Hackers Target Australian Defense Communications Platform With Ransomware
The firm is one of the defense department’s external providers employed to run one of its websites
Cyber News, Cyber Threat Trends
- October 31, 2022
Tips for Choosing a Pentesting Company
In today’s world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider? The sheer number of providers can be daunting, and finding one […]
Cyber News, Cyber Threat Trends
- October 31, 2022
Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability
An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a
Cyber News, Cyber Threat Trends
- October 31, 2022
Fodcha DDoS Botnet Resurfaces with New Capabilities
The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360’s Network Security Research Lab said in a report published last week. Fodcha first came to
Cyber News, Cyber Threat Trends
- October 31, 2022
Allowing Users to Start Encrypted EC2 Instances in the AWS Console
ACM.97 Requiring MFA, encryption, and disallowing network misconfigurations that expose admin ports and data This is a continuation of my series of posts on Automating Cybersecurity Metrics. Where was I? Oh yes, I was trying to use the Developer user created with CloudFormation for whom we autogenerated a password to login into the AWS console and […]
Cyber News, Cyber Threat TrendsApple Only Commits to Patching Latest OS Version
People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica: In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent […]
Cyber News, Cyber Threat Trends
- October 31, 2022
Samsung Galaxy Store Bug Could’ve Let Hackers Secretly Install Apps on Targeted Devices
A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting […]
Cyber News, Cyber Threat Trends
- October 31, 2022
GitHub Repojacking Bug Could’ve Allowed Attackers to Takeover Other Users’ Repositories
Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks. The RepoJacking technique, disclosed by Checkmarx, entails a bypass of a protection mechanism called popular repository namespace retirement, which aims to prevent developers from pulling unsafe repositories with
Cyber News, Cyber Threat TrendsWhat do kickboxing and cybersecurity have in common
When people think of cybersecurity, they think it is all about constant, in-the-moment, reactive execution. That is true in many regards, however, there is more to cybersecurity than that. There is also a strategic side; that progressive, long-term vision to anticipate the unknown, convert fear into motivation, and prepare for future threats. As the Chief […]
Cyber News, Cyber Threat Trends