Cybersecurity
Gas distributor’s urgent OT security contract followed regulatory pressure...
Did OFGEM come knocking?
Cybersecurity
Hitachi, Rubrik, Hatch Bank among those hit after file transfer software exploited
Attackers hit file transfer software to leapfrog into other systems
Cybersecurity
“Extreme urgency”: Flurry of cybersecurity tenders show CNI security focus
"Events unforeseeable for the contracting entity”
Cybersecurity
As CVE-2023-23397 exploits proliferate, worry mounts
Security experts are warning that a critical Microsoft Outlook exploit is trivial to deploy and “will likely be leveraged imminently by actors for espionage purposes or financial gain” – after Ukrainian cybersecurity authorities disclosed CVE-2023-23397, a critical vulnerability that requires no user interaction to exploit. As The Stack reported, the critical
Cybersecurity
Check Point launches new global services offering
Check Point has launched a new integrated global services offering, as the cybersecurity company continues to tighten up its portfolio -- which is built around four pillars: “Quantum” for network security, “Harmony” for end-user devices, “CloudGuard” for cloud security and “Horizon” for SOC and security management. Check Point, whose CEO
Cybersecurity
Urgent: Microsoft 365 Apps being exploited in wild via CVSS 9.8 bug
Get domain admin by... just emailing the domain admin?
Cybersecurity
Fortinet exploits: Attackers tampered with firewall firmware
“System enters error-mode due to FIPS error: Firmware Integrity self-test failed” suggests compromises.
Cybersecurity
Veeam urges “immediate” updates after vulnerability exposes backup hosts
This may generate a lot of Black Hat interest...
Cybersecurity
This critical Microsoft Word RCE exploit requires just a few lines of code: We need more CHERI
POC lands for CVSS 9.8 Word bug CVE-2023-21716
Cybersecurity
US agencies warn over "Royal" ransomware rise
Phishing is key threat vector and a Blue Team bête noire...
Cybersecurity
Novel cloud attack pivoted from K8s to Lambda, pulled IAM keys from Terraform
A recent attack tracked by researchers at cloud security company Sysdig saw the attackers use an exposed Kubernetes container to move laterally to the victim’s AWS account – gaining initial access by exploiting a public-facing service in a self-managed Kubernetes cluster hosted inside an AWS cloud account. The company'
Cybersecurity
Server backup vulnerability piggybacked to live systems
Open source bug leads to server backup bug leads to... crime.