CSOonline.com

Today's top cybersecurity news and analysis from "CSOonline.com."

Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.

Accessed on 01 May 2022, 2228 UTC.

Content supplied by "CSOonline.com."

Source: https://www.csoonline.com/news-analysis/

Please click link or scroll down to read your selections.

Thanks for joining us today.

Russ Roberts

https://hawaiicybersecurityjournal.blogspot.com

https://paper.li/RussellRoberts (machine learning, artificial intelligence, IoT, and information security)

News Analyses

CSO > Searching for vulnerabilities > Magnifying lens in a virtual interface idnetifies weakness

Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack

malware attack

New malware loader Bumblebee adopted by known ransomware access brokers

A user reviews data and statistical models. [analytics / analysis / tracking / monitoring / logging]

Proficio launches detection and response service to tackle identity-based threats

MDR firm claims solution is the industry’s only vendor-agnostic open XDR solution that supports identity threat detection and response.

Binary Russian flag

New Five Eyes alert warns of Russian threats targeting critical infrastructure

The alert provides detailed information on Russian government and state-sponsored cybercriminal groups as well as guidance for reducing risk.

money currency international denominations global currency by metamorworks getty images 1129515470

Ransomware plagues finance sector as cyberattacks get more complex

Cybercriminals have evolved from hacking wire transfers to targeting market data, as ransomware continues to hit financial firms, says a new VMware report. Here's what to do about it.

spyware alert notification

Spyware was used against Catalan targets and UK prime minister and Foreign Office

Researchers at the Citizen Lab says dozens of officials' phones were compromised by spyware sold by NSO Group or Candiru.

radar grid / computer circuits / intrusion detection / scanning

Bitdefender enters native XDR market with new offering

GravityZone XDR promises to reduce attacker dwell time with robust detection, quick triage, and automated threat containment.

hand at keyboard with Windows logo

Why you should patch the latest critical Windows RPC vulnerability right now

CVE-2022-26809 can allow attackers to compromise networks without user intervention, making it the most dangerous vulnerability fixed by Microsoft's April 12 Patch Tuesday update.

industrial power plant hacked skull and crossbone pixels security breach power plant by jason black

Rare and dangerous Incontroller malware targets ICS operations

A coalition of U.S. government agencies, security researchers, and companies warn about this new malware that can gain complete access to ICS and SCADA systems.

Artificial intelligence and digital identity

Ballooning growth of digital identities exposing organizations to greater cybersecurity risk

New enterprise initiatives are driving up the number of human and digital identities, increasing security risks.

Toy soldiers + binary code / wargames / cyberwarfare

Ukraine energy facility hit by two waves of cyberattacks from Russia’s Sandworm group

Sandworm succeeded in planting a new version of the Industroyer malware to disrupt ICS infrastructure at multiple levels, but was thwarted from doing serious damage.

CSO > Botnet > Robots amid a blue binary matrix

Serious flaws allow the hijacking of autonomous logistics robots used in hospitals

The now patched JekyllBot:5 vulnerabilities in Aethon TUG robots expose three communications interfaces, two APIs, and a websocket interface.

A virtual brain is wired with technology connections.

With AI RMF, NIST addresses artificial intelligence risks

The new framework could have wide-ranging implications for the private and public sectors. NIST is seeking comments on the current draft by April 29, 2022.

binary code, magnifying lens, skull and crossbones

FBI active defense measure removes malware from privately owned firewalls

The action targeted devices infected by the Cyclops Blink malware, believed to have been developed by Russia's Sandworm group.

innovation co innovation startup venn overlapping partnering iot by pettycon via pixabay

CrowdStrike and Mandiant form strategic partnership to protect organizations against cyber threats

Vendors say the partnership combines CrowdStrike’s Falcon platform with Mandiant’s breach investigation and response services offering tighter platform integrations, industry-leading intelligence, and shared expertise.

malware attack

New cryptomining malware targets AWS Lambda

The malware, dubbed Denonia, is written in Go for easier deployment and uses AWS's own open-source Go libraries.

A network of security components overlays a credit card payment made by laptop user.

New PCI DSS v4.0 receives kudos for flexibility

Customization, multi-factor authentication are key features in PCI DSS v4.0 global payment benchmark.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

Zoom’s bug bounty ROI clear as program pays $1.8 million to fix over 400 bugs

The firm’s CISO reflects on bug bounty ROI and selling the concept to senior leadership.

Binary Russian flag

New threat group underscores mounting concerns over Russian cyber threats

Crowdstrike says Ember Bear is likely responsible for the wiper attack against Ukrainian networks and that future Russian cyberattacks might target the West.

Abstract Java code

Spring4Shell patching is going slow but risk not comparable to Log4Shell

More tools to identify vulnerable applications and options to mitigate the risk from Spring4Shell are also now available.

LOAD MORE

 

Comments

Post a Comment

Please leave a comment about our recent post.

Popular posts from this blog

SecurityWeek Briefing.

Image
"Microsoft offers up to $15,000 in New AI Bug Bounty Program." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 13 October 2023, 2020 UTC.  Content provided by email subscription to "SecurityWeek Briefing." Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGtxdZHmrfcBkMDJSSNTtHlmhQX ("SecurityWeek Briefing"). Please click link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). SecurityWeek News Briefing | Friday, October 13, 2023 CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware Juniper Networks Patches Over 30 Vulnerabilities in Junos OS In Other News : Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure Microsoft Offers Up to $15,000 in New AI Bug Bounty Program Researcher Co
Read more

SecurityWeek Briefing.

Image
"Health Care Solutions giant disrupted by Cyberattack." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 19 October 2023, 2033 UTC.  Content provided by email subscription to "SecurityWeek Briefing." Source:  https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGwHLhdlHbpbQJXqhLLSvQbhdnC ("SecurityWeek Briefing"). Please click link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). SecurityWeek News Briefing | Thursday, October 19, 2023 Healthcare Solutions Giant Disrupted by Cyberattack Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program CipherStash Raises $3 Million for Encryption-in-Use Technology US Government Releases Anti-Phishing Guidance Google Play Protect Gets Real-Time Code Scanning Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,00
Read more

Cyber War News Wire.

Image
 "Navy establishes cyber warfare enlisted rating." Views expressed in this cyber war, cybersecurity, cyber espionage update are those of the reporters and correspondents.  Accessed on 02 July 2023, 2311 UTC.  Content provided by EIN Presswire. Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGtvsTbTPlbNrgzDpppFbtXwWxF ("Cyber War News Wire" from EIN Presswire). Please click link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). ·  Subscribe  ·  Unsubscribe My Alerts       Cyber War Newswire Got News to Share? Send 2 FREE Releases ↓ Daily update  ·  July 2, 2023     NEWS     Navy Establishes Cyber Warfare Enlisted Rating  Seapower Magazine ***** ARLINGTON, Va. — The U.S. Navy’s effort to expand its cyber warfare capabilities took another step with the establishment of the Cyber Warfare Technician (CWT) rating in its enlisted force.  The CTWs will conduct both offensive and defensive
Read more