News: Understanding the Difference Between Penetration Testing and Vulnerability Scanning
| Our clients often ask, “What is the difference between vulnerability scanning and penetration testing?” It’s a question that deserves attention, not only because of its frequency but also due to its critical role in shaping an organization’s cybersecurity strategy. Understanding the differences between these two assessments and when to employ each is essential in fortifying digital defenses and mitigating potential threats. |  |
Cybercrime: Cyber kidnapping in US illustrates growing crime trend
 |
The “cyber kidnapping” scam that extorted the Chinese family of a foreign exchange student studying in the US is part of a larger criminal trend that parents across the globe could fall victim to, experts warned |
News: The real threat to cybersecurity isn’t cybercrime, it’s burnout
| Cybercrime poses a significant threat to industries and individuals alike. However, there are some less obvious but just as damaging issues that we need to be wary of, too. The new menace threatening cyberspace is burnout. |  |
ChatGPT Quip &
|
 |
|
Prompt: Response:
|
News: What’s It Like to Be the Victim of Cyber Crimes?
| A pair of new studies take an in-depth look at the experiences of residents and businesses in Virginia who have fallen victim to cyber crimes, hoping the findings can inform strong cybersecurity moving forward. |  |
News: 26 Cyber Security Stats Every User Should Be Aware Of In 2024
 |
26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technology. |
News: Why Demand for Tabletop Exercises Is Growing
| Tabletop exercises can be an effective and affordable way to test an organization’s defense and response capabilities against cyberattack. |  |
News: 4 Ways Hackers use Social Engineering to Bypass MFA
 |
When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it’s important to remember that MFA isn’t foolproof. It can be bypassed, and it often is. |
News: Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?
| Incident response (IR) is a race against time. You engage your internal or external team because there’s enough evidence that something bad is happening, but you’re still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections. However, the identity aspect – namely the pinpointing of compromised user accounts that were used to spread in your network – unfortunately remains unattended. This task proves to be the most time-consuming for IR teams and has become a challenging uphill battle that enables attackers to earn precious time in which they can still inflict damage. |  |
News: Bad news for BitLocker users — its encryption can be cracked remarkable easily
 |
YouTuber shows how BitLocker can be cracked in less than a minute |
News: Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel
| An active cloud account takeover campaign has impacted dozens of Azure environments and compromised hundreds of user accounts. |  |
News: Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses
 |
The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. |
AI: Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks
| Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations. |  |
Cybercrime: Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks
 |
A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that’s capable of harvesting identity documents, facial recognition data, and intercepting SMS. |
News: New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks
| A couple of Wi-Fi authentication bypass vulnerabilities found in open source software can expose enterprise and home networks to attacks. |  |
News: New Google Chrome feature blocks attacks against home networks
 |
Google is testing a new feature to prevent malicious public websites from pivoting through a user’s browser to attack devices and services on internal, private networks. |
Vulnerability Vortex
WordPress Plugin Alert – Critical SQLi Vulnerability Threatens 200K+ Websites
| A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. |  |
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws
 |
VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. |
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws
| Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. |  |
Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client
 |
Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. |
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware
| Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. |  |
VMware Critical Flaws Let Attackers Execute Remote Code
 |
Vulnerabilities in VMware software expose it to remote execution of code by threat actors due to critical defects |
Microsoft’s March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws
| Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. |  |
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware
 |
A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. |
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
| Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. |  |
WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
 |
WordPress users of miniOrange’s Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. |
Read also
Welcome to v062 : Roses are red, violets are blue, cyber-hackers are waiting for you
Welcome to v061 : New Year’s Resolution: Strengthen Cybersecurity, Protect Missions.
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.