cybersecurity

Malware & Threats

Issued by: The Hacker News

Cybersecurity researchers are sounding the alarm over an ongoing campaign that’s leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023. “Unbeknownst to…

Malware & Threats

Issued by: Dark Reading

Cybercriminals are using last week’s CrowdStrike outage as a vehicle for social engineering attacks against the security vendor’s customers. In the hours after the event that grounded planes, shuttered stores, closed down medical facilities, and more, national cybersecurity agencies in the US, UK, Canada, and Australia all reported follow-on phishing activity by petty criminals. That…

Software Security

Issued by: Dark Reading

As organizations continue to fortify their cybersecurity strategies in response to an ever-evolving threat landscape, many are turning to Zero Trust architectures to safeguard their data. However, implementing Zero Trust is not without its challenges. According to a new strategy guide from the SANS Institute, “Navigating the Path to a State of Zero Trust in…

Malware & Threats

Issued by: Naked Security

The latest annual Sophos study of the real-world ransomware experiences of energy, oil/gas and utilities sector – a core element of the critical infrastructure supporting businesses – explores the full victim journey, from attack rate and root cause to operational impact and business outcomes. This year’s report sheds light on new areas of study for…

Software Security

Issued by: DataBreach Today

The United States cyber defense agency is creating a new framework to answer a critical question in cybersecurity: How can the trustworthiness of open-source security projects be accurately measured and transparently communicated? The Cybersecurity and Infrastructure Security Agency is in the second phase of its open-source software security road map, according to a Monday blog…

Application Security

Issued by: Dark Reading

The mad dash to the cloud a few years back left many organizations scrambling to understand the true implications of this technological shift. Fueled by promises of scalability and cost savings, many companies jumped on board without fully comprehending key details. For example, many were asking how secure their data was in the cloud, who…

Network Security

Issued by: Dark Reading

An unknown threat actor may have accessed critical information on US chemical facilities by compromising the US Cybersecurity and Infrastructure Security Agency’s (CISA) Chemical Security Assessment Tool (CSAT) earlier this year. Data the adversary may have accessed includes the types and quantities of chemicals stored at different facilities, facility-specific security vulnerability assessments, site security plans,…

Software Security

Issued by: DataBreach Today

The U.S. federal government is banning Russian cybersecurity firm Kaspersky Labs from selling antivirus software in the United States, officials announced Thursday, citing significant national security risks. Department of Commerce officials urged current Kaspersky customers to “immediately find alternatives” after an investigation determined that Russian state hackers could turn the cybersecurity software against their users….

Vulnerabilities

Issued by: The Hacker News

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the…

Malware & Threats

Issued by: Dark Reading

Blackbaud, a South Carolina-based software company, has been ordered by the California Attorney General’s Office to pay $6.75 million to settle a ransomware attack that took place in May 2020. The attack occurred due to poor security practices, the AG’s office said. After Blackbaud revealed that the threat actors compromised unencrypted Social Security numbers, bank…