Cyber Security Minute

Announcement Center

Data Poisoning: The Next Big Threat

August 26, 2021 9:52 pm

Advertisement Data poisoning against security software that uses artificial intelligence (AI) and machine learning (ML) is likely the next big cybersecurity risk. According to the RSA 2021 keynote presentation by Johannes Ullrich, dean of research of SANS Technology Institute, it’s a threat we should all keep an eye on. “One of the most basic threats...

How to Avoid Smishing Attacks Targeting Subscription Service Users

August 17, 2021 8:26 pm

Advertisement If you’re anything like me, you used delivery more during the pandemic than before. Both getting food brought to my door and meal kit boxes mean people don’t have to mask up and go out to the grocery store. But threat actors know that, too. Recent scams take advantage of people signing up for...

Hackers Return Portion of Record Crypto Heist Haul

August 11, 2021 7:57 pm

Advertisement Poly Network fired off a tweet Wednesday saying hackers had returned $260 million worth of the digital assets taken in a heist a day earlier valued at $613 million. Polygon had urged the thieves to return the stolen fortune and provided online addresses for transfers. “Seven minutes prior to sending the first transaction returning...

German Election Authority Confirms Likely Cyber Attack

Issued by: Security Week

The development, first reported by Business Insider, comes as German federal prosecutors probe alleged cyber attacks against lawmakers during the campaign to choose a new parliament and a successor to Chancellor Angela Merkel. "At the end of August the website of the Federal Returning Officer...

U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day

Issued by: Security Week

Tracked as CVE-2021-40539 and rated critical severity (CVSS score of 9.8), the vulnerability has been exploited since August 2021 to execute code remotely and take over vulnerable systems. Affecting the representational state transfer (REST) application programming interface (API) URLs of the self-service password management and...

Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance

Issued by: Security Week

Microsoft’s guidance was published just as researchers noticed that one of the vulnerabilities is already being exploited in the wild. It appears that the Mirai botnet is attempting to compromise vulnerable systems and that it also closes port 5896 (OMI SSL port) to keep other...

How to protect MikroTik routers from the Mēris botnet

Issued by: Kaspersky Blog

Recent large-scale DDoS attacks using a new botnet called Mēris peaked at almost 22 million requests per second. According to Qrator research, MikroTik’s network devices generated a fair share of the botnet’s traffic. Having analyzed the situation, MikroTik experts found no new vulnerabilities in the...

OMI vulnerabilities threaten Linux virtual machines on Azure

Issued by: Kaspersky Blog

News has surfaced of a rather dangerous practice in Microsoft Azure, whereby when a user creates a Linux virtual machine and enables certain Azure services, the Azure platform automatically installs the Open Management Infrastructure (OMI) agent on the machine. The user won’t know it. Although...

How DevSecOps Can Secure Your CI/CD Pipeline

Issued by: Security Intelligence

Many companies today automate their software development life cycle with continuous integration and continuous delivery (CI/CD). It’s part of the broader DevOps movement to speed software development while reducing errors. Continuous integration builds and tests code automatically, while continuous delivery automates the entire software release...

Cyber Security Minute

Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance

Zoom Introduces End-to-End Encrypted Phone Calls

Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System

Facebook Announces Encrypted WhatsApp Backups

GitHub Patches Security Flaws in Core Node.js Dependencies

Lack of C3PAO assessors jeopardizes DoD CMMC certification goal

Announcement Center