Google Tackles Open Source Security With New Dependency Service
With deps.dev API and Assured OSS, Google is addressing the common challenges software developers face in securing the software supply chain.
News & Updates
News & Updates
Microsoft patches vulnerability used in Nokoyawa ransomware attacks
Microsoft has released a patch for a Windows zero day vulnerability that has been exploited by cybercriminals in ransomware attacks. The vulnerability identified as CVE-2023-28252 is a privilege escalation flaw affecting the Windows Common Log File System (CLFS) driver.
CLFS is a general purpose logging service that can be used by dedicated client applications and that multiple clients can share to optimize log access. The vulnerability allows an attacker to elevate privileges to the system in low-complexity attacks without any user interaction. Microsoft has credited Kaspersky Labs’ Boris Larin, Mandiant’s Genwei Jiang, and DBAPPSecurity WeBin Lab’s Quan Jin for reporting the vulnerability.
News & Updates
US Seeks to Enforce Stricter Safety Testing of AI Tools
The US government has unveiled plans to implement more rigorous safety measures
for testing artificial intelligence (AI) tools such as ChatGPT before they’re
released for public access.
for testing artificial intelligence (AI) tools such as ChatGPT before they’re
released for public access.
Reportedly, the White House still needs to decide the extent and manner of
government involvement, if any. However, addressing risks and consumer concerns
seems to be a key motivator of this decision.
On Tuesday, the Commerce Department disclosed its intention to allocate the next
60 days to analyze the possibi
Watch Live as JUICE Embarks on Its Historic Mission to Jupiter’s Icy Moons [Updated]
A highly-anticipated mission to Jupiter and its intriguing moons is gearing up for liftoff, ready to begin an eight-year journey through the solar system to reach icy worlds that may host some form of life.
Twitter Partners with eToro to Let Users Buy and Sell Stocks, Crypto
Elon Musk’s Twitter, which the billionaire said this week is now being run by his dog, has closed a partnership deal with the online investing platform eToro, proving that the company might not be as radioactive as some people might think.
Security
Bypassing a Theft Threat Model
Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the
News & Updates
New Python-Based “Legion” Hacking Tool Emerges on Telegram
An emerging Python-based credential harvester and a hacking tool named Legion are being marketed via Telegram as a way for threat actors to break into various online services for further exploitation.
Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct remote code execution (RCE) attacks, exploit unpatched versions of Apache, and brute-force cPanel and
Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct remote code execution (RCE) attacks, exploit unpatched versions of Apache, and brute-force cPanel and
News & Updates
Fortinet fixed a critical vulnerability in its Data Analytics product
Fortinet addressed a critical vulnerability that can lead to remote, unauthenticated access to Redis and MongoDB instances. Fortinet has addressed a critical vulnerability, tracked as CVE-2022-41331 (CVSS score of 9.3), in its Fortinet FortiPresence data analytics solution. FortiPresence is a comprehensive data analytics solution designed for analyzing user traffic and deriving usage patterns. Successful exploitation can […]
The post Fortinet fixed a critical vulnerability in its Data Analytics product appeared first on Security Affairs.
Data Breaches and Cyber Attacks Quarterly Review: Q1 2023
Welcome to our first quarterly review of security incidents for 2023, in which we take a closer look at the information gathered in our monthly list of data breaches and cyber attacks. In this article, you’ll find an overview of the cyber security landscape from the past three months, including the latest statistics and our observations. This includes year-on-year comparisons in the number of publicly disclosed data breaches, a review of the most breached sectors and a running total of incidents for the year. Overview IT Governance discovered 310 security incidents between January and March 2023, which accounted for 349,171,305 breached
The post Data Breaches and Cyber Attacks Quarterly Review: Q1 2023 appeared first on IT Governance UK Blog.
News & Updates
Dissecting threat intelligence lifecycle problems
In my last CSO article, I looked at a few challenges related to enterprise threat intelligence programs. Security pros pointed to issues like dealing with too many manual processes, sorting through noisy threat intelligence feeds, establishing clear ROI benefits, and managing threat intelligence programs that are little more than an academic exercise for the cyber-threat intelligence (CTI) team.
6 phases of an effective threat intelligence program
Given these pervasive challenges, it’s logical to ask: What does a strong threat intelligence program look like? While different organizations may answer this question with their own unique perspective, one common trait is that successful CTI programs follow an established threat intelligence lifecycle across six phases. (Note: Some threat intelligence lifecycle models are composed of five phases as they combine items 5 and 6 below):