Welcome to v060 : Dashing through the net, in a cloud-based CMS
December 4, 2024
v031 is one better than v030 – so let’s get to some cyber-news. I love the article on DEI and how it helps reduce risk. If you haven’t been hit by Quishing, get ready. Also read about huge botnets, the global cybersecurity agreement, and Biden’s AI Executive Order. Don’t forget to exercise your ChatGPT muscle every day. Remember, AI will not replace people, but people that know how to use AI will replace those that don’t.
How Diversity and Inclusion Initiatives Can Reduce Cyber Risk
| In the aftermath of the national reckoning on racial justice ignited by the tragic events involving George Floyd, it became evident that despite good intentions, the cybersecurity sector had not tackled the field’s predominantly white and male composition. |  |
The Danger of Forgotten Pixels on Websites: A New Case Study
 |
While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases. |
Quishing is the new phishing: What you need to know
| Cybercrime always seems to find a new way to take advantage of modern technologies and now QR codes are the next it thing. |  |
*** ChatGPT Quip of the Week *** |
Prompt: Will cybersecurity threats increase or decrease over the next 10 years? Response: Predicting the trajectory of cybersecurity threats over the next decade is a complex task, influenced by the evolving landscape of technology, emerging threat vectors, and advancements in cybersecurity measures. While technological innovations may introduce new vulnerabilities, the increasing emphasis on cybersecurity awareness, robust defenses, and international collaboration suggests a proactive stance against cyber threats. The interplay of geopolitical factors, economic shifts, and the maturation of cybersecurity strategies will heavily influence the overall trend. It is plausible that both the frequency and sophistication of cyber threats may increase, necessitating continuous adaptation of security measures. However, concerted global efforts to strengthen cybersecurity practices may mitigate these risks, leading to a more resilient and secure digital environment over the long term. |
Microsoft Set to Retire Grunge-Era VBScript, to Cybercrime’s Chagrin
| Popular malware like QakBot and DarkGate rely on VBScript, which dates back to 1996 — but their days are numbered now that Microsoft is finally deprecating the Windows programming language. |  |
U.S. Energy Giant Falls Victim to Unprecedented QR Code Phishing Attack
 |
Phishing attackers have found a new method to infiltrate their targets. In an unprecedented move, a major U.S. energy company was subjected to a QR code phishing attack that utilized QR codes to bypass traditional email security tools. |
A Widespread 400,000-Node Proxy Botnet Uncovered
| Researchers have recently revealed the existence of a vast and alarming Node Proxy Botnet. This network encompasses over 400,000 Windows systems, all infected with devious malware. The hidden operations of this botnet, along with its impacts and means of protection, are discussed below. |  |
Google, Yahoo Push DMARC, Forcing Companies to Catch Up
 |
The move means that DMARC, already in use by half of enterprises, will become table stakes for anyone using email for marketing. |
Biden’s Artificial Intelligence Executive Order Covers Broad Concerns
| The executive order is ambitious and seeks to protect a variety of different groups that are most at risk from the irresponsible use of AI. |  |
CVSS 4.0 Is Here, but Prioritizing Patches Still a Hard Problem
 |
CVSS Version 4 arguably performs better, but companies also need to tailor any measure of threat to their own environment to quickly evaluate new software bugs for patching order. |
Global AI Cybersecurity Agreement Signed At Turing’s Bletchley Park
| Dozens of countries commit to collaborate on artificial intelligence cybersecurity, fittingly at the British home of the WWII codebreakers. |  |
Vulnerability Vortex
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
| The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation |  |
Read also
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.
Let’s Socialize
Popular Post
Welcome to v059 : It’s Cyber Budget Time
November 12, 2024