ITCurated, Author at Cyber Security Minute

Adaptive Access Technologies Gaining Traction for Security, Agility

Issued by: Dark Reading

Although only seeing tepid adoption to date, adaptive access and authentication is set to gain steam among businesses this year as organizations pursue zero-trust capabilities that grant and restrict access to data and systems based on context. In the latest sign of life in the evolving industry, startup company Oleria announced on March 21 that…

Software Security

Is Decentralized Identity About to Reach an Inflection Point?

Issued by: Dark Reading

Although the decentralized identity market is still in its infancy, it has been gaining traction in recent years and has the potential to change existing identity, authentication, and access for the better. In 2022, the decentralized identity market was projected to reach $270 million. Through decentralization and blockchain technology, there are an increasing number of…

Vulnerabilities

Vulkan Playbook Leak Exposes Russia’s Plans for Worldwide Cyberwar

Issued by: Dark Reading

The release of thousands of pages of confidential documents has exposed Russian military and intelligence agencies’ grand plans for using their cyberwar capabilities in disinformation campaigns, hacking operations, critical infrastructure disruption, and control of the Internet. The papers were leaked from the Russian contractor NTC Vulkan and show how Russian intelligence agencies use private companies…

Mobile Security

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

Issued by: CSO Online

Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches. “The zero-day exploits were used alongside n-day exploits and took advantage…

Application Security

FDA Announces New Cybersecurity Requirements for Medical Devices

Issued by: SecurityWeek

Guidance issued by the agency on March 30 explains that the new requirements are part of the Consolidated Appropriations Act signed into law in late 2022, specifically a section titled “Ensuring Cybersecurity of Medical Devices”, which amended the Federal Food, Drug, and Cosmetic Act (FD&C Act). According to the FDA, submissions for new medical devices…

News

Report: Chinese State-Sponsored Hacking Group Highly Active

Issued by: SecurityWeek

The hacking group, which the report calls RedGolf, shares such close overlap with groups tracked by other security companies under the names APT41 and BARIUM that it is thought they are either the same or very closely affiliated, said Jon Condra, director of strategic and persistent threats for Insikt Group, the threat research division of…

Vulnerabilities

Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability

Issued by: The Hacker News

The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. “TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes…

News

Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M

Issued by: Security Affairs

The Cyber Police of Ukraine, with the support of law enforcement officials from the Czech Republic, has arrested several members of a cybercriminal ring that defrauded EU citizens of $4.33 million with phishing campaigns. The suspects set up more than 100 phishing websites to obtain the bank card data and banking account credentials of foreign…

Malware & Threats

Votiro Raises $11.5 Million to Prevent File-Borne Threats

Issued by: SecurityWeek

Consisting of new capital and a loan to equity conversion, the investment round was led by Harvest Lane Asset Management. Founded in 2010, Austin-based Votiro keeps organizations safe by disarming weaponized files delivered via email, collaborative platforms, web downloads, or file sharing services, as well as those that are uploaded to consumer-facing web portals. The…