Welcome to v059 : It’s Cyber Budget Time
November 12, 2024
v036 is News you can’t Refuse! There’s discussion of an Apple breach, attack vector updates, CISA warnings, Google workspace security, and costs of a breach. All good stuff. If you’re a nonprofit or association professional and you’re intersted in a bi-monthly cybersecurity community forum – then you’ll want to join us on CyberSense: Making Sense of Cyber. Just email me and I’ll add you to the list!
Hacking the Human Mind: Exploiting Vulnerabilities in the ‘First Line of Cyber Defense
| Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for attackers. Over the years, these attackers have developed their expertise in exploiting various human qualities, sharpening their skills to manipulate biases and emotional triggers with the objective of influencing human behaviour to compromise security whether it be personal and organisational security. |  |
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches
 |
Data breaches are rapidly accelerating, according to a number-crunching report from Apple this week — heightening the need to finally implement end-to-end data encryption. |
Non-Human Access is the Path of Least Resistance: A 2023 Recap
| 2023 has seen its fair share of cyber attacks, however there’s one attack vector that proves to be more prominent than others – non-human access. With 11 high-profile attacks in 13 months and an ever-growing ungoverned attack surface, non-human identities are the new perimeter, and 2023 is only the beginning. |  |
ChatGPT Quip &
|
 |
|
Prompt: Response: “Global Retail Chain Suffers Major Data Breach: Millions of Customers’ Payment Information Compromised” “Nation-State Cyber Attack Disrupts Power Grids in Multiple Countries, Prompting International Security Concerns” “Major Software Vulnerability Discovered in Widely Used Operating System: Urgent Patches Released” “Ransomware Attack on Healthcare Systems Highlights Increasing Cyber Threats to Critical Infrastructure” |
Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update
| The company’s final patch release for 2023 contained fixes for a total of just 36 vulnerabilities — none of which, for a change, were zero-days. |  |
Surprise! Email from personal.information.reveal@gmail.com is not going to contain good news
 |
Karakurt, a particularly nasty extortion gang that uses “extensive harassment” to pressure victims into handing over millions of dollars in ransom payments after compromising their IT infrastructure, pose a “significant challenge” for network defenders, we’re told.. |
CISA urges vendors to get rid of default passwords
| Cybersecurity officials also issued new guidance on open source software through secure-by-design practices. |  |
Are We Ready to Give Up on Security Awareness Training?
 |
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still engaging in insecure behaviors at the workplace. Besides, social engineering remains one of the most prevalent attacks, followed by a successful data breach. |
Google Workspace Security Best Practices for Ultimate G Suite Security
| The use of Google Workspace cloud applications like Google Drive and Gmail can help companies significantly boost workforce productivity and collaboration. On the other hand, G Suite comprises vital business information like emails, documents, and calendars, making it an attractive target for cybercriminals. So, protecting this ecosystem is paramount, given the sensitive data and communication it manages. |  |
Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices
 |
John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 |
Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024
| Political and economic motivations impel nation-state and independent hackers, while the European Union strives to keep its members secure and prepared. |  |
Vulnerability Vortex
Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle
| Adobe warned users on both Windows and macOS systems about exposure to code execution, memory leaks and denial-of-service security issues.. |  |
Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware
 |
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. |
Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild – Update ASAP
| Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. |  |
Google Releases Eighth Zero-Day Patch of 2023 for Chrome
 |
CVE-2023-7024, exploited in the wild prior to patching, is a Chrome vulnerability that allows remote code execution within the browser’s WebRTC component. |
Researchers uncover major security issue in Microsoft Azure – here’s what we know
| Microsoft’s Azure cloud platform carries a high-severity security vulnerability that could result in victim organizations unknowingly executing malware on their endpoints, experts have warned. |  |
Read also
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.
Let’s Socialize
Popular Post
Welcome to v058 : Cyber Fright Night
October 29, 2024