Industrial Cybersecurity Webinar | Now on Demand Understanding your current OT cybersecurity posture is imperative when executing a successful security strategy. This involves analyzing gaps and vulnerabilities as well as educating yourself on effective solutions that will strengthen security defenses within your OT environment. Join SecurityWeek and TXOne Networks for this on demand webinar as […]

The US cybersecurity agency CISA on Tuesday announced a new Binding Operational Directive requiring federal agencies to follow security control baselines for their cloud environments. The ‘Binding Operational Directive 25-01: Implementing Secure Practices for Cloud Services’ is meant to help federal agencies reduce their attack surface and improve resilience against cyberattacks. “Recent cybersecurity incidents highlight […]

BeyondTrust has released patches for a critical-severity vulnerability in its Privileged Remote Access (PRA) and Remote Support (RS) products that could be exploited to execute arbitrary commands. The flaw was discovered during an investigation into a security incident impacting some customers. BeyondTrust’s PRA provides management of privileged user accounts facilitating just-in-time secure access to enterprise […]

Over the next 12-18 months, organizations will face an increasingly complex landscape of AI compliance frameworks and regulations. While AI adoption accelerates across industries, governments worldwide are advancing legislation to address its risks and usage. For security executives, these frameworks introduce significant challenges in governance, risk management, and compliance planning. In the European Union, the […]

Threat actors have started exploiting a critical-severity vulnerability in Apache Struts 2 less than a month after it was publicly disclosed. The issue, tracked as CVE-2024-53677 (CVSS score of 9.5), is described as a file upload logic flaw that could enable an attacker to perform a path traversal attack. “An attacker can manipulate file upload […]

A hacker has leaked data stolen recently from a Cisco DevHub instance, but claims it’s only a fraction of the total amount of files that was taken. The notorious hacker IntelBroker announced in October that he and others had breached Cisco systems and obtained source code, certificates, credentials, confidential documents, encryption keys and other types […]

European Union privacy watchdogs hit Facebook owner Meta with fines totaling 251 million euros on Monday after an investigation into a 2018 data breach on the social media platform that exposed millions of accounts. Ireland’s Data Protection Commission issued the penalties after wrapping up its inquiry into the breach, when hackers gained access to user […]

The US cybersecurity agency CISA has released a draft version of its updated National Cyber Incident Response Plan (NCIRP) for public comment. Originally published in 2016, the NCIRP is meant as a framework on how federal, private, state, local, tribal, and territorial (SLTT), and international organizations address cyber incidents that have a higher severity, and […]

Industrial Cybersecurity Webinar | Tuesday, December 17, 2024 at 1PM ET Understanding your current OT cybersecurity posture is imperative when executing a successful security strategy. This involves analyzing gaps and vulnerabilities as well as educating yourself on effective solutions that will strengthen security defenses within your OT environment. Join SecurityWeek and TXOne Networks on Tuesday, […]

Researchers at Amnesty International have uncovered an Android zero-day exploit being used to silently deploy custom surveillance spyware targeting journalists in Serbia. The investigation has linked the technology to Israeli forensics vendor Cellebrite. In a technical report published Monday, the human rights group detailed how Serbia’s Security Information Agency (BIA) and police used Cellebrite’s forensic […]