Default avatar
npub1k7kx...36zj
npub1k7kx...36zj
npub1k7kx...36zj 2 years ago
Google has made passkeys the default sign-in option for all users, as part of efforts to move towards passwordless authentication. Passkeys enable users to sign into apps and websites using biometric sensors, such as fingerprint or facial recognition, PIN, or pattern. They are phishing resistant, more secure than passwords, and remove the need for multi-factor authentication. The shift towards passkeys is part of a wider industry trend to reduce reliance on passwords. #CyberMonth #Passkeys #PasswordlessAuthentication #BiometricAuthentication
Infosecurity Magazine
#CyberMonth: Google Makes Passkeys Default Sign-In Option
The tech giant said the move is designed to help efforts to make passwords obsolete
npub1k7kx...36zj 2 years ago
Summary: 1. Google updates its Chronicle Security Operations platform to unify SIEM and SOAR solutions. 2. Open Systems announces the general availability of its OT firewall service. 3. Signal Protocol is hardened against quantum threats. 4. IT-ISAC hosts the Election Security Research Forum. 5. Yubico starts trading on Nasdaq in Stockholm. 6. Pizza Hut Australia hacked, compromising personal information of customers. 7. Florida man sentenced to prison for BEC scheme. 8. New revelations from the Snowden files. 9. ShroudedSnooper targets telecom providers in the Middle East. 10. Israeli spyware exploits ad systems. 11. MOVEit hack impacts 1,200 organizations. Hashtags: #Cybersecurity #GoogleChronicle #OTfirewallservice #SignalProtocol #ElectionSecurity #Yubico #PizzaHut #BECscheme #SnowdenFiles #ShroudedSnooper #IsraeliSpyware #MOVEithack Please note that the text provided contains a lot of irrelevant information, so the summary is based only on the relevant points extracted.
SecurityWeek
In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
Noteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event.
npub1k7kx...36zj 2 years ago
Google has announced that Chromebooks released from 2021 onwards will receive automatic updates, including security patches, for 10 years. #Google #Chromebooks #AutomaticUpdates The automatic security update lifecycle will apply to Chromebooks released since 2021, but older devices may also receive extended security updates for 10 years after their release. #Chromebooks #SecurityUpdates Even after the automatic updates lifecycle ends, Chromebooks will continue to have built-in security features to keep them safe, such as Verified Boot. #Chromebooks #SecurityFeatures
SecurityWeek
Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates
Google Chromebooks released from 2021 and onwards will receive automatic updates, including security patches, for 10 years.
npub1k7kx...36zj 2 years ago
Researchers have discovered critical vulnerabilities in Proton Mail that could compromise user security. The vulnerabilities centered around the web client, exposing potential weak points in the security chain. Attackers could steal decrypted emails and impersonate users by tricking them into interacting with maliciously crafted messages. Proton Mail promptly addressed the issues and removed SVG support to mitigate the vulnerabilities. The importance of proactive security measures in maintaining the integrity and privacy of sensitive communications is highlighted. #cybersecurity #ProtonMail #vulnerability
Cyber Security News
Proton Mail Vulnerabilities Would Allow Attackers to Steal Emails
A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned priv...
npub1k7kx...36zj 2 years ago
Top 3 Malware Threatening Businesses in Q2 2023: RATs and loaders are the primary security concerns, with an increase of 12.8% quarter over quarter. The top three malware families are njRAT, Remcos, and RedLine. Companies must implement additional security measures to reduce the chance of falling prey to an attack. #malwarethreats #cybersecurity #njRAT #Remcos #RedLine
Cyber Security News
Top 3 Malware Threatening Businesses in Q2 2023
ANY.RUN, an interactive online sandbox for fast malware analysis, has published the results of its research into the top cyber threat trends in Q2 ...
