Data Breaches Rise By 70% Globally in Q3 2022
Russia had the most breaches overall and France had the highest breach density
Cyber News, Cyber Threat Trends
- October 25, 2022
CloudFormation cannot update a stack when a custom-named resource requires replacing
Should this issue be handled by CloudFormation automatically behind the scenes? I added a customer managed prefix list to a security group and then I started getting this error message: CloudFormation cannot update a stack when a custom-named resource requires replacing This is a very strange error message to me. What exactly is a custom-named resource? I […]
Cyber News, Cyber Threat TrendsApple Fixes Actively Exploited iOS and iPadOS Zero-Day Vulnerability
The out-of-bounds write issue in the kernel could be exploited to execute arbitrary code
Cyber News, Cyber Threat Trends
- October 25, 2022
Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company
The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its […]
Cyber News, Cyber Threat Trends
- October 25, 2022
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on […]
Cyber News, Cyber Threat TrendsPOS Malware Used to Steal Details of Over 167,000 Credit Cards
The operators could make over $3m if they decide to sell the card dumps on underground forums
Cyber News, Cyber Threat Trends
- October 25, 2022
Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog
Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol (MS-EVEN), which enables remote access to event logs. While the former allows “any domain user to remotely
Cyber News, Cyber Threat Trends
- October 25, 2022
Autogenerated Passwords in CloudFormation for AWS Console Access
91. Granting AWS Console access for Secrets Manager Secrets to address IAM Policy Limitations This is a continuation of my series on Automating Cybersecurity Metrics. If you recall from a prior post we had some complications when trying to protect a user-specific secret due to the way AWS policies work. We couldn’t fully achieve our […]
Cyber News, Cyber Threat Trends
- October 25, 2022
Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards
Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant […]
Cyber News, Cyber Threat Trends