Welcome to v060 : Dashing through the net, in a cloud-based CMS
December 4, 2024
News: 10 Critical Endpoint Security Tips You Should Know
| In today’s digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers’ favorite targets. |  |
AI: 25 cybersecurity AI stats you should know
 |
In this article, you will find excerpts from reports we recently covered, which offer stats and insights into the challenges and cybersecurity issues arising from the expansion of AI. |
News: Microsoft fixes bug behind incorrect BitLocker encryption errors
| Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. |  |
ChatGPT Quip &
|
 |
|
Prompt: Response: When audits comb through books with keenest eyes, A fractional CIO, like trusted guide, For as accountants check the fiscal line, Trust not in chance, but in the skilled and known, |
News: New UK Law Bans Default Passwords On Smart Devices
| The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. |  |
News: 4-Step Approach to Mapping and Securing Your Organization’s Most Critical Assets
 |
You’re probably familiar with the term “critical assets”. But is every technology asset considered a critical asset? Moreover, is every technology asset considered a business-critical asset? How much do we really know about the risks to our business-critical assets? . |
Phishing: The Dark Side of Phishing Protection
| The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them – through email protection, firewall rules and employee education – phishing attacks are still a very risky attack vector. |  |
News: When ‘No’ & ‘Good Enough’ Challenge Cybersecurity
 |
As the digital landscape evolves, these words must become an impetus for innovation and dialogue, not insurmountable barriers. |
News: New Research Warns About Weak Offboarding Management and Insider Risks
| A recent study by Wing Security found that 63% of businesses may have former employees with access to organizational data, and that automating SaaS Security can help mitigate offboarding risks. |  |
Cybercrime: BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
 |
The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. |
News: OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered
| OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscuring their true identity. |  |
News: Your ‘free’ VPN may actually be a malware bot
 |
Law-enforcement authorities, coordinating the US Federal Bureau of Investigation and similar agencies in Germany, Singapore, and Thailand, have arrested the leaders of a worldwide botnet that relied on people downloading and installing software to create “free” virtual private networks (VPNs). |
AI: Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns
| Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. |  |
News: Malicious VSCode extensions with millions of installs discovered
 |
A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to “infect” over 100 organizations by trojanizing a copy of the popular ‘Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. |
News: LastPass says 12-hour outage caused by bad Chrome extension update
| LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. |  |
Breach: Cylance confirms data breach linked to ‘third-party’ platform
 |
Cybersecurity company Cylance confirmed the legitimacy of data being sold on a hacking forum, stating that it is old data stolen from a “third-party platform.” |
Vulnerability Vortex
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
| Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. |  |
Exploit for critical Veeam auth bypass available, patch now
 |
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. |
Nvidia Patches High-Severity GPU Driver Vulnerabilities
| Nvidia patches multiple high-severity vulnerabilities in GPU display drivers and virtual GPU software. |  |
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
 |
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. |
Microsoft Patch Tuesday Security Updates For June 2024 Fixed Only One Critical Issue
| Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities, only one of them is a publicly disclosed zero-day flaw. |  |
ASUS warns of critical remote authentication bypass on 7 routers
 |
ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices. |
New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now
| Microsoft has confirmed a new and quite alarming Wi-Fi vulnerability in Windows, which has been rated 8.8 out of 10 in terms of severity using the Common Vulnerability Scoring System. |  |
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
 |
ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. |
VMware fixes critical vCenter RCE vulnerability, patch now
| VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. |  |
Google Chrome 126 Update Addresses Multiple High Severity Flaws
 |
Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. |
Read also
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.
Let’s Socialize
Popular Post
Welcome to v059 : It’s Cyber Budget Time
November 12, 2024