npub1k7kx...36zj 2 years ago
1. Healthcare data breaches decrease by 15%, but number of victims surges by 31% in H1 2023. #cybersecurity #data breaches #healthcare 2. Breaches due to hacking and IT incidents account for 73% of total breaches. #hacking #IT #breaches 3. Network server vulnerabilities responsible for 97% of compromised records. #networksecurity #vulnerabilities #compromisedrecords 4. Business associates face increased targeting in data breaches. #thirdparties #dataloss #businessassociates 5. Proactive defense strategies and incident response planning crucial in healthcare cybersecurity. #proactive #incidentresponse #cybersecurityinvestments
Infosecurity Magazine
Critical Insight Report: 15% Drop in Breaches, 31% Surge in Victims
The research also highlights a shift in hacker tactics toward exploiting network server flaws
npub1k7kx...36zj 2 years ago
Summary: The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an Adobe ColdFusion vulnerability, CVE-2023-26359, which was patched in March, is being exploited. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog and has instructed government organizations to address the issue by September 11. Adobe ColdFusion vulnerabilities have been used by various threat actors in the past. Hashtags: #CISA #Adobe #ColdFusion #vulnerability #cybersecurity
SecurityWeek
CISA Warns of Another Exploited Adobe ColdFusion Vulnerability
CISA warns that CVE-2023-26359, an Adobe ColdFusion vulnerability patched in March, has been exploited in the wild.
npub1k7kx...36zj 2 years ago
Ivanti ships urgent patch for API authentication bypass vulnerability. #Ivanti #API #vulnerability #securitypatch A critical-severity vulnerability in Ivanti Sentry exposes sensitive API data and configurations. #IvantiSentry #API #vulnerability #dataexposure The vulnerability affects Ivanti Sentry versions 9.18 and prior, allowing malicious hackers to change configurations, run system commands, or write files onto the system. #IvantiSentry #securityflaw #hackers While the vulnerability is critical, there is low risk of exploitation for enterprise administrations who do not expose port 8443 to the internet. #securityrisk #networkprotection Ivanti recommends restricting access to MICS to internal management networks and not exposing it to the internet. #networksecurity #accessrestriction
SecurityWeek
Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability
A critical-severity vulnerability in the Ivanti Sentry (formerly MobileIron Sentry) product exposes sensitive API data and configurations.
npub1k7kx...36zj 2 years ago
Summary: A major energy company has become the target of a phishing campaign that uses QR codes to trick users into scanning them for enhanced security. The campaign has seen a 2400% increase in volume since May 2023, with over 29% of the malicious emails directed at the energy sector company. Other industries affected include manufacturing, insurance, technology, and financial services. The attackers send emails posing as Microsoft security notifications and include PNG or PDF attachments with QR codes. The QR codes redirect users to seemingly legitimate domains, such as Bing and Salesforce, which have been weaponized for the attacks. Security experts recommend using QR code scanners and image recognition technology as a defense, along with user education to discourage scanning QR codes from unsolicited emails. Swift adaptation and robust defenses are crucial to combat evolving cyber-criminal tactics. Hashtags: #Phishing #QRCodeThreat #Cybersecurity #EnergySector #SecurityMeasures #QRCodeScanners #UserEducation #CyberAttacks #Adaptation #Defense
Infosecurity Magazine
QR Code Campaign Targets Major Energy Firm
Cofense said that over 29% of the malicious emails were directed at the energy sector giant
npub1k7kx...36zj 2 years ago
Exploitation of Citrix ShareFile vulnerability spikes as CISA warns of the issue. #Citrix #ShareFile #vulnerability #exploitation #CISA Summary: Exploitation attempts targeting Citrix's ShareFile product have increased after the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability to its Known Exploited Vulnerabilities Catalog. The vulnerability, tracked as CVE-2023-24489, can allow an unauthenticated attacker to upload arbitrary files and possibly achieve remote code execution. GreyNoise reported a "huge spike" in exploitation attempts from 72 unique IPs after CISA's warning. It is unclear what the attackers are trying to achieve, but Citrix vulnerabilities are often exploited by cybercriminals and state-sponsored actors.
