomware.
Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack
Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that paralyzed its services. The attack is linked
Cybersecurity Tools
The ultimate guide to the CCSP certification
EXECUTIVE SUMMARY: Become a stronger cloud security leader. The CCSP (Certified Cloud Security Professional) certification is perceived as the gold standard in cloud security. The CCSP cert is so highly valued that it has been ranked among the top preferred credentials for security experts. This certification shows that an individual has the knowledge required to […]
The post The ultimate guide to the CCSP certification appeared first on CyberTalk.
Security
Dubai’s largest taxi app exposes 220K+ users
The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the
Security
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware
North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked
Passkeys Unlocked: The Key to a Passwordless Future
Passkeys provide better authentication for end users than traditional passwords which they seek to replace. They are based upon public and private cryptography, are resilient to phishing and hacker password database theft (since the private keys aren’t stored on the server or website), and represent an easier mechanism to identify users into online systems.
Cybersecurity Tools
A Note on progress…NIST’s Digital Identity Guidelines.
In August 2023 the Digital Identity Guidelines team hosted a two-day workshop to provide a public update on the status of revision 4. As part of that session, we committed to providing further information on the status of each volume going forward. In fulfillment of this commitment, we wanted to offer a quick update on where we stand. Our goal remains to have the next version of each volume out by the Spring of 2024. With our gratitude for the robust and substantive engagement we received during the comment period, at this time we would like to announce that all four volumes of Special
Operation Blacksmith Detection: Lazarus APT Uses a CVE-2021-44228 Exploit to Deploy New DLang-Based Malware Strains
Adversaries set their eyes on a notorious security flaw in Log4j Java Library tracked as CVE-2021-44228, aka Log4Shell, even a couple of years after its disclosure. A new campaign dubbed “Operation Blacksmith” involves the exploitation of the Log4Shell vulnerability to deploy new malicious strains written in DLang, including novel RATs. The North Korean APT Lazarus […]
The post Operation Blacksmith Detection: Lazarus APT Uses a CVE-2021-44228 Exploit to Deploy New DLang-Based Malware Strains appeared first on SOC Prime.
Security
Black Hat Europe 2023: Should we regulate AI?
ChatGPT would probably say “Definitely not!”, but will we learn any lessons from the rush to regulate IoT in the