v033 offers cybernews to use so you don’t lose. Check out any one of thse informative blogs from my favorite cybernews sources: darkreading.com, securityaffairs.com, bleepingcomputer.com, and thehackernews.com. Those darn cybercriminals are hard at it, as usual. Now they’re offering phishing-as-a-service as well as RaaS. Business is booming in the underworld! Don’t forget the Vulnerability Vortex at the end.
Meet Your New Cybersecurity Auditor: Your Insurer
| As cyber insurance gets more expensive and competitive, security decision-makers have actionable opportunities to strengthen their cyber defenses. |  |
Guide: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks
 |
Gen AI usage is happening far in advance of efforts to implement safeguards and cybersecurity constraints. Three primary areas of security concern associated with generative AI are: sensitive data included in gen AI scripts, outcomes produced by these tools that may put an organization at risk, and potential hazards related to utilizing third-party generative AI tools. |
CVSS 4.0 Offers Significantly More Patching Context
| The latest vulnerability severity scoring system addresses gaps in the previous version; here’s how to get the most out of it. |  |
*** ChatGPT Quip of the Week *** |
Prompt: Create a limerick about the new phishing-as-a-service offerings in the cybercrime industry. Response: In the dark web’s cunning bazaar, |
Marina Bay Sands Becomes Latest Hospitality Cyber Victim
| Unknown attackers have accessed PII for hundreds of thousands of loyalty customers at the high-end Singapore establishment. |  |
There’s Only One Way to Solve the Cybersecurity Skills Gap
 |
The cybersecurity skills gap is making businesses more vulnerable, but it won’t be fixed by upskilling high-potential recruits alone. |
How to Outsmart Malware Attacks That Can Fool Antivirus Protection
| One of the main challenges for Android users is protecting themselves malicious applications that can damage devices or perform other harmful actions. |  |
When Good Security Awareness Programs Go Wrong
 |
Avoid making these mistakes when crafting a security awareness strategy at your organization. |
DOLLY.COM Pays Ransom, Attackers Release Data Anyway
| On-demand moving and delivery platform Dolly.com allegedly paid a ransom but crooks found an excuse not to hold their end of the bargain. |  |
Major Phishing-as-a-Service Syndicate ‘BulletProofLink’ Dismantled by Malaysian Authorities
 |
Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink. |
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
| A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. |  |
An entire state’s population just had its data stolen in a ransomware attack
 |
In a new notice posted on Maine’s official state government website, 1.3 million residents have had their data stolen as part of a ransomware attack that was first discovered on May 31 of this year. Again, 1.3 million individuals are affected in this data breach. Maine has over 1.3 million residents according to the 2022 U.S. Census. |
The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy
| In 2023, the global average cost of a data breach reached $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. |  |
Vulnerability Vortex
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
| The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database. |  |
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks
 |
A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. |
Gmail Hackers Leave Vital Clues Behind—Check These 3 Things Now
| With more than 1.8 billion active accounts, Gmail is not only one of the most used services online but one of the most targeted by hackers. It’s not hard to understand why, as Gmail soaks up around half of all email client usage by U.S. market share. Compromise a Gmail account and a threat actor, whether their motive is criminal profit or surveillance-driven, can expect to harvest plenty of information to help their cause: everything from password reset notifications to details of online transactions. |  |
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
 |
Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. |
Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
| Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. |  |
Read also
Welcome to v062 : Roses are red, violets are blue, cyber-hackers are waiting for you
Welcome to v061 : New Year’s Resolution: Strengthen Cybersecurity, Protect Missions.
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.