cybersecurity Archives - Cyber Security Minute

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Issued by: Security Affairs

ownCloud is an open-source software platform designed for file synchronization and sharing. It allows individuals and organizations to create their own private cloud storage services, giving them control over their data while facilitating collaboration and file access across multiple devices. The vulnerability, tracked as CVE-2023-49103, resides in the Graphapi app, which relies on a third-party…

Software Security

CrowdStrike SIEM Demand Rises Amid Cisco-Splunk, Legacy Woes

Issued by: DataBreach Today

Pervasive discontent with legacy SIEM offerings and Cisco’s proposed acquisition of Splunk has driven “a significant and pronounced increase in interest” in CrowdStrike’s SIEM offering. The Austin, Texas-based cybersecurity titan’s SIEM tool hit the $100 million annual recurring revenue milestone in the most recent quarter thanks to LogScale’s search speed, data gravity and cost efficiency,…

Vulnerabilities

CISA Urges Patching as Hackers Exploit ‘Looney Tunables’ Bug

Issued by: DataBreach Today

U.S. federal agencies have until Dec. 12 to patch vulnerable Linux devices on their networks after researchers discovered an actively exploited security flaw. The Cybersecurity and Infrastructure Security Agency added the “Looney Tunables” vulnerability, tracked as CVE-2023-4911, to its catalog of known exploited vulnerabilities Tuesday and mandated federal civilian branch agencies to download patches to…

Network Security

CompTIA Advises Retailers to Check their Cybersecurity Preparedness Ahead of the Holiday Shopping Season

Issued by: Dark Reading

Retail businesses should make time in the coming days to assess their cybersecurity readiness ahead of the annual crush of Black Friday and Cyber Monday shoppers, according to CompTIA, the leading nonprofit association for the technology industry and workforce. “Proactive steps taken ahead of time to protect your assets is considerably easier than dealing with…

British Library Confirms Ransomware Attack Caused Outages

Issued by: Dark Reading

After announcing that it had experienced a major outage at the beginning of the month, The British Library confirmed on Nov. 14 that the disruption was due to a ransomware attack. And recovery has been slow. Three weeks after the attack, the library’s website is still offline. The IT outage affects the library’s online systems,…

News

EU Tightens Cybersecurity Requirements for Critical Infrastructure and Services

Issued by: Dark Reading

The European Union’s NIS2 Directive 2022/2555 is legislation aimed at improving the security and resilience of network and information systems across the EU. Although the legislation is already in effect, EU members have until October 2024 to transpose the directive into national law. Each organization encompassed by the directive will be legally obligated to live…

Vulnerabilities

Cisco patches serious flaws in Firepower and Identity Services Engine

Issued by: CSO Online

Cisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging administrators to deploy the available patches because “a cyber threat actor could…

Malware & Threats

Saudi Aramco CEO Warns of New Threat of Generative AI

Issued by: Dark Reading

The world’s largest oil company issued a warning this week that the energy sector is vulnerable to attacks, particularly with the advent of new technologies such as generative AI. Amin H. Nasser, CEO of Saudi Aramco, told the Global Cybersecurity Forum that the energy sector is an attractive target to those who want to do…

Software Security

Microsoft pledges cybersecurity overhaul to protect products and services

Issued by: CSO Online

Microsoft launches the Secure Future Initiative to usher in “next generation” of cybersecurity to better protect customers against escalating cybersecurity threats. Microsoft has announced the launch of the Secure Future Initiative (SFI) to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats. The new initiative will bring…