Welcome to v059 : It’s Cyber Budget Time
November 12, 2024
News: The Facts About Continuous Penetration Testing and Why It’s Important
| Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization’s digital assets to identify and mitigate security vulnerabilities. |  |
News: C-Suite Involvement in Cybersecurity Is Little More Than Lip Service
 |
Collaboration with security teams, making cybersecurity a core principle of business strategy, and investing in defenses better position organizations to thwart threats and ensure business continuity. |
GDPR: Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.
| The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending sensitive driver data to the U.S. |  |
Cyber Savvy AI Antics |
 |
|
Prompt: Create 5 funny, fake words that are a fusion between cybersecurity terms and mental states: Phishnosis Definition: A mental state where someone becomes highly paranoid of any and all incoming emails, convinced that every message is a phishing attempt—even if it’s just from Grandma. BufferRage Definition: Sudden outbursts of anger caused by memory overflow (often during presentations or when opening too many browser tabs). Authziety Definition: The panic experienced when someone realizes they’ve lost track of which authentication app or device they’ve used, leading to frantic searches for QR codes or one-time passwords. Ransomnesia Definition: A state of confusion resulting from an attack, where the victim forgets they’ve paid the ransom, only to pay again and again, unable to recall the original encryption key. Malwaranoia Definition: An irrational fear that every USB drive, website, or software update contains malware, causing excessive caution and disconnection from all technology. |
News: Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration
| Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. |  |
Phishing: New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials
 |
Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. |
Wordpress: Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites
| A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server. |  |
News: U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown
 |
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. |
News: NIST Cybersecurity Framework (CSF) and CTEM – Better Together
| It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally tailored for Critical infrastructure, 2018’s version 1.1 was designed for any organization looking to address cybersecurity risk management. |  |
News: The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025
 |
The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. |
News: One More Tool Will Do It? Reflecting on the CrowdStrike Fallout
| The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous third-party risk to the mix. |  |
News: Privileged Identity Management (PIM): For Many, a False Sense of Security
 |
PIM is described as a service within Microsoft Entra ID, designed to manage, control, and monitor access to crucial organizational resources, encompassing Microsoft Entra ID, Azure, and other Microsoft Online Services like Microsoft 365 and Microsoft Intune. |
News: Why Is It So Challenging to Go Passwordless?
| Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, “If it sounds too good to be true, it probably is.” |  |
News: Malicious Actors Sow Discord With False Election Compromise Claims
 |
The FBI and CISA are warning citizens of attempts to convince voters that US election infrastructure has been compromised. (It hasn’t been.) |
Breach: 23andMe to pay $30 million in genetics data breach settlement
| DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. |  |
News: Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel
 |
Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. |
Vulnerability Vortex
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
| VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10. |  |
ESET Fixed Two Privilege Escalation Flaws In Its Products
 |
ESET addressed two local privilege escalation vulnerabilities in security products for Windows and macOS operating systems. |
HPE patches three critical security holes in Aruba PAPI
| Aruba access points running AOS-8 and AOS-10 need to be patched urgently after HPE emitted fixes for three critical flaws in its networking subsidiary’s networking access points. |  |
Read also
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.
Let’s Socialize
Popular Post
Welcome to v058 : Cyber Fright Night
October 29, 2024