Check Point Software Technologies will acquire SaaS vendor Atmosec. #SaaSsecurity #cybersecurity
Atmosec specializes in identifying and disconnecting malicious SaaS applications, preventing risky third-party SaaS communications, and rectifying misconfigurations.
Integration of Atmosec's capabilities into CheckPoint Infinity will deliver a secure Secure Access Service Edge (SASE) solution.
Atmosec's technology features rapid discovery of malicious SaaS apps, prevention of unauthorized SaaS communications, and complete visibility into SaaS applications.
Check Point plans to roll out these new capabilities gradually through the existing CheckPoint Infinity platform.
This acquisition positions Check Point Software at the forefront of SaaS security.
#Atmosec #CheckPoint #cybersecurity
Summary:
The UK government has reversed its stance on anti-encryption measures in the Online Safety Bill. It no longer requires tech companies to scan user messages for child sexual exploitation and abuse content before encryption. Tech giants like WhatsApp and Signal had threatened to withdraw their services in protest. The government has stated that scanning will only be implemented when technically feasible.
Hashtags:
#UKgovernment #encryption #OnlineSafetyBill #privacy #childexploitation #scanning #WhatsApp #Signal
https://www.infosecurity-magazine.com/news/uk-government-backs-down/
Hundreds of scam pages were uncovered in a major investment fraud campaign. The campaign uses social media advertising to trick victims into giving away their money. The scam pages impersonate legitimate financial and insurance companies, as well as brands from various sectors. The scammers request personal information and bank details from their victims. Once a deposit is made, communication stops and refunds are blocked. The campaign targeted users from the Middle East and Africa region. The losses estimated between March and June 2023 were $280,000. #InvestmentFraud #ScamPages #SocialMediaScams #CyberCrime
https://www.infosecurity-magazine.com/news/hundreds-of-scam-pages-uncovered/
Summary: Researchers at Qualys have identified the top 20 most exploited vulnerabilities, with Microsoft products being a primary target for hackers. These vulnerabilities include issues in Microsoft Office, Wordpad, Windows Common Controls, and more. Users are advised to immediately identify vulnerable assets and prioritize remediation to mitigate risk.
Hashtags: #CyberSecurity #Microsoft #Vulnerabilities #Threats
https://cybersecuritynews.com/20-most-exploited-vulnerabilities-microsofts-products/
Hackers are using ChatGPT to generate malware and social engineering threats. The rise of generative AI poses both risks and benefits. AI-driven scams have increased, including email, social, and SMS scams. ChatGPT's popularity among hackers makes it a target for exploration. Malware and social engineering threats are facilitated by large language models (LLMs). AI technology has also transformed spam tactics and led to manipulated reviews. Security analysts can use ChatGPT to enhance pattern detection tools. AI-based assistant tools are being developed for malware analysis and reverse engineering. Recommendations include being cautious of unbelievable offers and regularly updating software. #ChatGPT #malware #socialengineering #AI #security
https://cybersecuritynews.com/hackers-using-chatgpt-generate-malware/
Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft's Mistakes - Microsoft reveals how a crash dump from 2021 inadvertently exposed a key that Chinese cyberspies later leveraged to hack US government emails.
Hashtags: #Cybersecurity #Espionage #Microsoft #Mistakes #ChineseHackers
Summary:
APT28, a Russia-backed threat actor, attempted to attack a Ukrainian critical power facility. The attack involved bulk emails with a link to a ZIP archive that could provide access to the organization's systems. The attack was detected and prevented by Ukraine's cybersecurity services. The attempt was likely aimed at enabling future operations rather than direct disruption.
Hashtags:
#Russia #Ukraine #Cyberattack #CriticalInfrastructure #APT28
https://www.infosecurity-magazine.com/news/russia-apt28-attack-ukraine-power/
Cyber-criminals continuously develop new ways to evade protections and inflict damage. Organizations view cyber-attacks as inevitable and build resilience strategies. Successful cyber-attacks require multiple successful cons before significant damage is done. Organizations must detect and deter malicious activity at every stage of an attack. Email security is crucial. Organizations should implement a defense-in-depth strategy. Your people play a significant role in keeping cyber-criminals at bay. One successful defense is enough to deter cyber-criminals.
#Cybersecurity #CyberCriminals #Resilience #EmailSecurity #DefenseInDepth #ThreatDetection #CyberAwareness
https://www.infosecurity-magazine.com/blogs/cyber-criminals-right-once-not/
MITRE and CISA have released an open-source tool called MITRE Calder for OT, which emulates cyber-attacks against operational technology. The tool allows cyber professionals to run automated adversary emulation exercises to test and strengthen their cyber defenses for industrial control systems (ICS). This initiative aligns with the federal government's focus on securing critical infrastructure, as outlined in the US National Cybersecurity Strategy. MITRE is also working on releasing additional modules for Caldera for OT in collaboration with CISA and other organizations. #MITRE #CISA #OT #cybersecurity #ICS
https://www.infosecurity-magazine.com/news/mitre-cisa-ot-attack-emulation-tool/
Dastardly is a lightweight web app security scanner from Burp Suite. It scans for seven common security flaws in software development. The latest release includes upgrades such as scanning for iframe-generated queries and floating input fields. Dastardly uses a DAST methodology and generates a JUnit XML report on vulnerabilities discovered during the scan. It fails the build if it detects vulnerabilities of low, medium, or high severity. #BurpSuite #WebAppSecurityScanner
https://cybersecuritynews.com/dastardly-web-app-security-scanner/
Samsung has issued patches for multiple critical security flaws in Galaxy phones and tablets. The September 2023 security patch fixed 62 bugs, including 4 critical, 19 high, 2 moderate, and 2 low priority issues. The patch is currently available for the S series and will soon be available for other devices. Samsung has also fixed security flaws in various applications. The company assures that all mentioned applications and features are now secure. The September 2023 security patch may also be available for premium devices. Samsung has stopped supporting the Galaxy Note 10 and Note 10+. Stay updated with the latest Cyber Security News. Hashtags: #Samsung #SecurityFlaws #Vulnerability.
