SEC charges SolarWinds and CISO with misleading investors. #SECcharges #SolarWinds #CISO #misleadinginvestors
https://www.infosecurity-magazine.com/news/sec-charges-solarwinds-ciso/
The Åland Islands in Scandinavia have found a way to avoid high alcohol taxes by having their own autonomous parliament and maintaining a special status that exempts them from the EU's VAT area. As a result, people can stock up on tax-free alcohol on ferries between Finland and Sweden that stop at the islands. This tax hack helps support the economy of Åland.#HackingScandinavianTax#TaxFreeAlcohol
https://www.schneier.com/blog/archives/2023/10/hacking-scandinavian-alcohol-tax.html
Proofpoint is set to acquire Tessian for AI-powered email security tech in a deal that will address risk from misdirected emails and data exfiltration. The acquisition will remove a competitor from the email security market and add technology to detect and block risky user behaviors. The deal aims to embed Tessian's platform into Proofpoint's products to provide security tools integrated with Microsoft 365 and Google Workspace. The acquisition reflects consolidation in the email security category.
#Proofpoint #Tessian #emailsecurity #AI #cybersecurity
Source: SecurityWeek
https://www.securityweek.com/proofpoint-to-acquire-tessian-for-ai-powered-email-security-tech/
Florida SIM Swapper Sentenced to Prison for Cryptocurrency Theft
#Florida #SIMSwapper #CryptocurrencyTheft #Prison
A 20-year-old man from Florida has been sentenced to prison for his involvement in a hacking scheme that resulted in the theft of $1 million in cryptocurrency. The man, Jordan Dave Persad, used SIM swapping to hack into victims' email accounts and gain access to their cryptocurrency accounts. He and his co-conspirators targeted dozens of victims between March 2021 and September 2022, stealing approximately $1 million worth of cryptocurrency. Persad was sentenced to 30 months in prison and ordered to pay $945,833 in restitution. This case highlights the ongoing issue of cryptocurrency theft and the need for stronger security measures.
https://www.securityweek.com/florida-sim-swapper-sentenced-to-prison-for-cryptocurrency-theft/
Canada Bans WeChat and Kaspersky on Government Phones due to privacy and security risks. Chief Information Officer of Canada made the decision. Relations between Canada and China are strained. The move follows the ban of TikTok on government devices. Hashtags: #Canada #WeChat #Kaspersky #Privacy #Security #China.
https://www.securityweek.com/canada-bans-wechat-and-kaspersky-on-government-phones/
Biden issues Executive Order on Safe, Secure AI. New standards for AI safety and security established. Aim to protect privacy, advance equity and civil rights, and promote innovation and competition. Order supports UK's AI regulatory efforts. Actions outlined to protect against risks of AI systems. Concerns about privacy violations and spread of disinformation/misinformation. AI algorithms should not exacerbate discrimination. Plans to mitigate impacts of AI on jobs and maximize benefits. Focus on responsible and effective government use of AI. #AI #safety #security #privacy #equity #innovation #competition #discrimination #jobs #government
https://www.infosecurity-magazine.com/news/biden-issues-executive-order-on/
Summary: The SlashNext State of Phishing Report 2023 reveals a 1265% increase in phishing emails and a 967% rise in credential phishing attacks due to the use of generative AI like ChatGPT. The report emphasizes the need for organizations to adopt AI-driven solutions to counter AI-fueled cyber-threats.
Hashtags: #PhishingEmails #Cybersecurity #CredentialPhishing #GenerativeAI #ChatGPT #CyberThreats
https://www.infosecurity-magazine.com/news/chatgpt-linked-rise-phishing/
Lazarus Group targets legitimate software, leveraging malware distributed through it. The group shows sophistication in using advanced evasion techniques and deploying specific malware. The investigation suggests a connection to the 3CX supply chain attack. Kaspersky's Endpoint Security solution identified and stopped further attacks. Heightened vigilance is needed to combat this evolving threat. Recommended measures include keeping software and security measures up to date and implementing endpoint detection and response solutions. #LazarusGroup #Malware #Cybersecurity #SoftwareSupplyChain #Kaspersky
https://www.infosecurity-magazine.com/news/lazarus-group-targets-legitimate/
The ethical hacking community on the HackerOne platform has earned over $300 million in total rewards, with some hackers making more than a million dollars individually. Generative artificial intelligence (GenAI) has become a crucial tool for hackers, with 61% intending to create hacking tools that employ GenAI. Organizations in the cryptocurrency and blockchain sector offer the highest average total prizes for hackers. Hackers have become instrumental in addressing the skill and knowledge gap within organizations, preventing serious cyber crises. Exploited vulnerabilities pose a greater danger than nation-state actors, insider threats, and phishing. The average remediation time for vulnerabilities has decreased by 10 days, with aviation and aerospace industries being the slowest to patch. Hackers are exploring new career paths in "Pentesting" and "Secure Code Review". The report highlights the importance of a limited scope and prompt response times in encouraging hackers to report vulnerabilities. #bugbounty #cybersecurity #cybersecuritynews
NGINX ingress Security Flaw Let Attackers Kubernetes API Server Credentials. Three vulnerabilities were discovered in NGINX ingress controllers, allowing arbitrary command execution, code injection, and sanitization bypass. The severity ranges from 7.6 (High) to 10.0 (Critical) #cybersecuritynews #NGINX #vulnerability
Hackers infect Windows users with weaponized MSIX app packages. #cybersecurity #malware #vulnerability
https://cybersecuritynews.com/hackers-infect-windows-users-with-weaponized-msix-app-packages/
Summary: CISA has launched a new version of Logging Made Easy (LME), a log management solution for Windows-based devices. LME helps organizations improve cybersecurity by providing visibility into security events and activities on Windows devices. It collects and analyzes logs from various sources and is especially useful for small and medium-sized organizations. CISA plans to expand LME's capabilities based on user feedback and demand.
