Cybersecurity
Category Added in a WPeMatico Campaign
Parents have received emails from the threat actors, with leaked PDF documents containing student data, causing concerns about potential identity theft and phishing attacks.
Finance & Banking , Industry Specific , Standards, Regulations & Compliance Non-Banking Institutions Will Be Required to Report Breaches Under Revised Rule. Chris Riotta (@chrisriotta) • October 27, 2023 The U.S. Federal Trade Commission said the new disclosure requirements will provide consumer lendes with additional incentives to protect consumer data. (Image: Shutterstock) Consumer […]
Oct 30, 2023NewsroomMalware / Endpoint Security A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. “MSIX is a Windows app package format that developers can leverage to […]
Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed as one-off CVEs. Raven boosts the ability of security teams to implement secure […]
Q3 of 2023 continued an ongoing surge in ransomware activity, according to GuidePoint Security. GuidePoint Research and Intelligence Team (GRIT) observed a nearly 15% increase in ransomware activity since Q2 due to an increased number of ransomware groups, including 10 new emerging groups tracked during this quarter. In the third quarter, GRIT tracked 1,353 publicly […]
The sharp increase in attacks on operational technology (OT) systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals (often sponsored by the former). The lack of success on the defense side can be attributed to several factors: the complexity of […]
Many CISOs are grappling with the conundrum of the purpose and value of security controls data in supporting critical business decisions, according to Panaseer. The biggest concern when taking on a new CISO role is receiving an inaccurate audit of the company’s security posture (54%). This is a tacit acknowledgment that inaccurate security data can […]
The Cybersecurity and Infrastructure Security Agency on Thursday issued a request for comment on how to create a more harmonized system of software identification as part of a larger effort to make the software supply chain more secure. Since President Joe Biden issued an executive order on improving cybersecurity in 2021, CISA and other federal […]
Oct 30, 2023NewsroomKubernetes / Server Security Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows – CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can be bypassed to obtain […]