More results...
The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency (CISA). “In June 2023, threat…
Apple rolls out urgent iOS and iPadOS software updates and warned that zero-day exploitation has already been detected.
The post Apple Ships Urgent iOS Patch for WebKit Zero-Day appeared first on SecurityWeek.
New York startup $30 million in new financing to fuel plans to take advantage of the demand for AI-powered threat-intel security tools.
The post Cyware Snags $30M for Threat Intel Infrastructure Tech appeared first on SecurityWeek.
Learn how the Encrypted Visibility Engine (EVE) uses ML/AI to identify encrypted malware communication even when it is destined to trustworthy cloud services.
The US government’s cybersecurity agency adds VMware and Roundcube server flaws to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws appeared first on SecurityWeek.
St. Margaret’s Health in Illinois is shutting down hospitals partly due to a 2021 ransomware attack that caused serious payment system disruptions.
The post Ransomware Attack Played Major Role in Shutdown of Illinois Hospital appeared first on Security…
New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“:
Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers. This paper explores these impacts via a multi-stage, mixed methods research design that involved 69 expert interviews, data on commercial relationships, and an online validation workshop. The first stage of our study established 11 stylized facts that describe how cyber insurance sends work to a small numbers of IR firms, drives down the fee paid, and appoints lawyers to direct technical investigators. The second stage showed that lawyers when directing incident response often: introduce legalistic contractual and communication steps that slow-down incident response; advise IR practitioners not to write down remediation steps or to produce formal reports; and restrict access to any documents produced…
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident responders “…
Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape.
The post Security Pros: Before You Do Anything, Understand …
Barracuda Networks found that spearphishing exploits last year worked to great effect and took days to detect.
The post Spearphishing report: 50% of companies were impacted in 2022 appeared first on TechRepublic.