SecurityWeek Briefing

Flaw in Microsoft OME could lead to leakage of encrypted data.

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 15 October 2022, 1344 UTC.  Content provided by email subscription to "SecurityWeek Briefing."

 Source:  https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGqQvzslmCHCQCgCnrKwtfpRDfn

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

SecurityWeek Weekend Briefing | Saturday, October 15, 2022

Flaw in Microsoft OME Could Lead to Leakage of Encrypted Data Timing Attacks Can Be Used to Check for Existence of Private NPM Packages IronVest Emerges From Stealth Mode With $23 Million in Seed Funding New 'Alchimist' Attack Framework Targets Windows, Linux, macOS Seven 'Creepy' Backdoors Used by Lebanese Cyberspy Group in Israel Attacks F-16 Fighter Aircraft Gets New Cybersecurity System PoC Published for Fortinet Vulnerability as Mass Exploitation Attempts Begin Mirai Botnet Launched 2.5 Tbps DDoS Attack Austria's Kurz Sets up Cyber Firm With Ex-NSO Chief DataGrail Raises $45 Million for Data Privacy Platform New Chinese Cyberespionage Group WIP19 Targets Telcos, IT Service Providers Google Brings Passkey Support to Android and Chrome Palo Alto Networks, Aruba Patch Severe Vulnerabilities Chinese Cyberspies Targeting US State Legislature Vista Equity Partners to Acquire Security Awareness Training Firm KnowBe4 for $4.6B

Anticipation and Action: What's Next in SOC Modernization Within the context of security operations, anticipation teams use internal and external threat and event data across their security infrastructure for context and analytics and to become more proactive.  - Read the Column by Marc Solomon

In-Person Training Attacking ICS with Python  October 24 | Atlanta This 8-hour workshop will be a crash course in ICS vulnerabilities and exploitation, providing hands-on, practical training in the carrying out of attacks against various common types of ICS equipment found in the field, including an HMI, PLC and automated circuit breaker. Register

Automotive Security Threats Are More Critical Than Ever Cybersecurity within the automotive industry has a long way to go to catch up to traditional enterprise cybersecurity standards and best practices.  - Read the Column by Marie Hattar

The Zero Day Dilemma Why are zero day exploits so effective, and so highly prized by bad actors? The reason has to do with the way cyber security defenses work. - Read the Column by Gordon Lawson

Video: What's Going on With Cybersecurity VC Investments? In this panel discussion from SecurityWeek's 2022 CISO Forum, leading cybersecurity investors sit down for a frank discussion of existing market conditions, cybersecurity ‘unicorns’ and potential exit strategies, emerging trends in security innovation, hot (and cold) product categories, and some market predictions as we head into 2023. Watch Video

If you missed it... Immersive Labs Raises $66 Million for Cyber Workforce Resilience Platform Lloyd's of London Cyber Incident Investigation Finds No Evidence of Compromise Chrome 106 Update Patches Several High-Severity Vulnerabilities QBot Malware Infects Over 800 Corporate Users in New, Ongoing Campaign Thoma Bravo to Take IAM Company ForgeRock Private in $2.3 Billion Deal ICS Patch Tuesday: Siemens, Schneider Electric Release 19 New Security Advisories SAP Patches Critical Vulnerabilities in Commerce, Manufacturing Execution Products Microsoft Warns of New Zero-Day; No Fix Yet For Exploited Exchange Server Flaws Malwarebytes Launches MDR Solution for SMBs Microsoft Warns of New Zero-Day; No Fix Yet For Exploited Exchange Server Flaws Intel Confirms UEFI Source Code Leak as Security Experts Raise Concerns Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce

Training: Attacking ICS With Python 2022 ICS Cybersecurity Conference - October 24th - Atlanta This 8-hour workshop will be a crash course in ICS vulnerabilities and exploitation, providing hands-on, practical training in the carrying out of attacks against various common types of ICS equipment found in the field, including an HMI, PLC and automated circuit breaker.

Learn More

RSS Feed | Webcasts | Virtual Events © 2022 Wired Business Media