Many security engineers are already one foot out the door. Why? The position of security engineer has become a pivotal role for modern security teams. Practitioners are responsible for critical monitoring of networks and systems to identify threats or intrusions that could cause immense harm to an organization. They must analyze troves of security-related data, detect immediate […]

https://www.bleepingcomputer.com/news/security/hackers-can-steal-your-tesla-model-3-y-using-new-bluetooth-attack/ Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices. BLE technology is used in a wide spectrum of products, from electronics like laptops, mobile phones, smart locks, and building access control systems to cars like Tesla […]

https://www.schneier.com/crypto-gram/archives/2022/0515.html#cg1 New paper: “Planting Undetectable Backdoors in Machine Learning Models“: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier […]

A zero-day vulnerability in uClibc and uClibc-ng, a popular C standard library, could enable a malicious actor to launch DNS poisoning attacks on vulnerable IoT devices. The bug, tracked as ICS-VU-638779, which has yet to be patched, could leave users exposed to attack, researchers have warned. DNS poisoning In a DNS poisoning attack, the target domain name […]

A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight. Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing […]

Ransomware is a type of malicious program that demands payment after launching a cyber attack on a computer system. This type of malware has become increasingly popular among criminals, costing organizations millions each year. Security experts recognise that ransomware is one of the fastest-growing forms of cyber attack. Its prevalence and reach was emphasised when WannaCry, […]

Editor’s Note: When malware repository vx-underground launched in 2019, it hardly made a splash in the hacking world. “I had no success really,” said its founder, who goes by the online moniker smelly_vx. But over the last couple of years, the site’s popularity has soared thanks in part to its robust Twitter presence that mixes […]

In this video for Help Net Security, Paul Calatayud, CISO at Aqua Security, talks about cloud native security and the problem with the lack of understanding of risks to this environment. A recent survey of over 100 cloud professionals revealed that often businesses lead the charge in cloud, they see the opportunity, they move forward, but more and […]

Morgan-Stanley-Client-Accounts-Breached-in-Social-Engineering-Attacks-1Download

The Federal Communications Commission (FCC) added Kaspersky to its Covered List because it poses unacceptable risks to U.S. national security. The Federal Communications Commission (FCC) added multiple Kaspersky products and services to its Covered List saying that they pose unacceptable risks to U.S. national security. “The Federal Communications Commission’s Public Safety and Homeland Security Bureau today added […]

President Joe Biden on Tuesday signed into law a $1.5 million government funding bill that includes legislation mandating critical infrastructure owners report if their organization has been hacked or made a ransomware payment. Biden signed the legislation during a White House ceremony that was attended by administration officials and top Democratic lawmakers, including including House […]

Source: https:// doi.org /10.6028/NIST.IR.8286-draft2 ISO 31000: 2018 Enterprise Risk Management (CERM Academy Series on Enterprise Risk Management)

Building a Future-Proof Cloud Infrastructure: A Unified Architecture for Network, Security, and Storage Services

While some applications are still being built on a monolithic (all-in-one) architecture – i.e., all components in a single code base, on a single server, connected to the internet – an increasing number of them is now based on the microservices architecture, with each application microservice a self-contained functionality, “housed” in a container managed by […]

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The Ukrainian agency attributes the campaign to the Belarus-linked cyberespionage group tracked as UNC1151. In mid-January, […]

In Advanced Security Testing with Kali Linux you will learn topics like: The MITRE ATT@CK Framework Command & Control (C2) Frameworks Indepth Network Scanning Web App Pentesting Advanced Techniques like “Living off the Land” AV Bypass Tools Using IoT Devices in Security and much, much more!! Learning attacker Tactics, Techniques and Procedures (TTPs) are imperative in defending […]

Almost every part of our everyday lives is closely connected to the internet – we depend on it for communication, entertainment, information, running our households, even running our cars. Not everyone in the world has access to the same features and content on the internet, though, with some governments imposing restrictions on what you can […]

The master decryption keys for the Maze, Egregor, and Sekhmet ransomware families were released on the BleepingComputer forums by the alleged malware developer. The Maze group was considered one of the most prominent ransomware operations since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the […]

The world relies on technology. So, a strong cybersecurity program is more important than ever. The challenge of achieving good cyber hygiene can be especially acute for small- and medium-sized businesses. This is particularly true for those with fully remote or hybrid work environments. Add to the mix limited resources and limited talent focused on cybersecurity, and […]