ITCurated, Author at Cyber Security Minute

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

Issued by: The Hacker News

The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. It said “new project creation and new user registration” was temporarily halted to mitigate what it said was a “malware upload campaign.” The incident was resolved 10 hours…

Network Security

Japan Runs Inaugural Cyber Defense Drills With Pacific Island Nations

Issued by: Dark Reading

Japan held cyber defense exercises with five Pacific island nations last month in an effort to shore up cybersecurity defenses in the region. The cybersecurity exercise event, held in Guam in mid-February, was a first for Japan. Japan’s Ministry of Internal Affairs and Communications led the event, which included government officials and network providers from…

Vulnerabilities

Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account

Issued by: The Hacker News

In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn’t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple…

Network Security

The UK’s Online Safety Act: a breakdown of key changes

Issued by: Panda Security

The UK’s long-awaited Online Safety Act has finally come into force, bringing with it a raft of new digital offences. We have written about the Act a few times in the past, so here is a quick rundown of what has changed now it has become law. Cyberflashing is outlawed According to research, 76% of…

Network Security

3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage

Issued by: Dark Reading

Globally, cybersecurity threats continue to accelerate in pace and scale with rising malware and deepfake attacks. Over a third of organizations worldwide suffered a material cyber incident from malicious actors in the past year, while 73% were affected by ransomware attacks in 2023. With these cyberattacks come serious financial costs — global damages total an…

Network Security

Demystifying a Common Cybersecurity Myth

Issued by: The Hacker News

One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own—this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today’s ever-evolving file upload security landscape, and a…

Malware & Threats

Healthcare’s Ransomware Epidemic: Why Cyberattacks Hit the Medical Sector With Alarming Frequency

Issued by: SecurityWeek

Healthcare comprises a critical industry combining a large-scale use of converged IT and OT with a huge quantity of disparate OT devices dependent on IT control delivered over WiFi – and a very low tolerance for disruption. The industry is eminently exploitable and has a strong incentive to settle extortion attacks as quickly and as…

Network Security

4 tabletop exercises every security team should run

Issued by: CSO Online

Ensuring the enterprise is protected from vulnerabilities is a required function of security teams. It’s also a best practice for cyber insurance vendors and meeting compliance requirements. A popular evaluation test, the tabletop exercise, permits security teams and corporate management to select a threat and then run through the process of containing and remediating the…

Mobile Security, Vulnerabilities

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

Issued by: The Hacker News

Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below – CVE-2024-23225 – A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections CVE-2024-23296…

Vulnerabilities

Cisco Patches High-Severity Vulnerabilities in Data Center OS

Issued by: SecurityWeek

The first of the high-severity bugs, CVE-2024-20321, exists because External Border Gateway Protocol (eBGP) traffic “is mapped to a shared hardware rate-limiter queue”, allowing an unauthenticated, remote attacker to send large amounts of traffic and cause a denial-of-service (DoS) condition. According to Cisco, under certain conditions, the security defect impacts Nexus 3600 series switches and…