cybersecurity Archives - Page 3 of 107

Cisco patches serious flaws in Firepower and Identity Services Engine

Issued by: CSO Online

Cisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging administrators to deploy the available patches because “a cyber threat actor could…

Malware & Threats

Saudi Aramco CEO Warns of New Threat of Generative AI

Issued by: Dark Reading

The world’s largest oil company issued a warning this week that the energy sector is vulnerable to attacks, particularly with the advent of new technologies such as generative AI. Amin H. Nasser, CEO of Saudi Aramco, told the Global Cybersecurity Forum that the energy sector is an attractive target to those who want to do…

Software Security

Microsoft pledges cybersecurity overhaul to protect products and services

Issued by: CSO Online

Microsoft launches the Secure Future Initiative to usher in “next generation” of cybersecurity to better protect customers against escalating cybersecurity threats. Microsoft has announced the launch of the Secure Future Initiative (SFI) to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats. The new initiative will bring…

Malware & Threats

SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures

Issued by: SecurityWeek

The charges stem from alleged fraud and internal control failures related to known cybersecurity weaknesses that took place between the company’s October 2018 initial public offering (IPO) and its December 2020 revelation of a sophisticated cyberattack dubbed “SUNBURST.” The software supply chain cyberattack involved Russia-linked threat actors breaching SolarWinds systems in 2019, or possibly even…

Malware & Threats

Known Ransomware Attack Volume Breaks Monthly Record, Again

Issued by: DataBreach Today

The volume of known ransomware attacks surged last month to record-breaking levels, security researchers report. Ransomware groups collectively listed 514 victims on their data-leak sites in September, breaking the previous record in July of 502 victims, said U.K. cybersecurity firm NCC Group. The firm reports that “major drivers of this activity” include newer groups such…

Vulnerabilities

Security Pros Warn That EU’s Vulnerability Disclosure Rule Is Risky

Issued by: Dark Reading

The European Union (EU) may soon require software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of an exploitation. Many IT security professionals want this new rule, set out in Article 11 of the EU’s Cyber Resilience Act (CRA), to be reconsidered. The rule requires vendors to disclose that they know about…

Vulnerabilities

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Issued by: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve remote code execution (RCE) with the privileges of the current user….

Network Security

WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive

Issued by: Dark Reading

WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers. Key findings from the research include 95% of malware now arriving over encrypted connections, a decrease in endpoint malware volumes…

News

Cybersecurity Funding Rises by 21% in Q3 2023, Pinpoint Search Group’s Report Indicates

Issued by: Dark Reading

Pinpoint Search Group, a leading cybersecurity recruitment firm, has unveiled its Q3 2023 cybersecurity funding report. The quarter saw a 21 percent rise in funds raised compared to Q3 2022, painting an optimistic picture of the industry’s growth trajectory, characterized by strategic advancements and heightened interest. In Q3 2023, Pinpoint Search Group’s research team recorded…

Application Security

Joe Sullivan: What’s a Breach? ‘It’s a Complicated Question’

Issued by: DataBreach Today

Trick question for CSOs: When does a security incident qualify as being a data breach, triggering notification or other regulatory rules? The answer is that it’s “a very complicated question” that cybersecurity leaders should leave to their legal team while they stay fully in the loop, said former Uber CSO Joe Sullivan, sharing lessons learned…