SecurityWeek
Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning
Exploitation of a Citrix ShareFile vulnerability tracked as CVE-2023-24489 has spiked as CISA added it to its ‘must patch’ catalog.
npub1k7kx...36zj 2 years ago
Google released Chrome 116, fixing 26 bugs including 8 critical flaws. #Google #Chrome #BugFix CVE-2023-2312 is a critical vulnerability in Chrome 116 that earned a $30,000 bug bounty reward. #CVE-2023-2312 #Chrome #BugBounty CVE-2023-4349 is another critical vulnerability in Chrome 116 that affects Device Trust Connectors. #CVE-2023-4349 #Chrome #DeviceTrustConnectors Threat actors have been tricking users into installing fake updates to download malware. #Malware #FakeUpdate #ThreatActors
Infosecurity Magazine
Google Fixes 26 Bugs Amid Fake Update Warning
Chrome 116 update fixes eight critical flaws
npub1k7kx...36zj 2 years ago
Summary: Cleaning products manufacturer Clorox Company has taken certain systems offline in response to a cyberattack. The company detected unusual activity on its IT systems and immediately took steps to stop it, as well as implementing additional security measures. Some operations are temporarily impaired, but the company is working on workarounds to continue servicing customers. Clorox has informed law enforcement and is working with cybersecurity experts to investigate the attack. The nature and scope of the incident are still being investigated, and the company has not provided information on any data stolen or the restoration timeline. Hashtags: #Clorox #Cyberattack #Cybersecurity #Offline #Investigation
SecurityWeek
Cleaning Products Giant Clorox Takes Systems Offline Following Cyberattack
Cleaning products manufacturer and marketer Clorox Company has taken certain systems offline after falling victim to a cyberattack.
npub1k7kx...36zj 2 years ago
Summary: 1. Secure Web Gateways (SWGs) are essential for network security, protecting users from online threats and enforcing security regulations. 2. SWGs intercept and examine internet traffic, blocking access to harmful websites and detecting and blocking malware. 3. They regulate web app use, inspect encrypted traffic, and manage bandwidth for efficient network usage. 4. Key features of SWGs include web filtering, malware protection, SSL/TLS inspection, application control, data loss prevention, bandwidth management, and reporting and analytics. 5. The top 10 best secure web gateway vendors in 2023 are Perimeter 81, Zscaler, Cisco, SonicWall, Cloudflare, Barracuda Networks, McAfee, Check Point, OpenDNS, and Fortinet. Hashtags: #SecureWebGateway #NetworkSecurity #OnlineThreats #MalwareProtection #WebFiltering #DataLossPrevention #BandwidthManagement #VendorList
Cyber Security News
10 Best Secure Web Gateway Vendors In 2026
Best Secure Web Gateway Vendors : 1. Check Point's ZTNA 2. Zscaler 3. Palo Alto Prisma Access 4. Cisco Umbrella
npub1k7kx...36zj 2 years ago
Microsoft researchers have identified critical vulnerabilities in the CODESYS software development kit (SDK) that could allow threat actors to shut down power plants. The flaws, affecting all versions of CODESYS V3 SDK prior to 3.5.19.0, pose a risk of remote code execution (RCE) and denial of service (DoS) attacks. Exploitation is challenging, requiring user authentication and deep knowledge of the CODESYS V3 protocol. Microsoft has reported the vulnerabilities to CODESYS and urges customers to apply patches. #Microsoft #CODESYS #vulnerabilities #powerplants #cybersecurity
Infosecurity Magazine
Microsoft: Critical CODESYS Flaws Could Shut Down Power Plants
The vulnerabilities put critical infrastructure organizations at risk of attacks such as remote code execution (RCE) and denial of service (DoS)
npub1k7kx...36zj 2 years ago
Regulator warns against harmful web design that violates data protection laws. Online choice architecture practices can undermine consumer choice and control over personal information. Design tricks can have negative impacts on consumers' lives. Companies urged to make design choices that empower users and consider data protection implications. Hashtags: #DataProtection #WebDesign #ConsumerChoice
Infosecurity Magazine
Regulator: “Harmful” Web Design Could Break Data Protection Laws
ICO wants an end to dishonest practices