https://cybersecuritynews.com/samsung-patches-security-flaws/
AtlasVPN Zero-day vulnerability discovered in Linux, allowing IP address leak. HTTP server lacks authentication, allowing for easy disconnecting of AtlasVPN. Lack of authentication also allows for potential IP address leakage. CORS bypassed, exposing data to external sources. Upgrade to version 1.0.3 to fix vulnerability. #AtlasVPN #ZeroDay #IPLeak #CyberSecurityNews
https://cybersecuritynews.com/atlasvpn-zero-day-vulnerability/
United Airlines experienced a nationwide ground stop due to a software update glitch, causing departures to be halted. The issue was not a cybersecurity problem, according to the airline. The ground stop lasted a little over an hour, with only seven flights being canceled. However, more than 350 flights were delayed. The FAA is investigating the cause of the issue. #UnitedAirlines #GroundStop #SoftwareUpdateGlitch #FlightDelays #FAA
Hackers steal $40m from cryptocurrency betting platform Stake.com. Investigation underway and user funds are safe. Hot wallets were targeted, while other wallets were unaffected. The issue has been remediated and all services have resumed. Hot wallets are commonly targeted by cybercrime actors.
https://www.infosecurity-magazine.com/news/crypto-casino-stakecom-online-40m/
Security researchers have uncovered an underground phishing "empire" known as W3LL. It has targeted 56,000 Microsoft 365 accounts and generated $500,000 in just 10 months. The W3LL store offers a range of sophisticated phishing tools and is a one-stop shop for business email compromise (BEC) threat actors. The most popular tool is the W3LL panel, which helps bypass multi-factor authentication. The demand for phishing tools has created a thriving underground market. Hashtags: #W3LL #phishing #BEC #cybercrime #Microsoft365.
https://www.infosecurity-magazine.com/news/experts-uncover-underground/
UK boards are showing less concern about cyber-risk, according to a study from Proofpoint. Just 44% of UK board members are concerned about cybersecurity risk, compared to 73% of global board members. Poor communication between board members and their CISOs may be contributing to this disparity. UK directors ranked malware, cloud account compromise, and ransomware as their top concerns, while CISOs chose email fraud/BEC, insider threat, and cloud account compromise. It is important for boards to invest in improving preparedness and organizational resilience. #CyberRisk #BoardPerspective #CISOAlignment
https://www.infosecurity-magazine.com/news/uk-boards-less-concerned-cyber-risk/
Holiday Season Cyber Alert: Reflectiz Declares War on Magecart - Cyber Security News
Reflectiz offers a remote solution to battle Magecart web-skimming attacks during the Holiday Season. Online retailers struggle to add new security layers due to website code restrictions. Reflectiz's external, non-intrusive solution detects code changes and prevents Magecart attacks without impacting website performance. It requires no code implementation and has zero impact on IT resources. Reflectiz detected Magecart attacks on over 150 websites in 2023. Sign up today for their exclusive offer. #cybersecurity #websecurity #Magecart #holidays #onlineretail
Note: The number of sentences and hashtags were not specified in the request, so I provided a summary with 5 sentences and 5 hashtags as an example.
https://cybersecuritynews.com/holiday-season-cyber-alert-reflectiz-declares-war-on-magecart/
Hackers are weaponizing MinIO Storage System flaws to execute remote code. The vulnerabilities exist on the MinIO, an Amazon S3 cloud storage service. These vulnerabilities allow threat actors to exploit information disclosure and bypass bucket name checking. The severity of the vulnerabilities is high. A proof-of-concept for these vulnerabilities was publicly disclosed. #MinIO #StorageSystem #vulnerabilities
https://cybersecuritynews.com/hackers-weaponizing-minio-storage-system-flaws/
A privilege escalation vulnerability in Windows's File History service allows attackers to gain escalated privileges on a Windows system. Microsoft has released patches to fix this issue. #cybersecurity #vulnerability #windows
Affected products include Windows Server 2019, Windows 10, Windows Server 2016, Windows Server 2008, and more. Users are advised to upgrade to the latest version. #security #windows
For more cybersecurity news and updates, follow us on Google News, LinkedIn, Twitter, and Facebook. #news #technology
https://cybersecuritynews.com/windowss-file-history-service-flaw/
Inconsistencies in the Common Vulnerability Scoring System (CVSS) are revealed in a recent study. The study shows that evaluations of vulnerabilities often differ among analysts, raising questions about the consistency of CVSS assessments. Factors influencing these evaluations are also explored. Despite the inconsistencies, CVSS is still seen as a useful tool for vulnerability assessment. Recommendations for improving scoring consistency are provided. #CVSS #vulnerabilities #security