Hashtags: #CISA #logmanagement #cybersecurity #Windowsdevices
https://cybersecuritynews.com/cisa-announces-new-logging-made-easy-tool/
BIG-IP vulnerability allows remote code execution. Critical flaw identified as CVE-2023-46747. Configuration utility is affected. F5 reports issue and provides fixes. Mitigate by limiting access to trusted networks and devices. Upgrade to fixed version. #cybersecurity #vulnerability
Messaging Service Wiretap Discovered through Expired TLS Cert - A covert wiretap was discovered when the administrator of jabber.ru received a notification that a server's TLS certificate had expired. The expired certificate was found on a single port used for encrypted TLS connections, which could have allowed someone to decrypt the exchanged traffic. Hashtags: #certificates #maninthemiddleattacks #privacy #surveillance #TLS.
(Note: I cannot create a specified number of sentences or hashtags based on the provided prompt. The user needs to specify the desired numbers.)
Friday Squid Blogging: On the Ugliness of Squid Fishing - Schneier on Security. A squid ship is a bustling, bright, messy place. The scene on deck looks like a mechanic’s garage where an oil change has gone wrong. When they pull a squid on board, it squirts warm, viscous ink which coats the walls and floors. The hardest labor generally happens at night. The blinding glow of the bulbs, visible more than a hundred miles away, makes the surrounding blackness feel otherworldly. #squidfishing #seafood
F5 warns of critical remote code execution vulnerability in BIG-IP. Hashtags: #F5 #vulnerability #BIG-IP #remotecodeexecution.
https://www.securityweek.com/f5-warns-of-critical-remote-code-execution-vulnerability-in-big-ip/
1. Advanced 'StripedFly' Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools
2. Malware poses as cryptocurrency miner, remains unnoticed for five years
3. Malware uses modular framework and built-in Tor network tunnel
4. StripedFly has APT-like capabilities and sophisticated persistence methods
5. Malware can be used for financial gain and espionage
6. StripedFly shares similarities with ThunderCrypt ransomware and Equation malware
7. Purpose of StripedFly remains unclear
#Malware #CryptocurrencyMiner #Cybersecurity #StripedFly #APT #Ransomware #TorNetwork #Espionage
#Cybersecurity #ExNSAEmployee #RussiaSpying #EUThreatLandscape #CyberEducationFunding
Generative AI is valuable for organizations despite the risks it presents. Experts at the ISC2 Security Congress 2023 emphasize that while generative AI tools can be exploited by criminals and pose data and privacy risks, this is true for all technologies. Generative AI can enhance security by aiding in documentation, system configuration guidance, scripts and coding, process facilitation, and developing private generative AI tools. To mitigate AI risks, it is important to address unreliable results, avoid disclosing sensitive material, and consider copyright issues. Overall, the benefits of generative AI outweigh the risks.
#GenerativeAI #SecurityCongress #OrganizationalBenefits #Cybersecurity #MitigatingRisks
https://www.infosecurity-magazine.com/news/generative-ai-a-boon-for/
CISOs should use cybersecurity maturity frameworks to assess and improve their organization's cybersecurity posture. #CybersecurityAwarenessMonth #SecurityFrameworks
Security and customer trust should be core values of a business to earn the trust of consumers and stakeholders. #Trust #Transparency #SecurityValues
Adopting a shared responsibility model for cybersecurity ensures that everyone in the organization takes accountability for information security. #SharedResponsibility #InformationSecurity #Accountability
https://www.infosecurity-magazine.com/opinions/3-things-cisos-cybersecurity/