cybersecurity Archives - Cyber Security Minute

Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying

Issued by: Security Week

The vulnerabilities were discovered by researchers at industrial and IoT cybersecurity firm Claroty. The company — along with CISA and CERT/CC — has attempted to report the findings to the vendor over the past year, but without success, and the security holes remain unpatched. Claroty this week disclosed technical details of its findings and CISA…

Malware & Threats

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

Issued by: The Hacker News

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. “The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades,” cybersecurity company Mandiant said in a technical report published this week. The Google-owned incident response…

Network Security

White House releases an ambitious National Cybersecurity Strategy

Issued by: CSO Online

The White House released its long-anticipated National Cybersecurity Strategy, a comprehensive document that offers fundamental changes in how the US allocates “roles, responsibilities, and resources in cyberspace.” The strategy involved months of discussions among more than 20 government agencies and countless consultations with private sector organizations. It encompasses virtually all the weaknesses and challenges inherent…

Vulnerabilities

Hacked home computer of engineer led to second LastPass data breach

Issued by: CSO Online

Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches…

Malware & Threats

Two of The Worst Healthcare Data Breaches in US History Happened Last Year

Issued by: Dark Reading

Network Assured shared the results of a recent study on cyberattacks against U.S. healthcare organizations. It looked at the total number of data breaches historically, the number of individuals affected, and the financial cost of each breach. One of the more stark findings of the report was that two of the worst healthcare data breaches…

Malware & Threats

New cyberattack tactics rise up as ransomware payouts increase

Issued by: CSO Online

While phishing, business email compromise (BEC), and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks is gaining steam, according to a new report from cybersecurity and compliance company Proofpoint. “While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery (TOAD) and…

Application Security, Software Security

Closing the Gap in Threat Visibility

Issued by: DataBreach Today

Threat visibility has always been an unruly challenge. Security teams find themselves inundated with alerts, many of which are false alarms. The irony is that, even as defenders can see more information about threats than ever before, attackers can slip right by because of all the noise. And the attackers know this, so they create…

News

Australia Centralizes Government Cybersecurity Response

Issued by: DataBreach Today

The Australian government says it will centralize its approach to securing federal agencies by appointing a coordinator to head the new National Office for Cyber Security within the Department of Home Affairs. The appointment comes after the country down under experienced back-to-back major data breaches. Medibank, Australia’s largest private health insurer, saw Russia-based ransomware hackers…

News

AUVSI Launches Green UAS Cybersecurity Certification Program For Commercial Drones

Issued by: Dark Reading

Today, AUVSI announced the launch of Green UAS, a new program to expand the number of commercial Uncrewed Aircraft Systems (UAS) that have been verified to meet the highest levels of cybersecurity and National Defense Authorization Act (NDAA) supply chain requirements. Green UAS mirrors the Defense Innovation Unit (DIU)’s Blue UAS certification program but is…

News

Cyberthreats, Regulations Mount for Financial Industry

Issued by: Dark Reading

The cybersecurity landscape for financial institutions and finance technology (fintech) has changed dramatically in the past few years, and 2023 will likely be no different. In 2022, for example, distributed denial-of-service (DDoS) attacks targeting financial firms increased by 22% worldwide, compared to the previous year, according to a joint report published by the Financial Services…