US Government Proposes SBOM Rules for Contractors
Three US government agencies have proposed new rules for federal contractors which would require them to develop and maintain a...
News
CISA and NSA Tackle IAM Security Challenges in New Report
The CISA and the National Security Agency (NSA) have published new guidelines in a report called "Identity and Access Management:...
Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers
Security researchers have discovered a major new scam operation designed to trick job seekers into parting with cryptocurrency, by getting...
China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns
Chinese threat actors are positioning themselves to deploy major cyber-attacks against US critical national infrastructure (CNI) in the event of...
Critical Glibc Bug Puts Linux Distributions at Risk
Security researchers from the Qualys Threat Research Unit (TRU) have uncovered a new buffer overflow vulnerability within the GNU C...
CISA and NSA Publish Top 10 Misconfigurations
Two leading US government security agencies have shared the top 10 most common cybersecurity misconfigurations, in a bid to improve...
Apple Issues Emergency Patches for More Zero-Day Bugs
Apple has been forced to issue more emergency updates to fix two new zero-day vulnerabilities impacting iOS and iPadOS users.An...
AWS to Mandate Multi-Factor Authentication from 2024
Amazon Web Services (AWS) said it will require multi-factor authentication (MFA) for all privileged accounts starting mid-2024, in a bid...
Qakbot Gang Still Active Despite FBI Takedown
Despite the takedown of the Qakbot threat gang’s infrastructure by the FBI in late August, some of the group’s affiliates...
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
North Korea’s Lazarus Group Launders $900 Million in Cryptocurrency
As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group...
GitHub’s Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack
GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon...
Supermicro’s BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities
Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs)...
New OS Tool Tells You Who Has Access to What Data
Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result...
Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike
Threat actors have been observed targeting semiconductor companies in East Asia with lures masquerading as Taiwan Semiconductor Manufacturing Company (TSMC)...
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons....
Amazon to make MFA mandatory for ‘root’ AWS accounts by mid-2024
Amazon will require all privileged AWS (Amazon Web Services) accounts to use multi-factor authentication (MFA) for stronger protection against account...
Lyca Mobile investigates customer data leak after cyberattack
Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have...
NSA and CISA reveal top 10 cybersecurity misconfigurations
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common...
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to...
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks
Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing...
Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems
Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign...
Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now
Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server...
