cybersecurity Archives - Page 9 of 108

Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Increase Cybersecurity Spending

Issued by: Dark Reading

Mimecast, an advanced email and collaboration security company, today announced the publication of its annual “The State of Email Security 2023” (SOES) report. The global survey is based on responses from 1,700 IT and security decision-makers, providing readers with key takeaways on the current threat landscape and offering recommendations to help organizations improve their cybersecurity…

Application Security

FDA Announces New Cybersecurity Requirements for Medical Devices

Issued by: SecurityWeek

Guidance issued by the agency on March 30 explains that the new requirements are part of the Consolidated Appropriations Act signed into law in late 2022, specifically a section titled “Ensuring Cybersecurity of Medical Devices”, which amended the Federal Food, Drug, and Cosmetic Act (FD&C Act). According to the FDA, submissions for new medical devices…

Cloud Security

New AlienFox toolkit harvests credentials for tens of cloud services

Issued by: Security Affairs

AlienFox is a new modular toolkit that allows threat actors to harvest credentials for multiple cloud service providers. AlienFox is available for sale and is primarily distributed on Telegram in the form of source code archives. Some modules are available on GitHub allowing threat actors to customize their malicious code to suit their needs. AlienFox…

Application Security

Microsoft Puts ChatGPT to Work on Automating Cybersecurity

Issued by: SecurityWeek

Microsoft on Wednesday rolled out an AI-powered security analysis tool to automate incident response and threat hunting tasks, showcasing a security use-case for the popular chatbot developed by OpenAI. The new tool, called Microsoft Security Copilot, is powered by OpenAI’s newest GPT-4 model and will be trained on data from Redmond’s massive trove of telemetry…

Network Security

CISA announced the Pre-Ransomware Notifications initiative

Issued by: Security Affairs

The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of early-stage ransomware attacks. The principle behind the initiative is simple, ransomware actors initially gain access to the target organization, then they take some time before stealing or encrypting data. The time-lapse between initial access to a…

Malware & Threats

Stung by Free Decryptor, Ransomware Group Embraces Extortion

Issued by: DataBreach Today

Not all ransomware groups wield crypto-locking malware. In their continuing quest for extortionate profits, some have moved away from encryption and pressure victims purely by threatening to leak stolen data unless they receive a ransom payment. This seems to have been the case for BianLian, a prolific ransomware group that emerged in the summer of…

Network Security

Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying

Issued by: Security Week

The vulnerabilities were discovered by researchers at industrial and IoT cybersecurity firm Claroty. The company — along with CISA and CERT/CC — has attempted to report the findings to the vendor over the past year, but without success, and the security holes remain unpatched. Claroty this week disclosed technical details of its findings and CISA…

Malware & Threats

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

Issued by: The Hacker News

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. “The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades,” cybersecurity company Mandiant said in a technical report published this week. The Google-owned incident response…

Network Security

White House releases an ambitious National Cybersecurity Strategy

Issued by: CSO Online

The White House released its long-anticipated National Cybersecurity Strategy, a comprehensive document that offers fundamental changes in how the US allocates “roles, responsibilities, and resources in cyberspace.” The strategy involved months of discussions among more than 20 government agencies and countless consultations with private sector organizations. It encompasses virtually all the weaknesses and challenges inherent…

Vulnerabilities

Hacked home computer of engineer led to second LastPass data breach

Issued by: CSO Online

Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches…