December 2022 - Page 4 of 4 - Cyber Security Minute

Top 10 free MITRE ATT&CK tools and resources

Issued by: Help Net Security

eBook: Getting Started with ATT&CK This free eBook pulls together the content from blog posts on threat intelligence, detection and analytics, adversary emulation and red teaming, and assessments and engineering onto a single, convenient package. CALDERA CALDERA is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response….

Network Security

US Agencies Told to Assess IoT/OT Security Risks to Boost Critical Infrastructure Protection

Issued by: Security Week

The GAO pointed out that the DHS, CISA and NIST have issued guidance, alerts, advisories, and other resources in an effort to help federal and private entities manage the cybersecurity risks associated with internet-of-things (IoT) and operational technology (OT) systems. While steps have been taken to protect critical infrastructure against cyberattacks, GAO believes more should…

Mobile Security

Google Migrating Android to Memory-Safe Programming Languages

Issued by: Security Week

Between 2019 and 2022, the annual number of reported memory safety issues in Android has dropped from 223 to 85, due to an increase in the amount of memory-safe code entering the mobile platform, and the trend is expected to continue. Memory safety bugs, Google notes, are typically the most severe type of vulnerabilities. In…

Malware & Threats

Where Advanced Cyberttackers Are Heading Next: Disruptive Hits, New Tech

Issued by: Dark Reading

In November, Ukraine’s president revealed that the country’s IT defenses fended off more than 1,300 Russian cyberattacks, including attacks on satellite communications infrastructure. The onslaught of cyberattacks highlights one of the shifts in advanced persistent threat (APT) attacks seen in the past year: In 2022, geopolitical tensions ratcheted up, and along with them, cyber operations…

Malware & Threats

Newsroom Sues NSO Group for Pegasus Spyware Compromise

Issued by: Dark Reading

Nearly two dozen journalists and other staffers working for El Faro, a digital newspaper based in El Salvador, are suing NSO Group for unleashing Pegasus spyware — malware they say was used to steal their most sensitive information, putting their safety in danger. Along with ASO Group Technologies, its Israeli parent company, Q Cyber Technologies…

Malware & Threats

Safely upgrading OT Infrastructure | Kaspersky official blog

Issued by: Kaspersky Blog

Such a statement might at first seem strange – especially from someone who’s been a mover and shaker since the very earliest days of all things viruses and anti-virus in the late eighties and early nineties. However, if you dig a little deeper into the AV (RIP) topic and consult some authoritative sources in the…

Malware & Threats

A year later, Log4Shell still lingers

Issued by: Help Net Security

72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from over 500 million tests. A vulnerability that’s difficult to eradicate When Log4Shell was discovered in December 2021, organizations around the world scrambled to determine their risk. In the weeks following…