Majority of US Defense Contractors Not Meeting Basic Cybersecurity Requirements
87% of DoD contractors are failing to meet the basic level of compliance ahead of CMMC coming into force next year
Cyber News, Cyber Threat Trends
- November 30, 2022
Serious Security: MD5 considered harmful – to the tune of $600,000
It’s not just the hashing, by the way. It’s the salting and the stretching, too!
Cyber News, Cyber Threat TrendsAustralian Parliament Passes Privacy Penalty Bill
The higher penalties and extended powers will become effective after the bill receives royal assent
Cyber News, Cyber Threat TrendsWho’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group The post Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin appeared first on WeLiveSecurity
Cyber News, Cyber Threat TrendsZero-Day Flaw Discovered in Quarkus Java Framework
The flaw has a CVSS v3 base score rating of 9.8 and can be found in the Dev UI Config Editor
Cyber News, Cyber Threat TrendsChina-Based Hackers Target Southeast Asia With USB-Based Malware
UNC4191 operations have affected several entities in Southeast Asia but also in the US, Europe and Asia Pacific Japan
Cyber News, Cyber Threat Trends
- November 30, 2022
AWS launches new cybersecurity service Amazon Security Lake
Amazon Web Services (AWS) has launched a new cybersecurity service, Amazon Security Lake, which automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account, the company said in a statement. “Customers must be able to quickly detect and respond to security risks so they can take […]
Cyber News, Cyber Threat Trends
- November 30, 2022
Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection
New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an “unexpected behavior” in the npm command line interface (CLI) tool. npm CLI’s install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for
Cyber News, Cyber Threat Trends
- November 30, 2022
French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm
The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l’informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5
Cyber News, Cyber Threat Trends