SecurityWeek: Cybersecurity News.

"Cybersecurity News, Insights, & Analysis from 'SecurityWeek.com.'"

Views expressed in this cybersecurity, cyber crime update ar those of the reporters and correspondents. Accessed on 06 October 2023, 2118 UTC. Content provided by email subscription to "SecurityWeek.com.").

Source: https://www.securityweek.com/ ("SecurityWeek.com").

Please click link or scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

MGM Resorts Says Ransomware Hack Cost $110 Million

MGM Resorts said costs from a disruptive ransomware hack has exceeded $110 million, including $10 million in one-time consulting cleanup fees.

Android Devices With Backdoored Firmware Found in US Schools

A global cybercriminal operation called BadBox has infected the firmware of more than 70,000 Android smartphones, CTV boxes, and tablets with the Triada malware.

Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations

US, Ukraine, and Israel remain the most heavily attacked by cyberespionage and cybercrime threat actors, Microsoft says.

In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters

Noteworthy stories that might have slipped under the radar: cybersecurity funding increases, new laws, and government’s illegal use of smartphone location data.

Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA

CISA and the NSA are urging network defenders and software developers to address the top ten cybersecurity misconfigurations.

Nonprofit Service Provider Blackbaud Settles Data Breach Case for $49.5M With States

The fundraising software company Blackbaud has agreed to pay $49.5 million to settle claims brought by the attorneys general of 49 states and Washington, D.C., related to a 2020 data breach.

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws

CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range.

Cisco Plugs Gaping Hole in Emergency Responder Software

Cisco warns that unauthenticated, remote attackers can log into devices using root account, which has default, static credentials that cannot be changed or deleted.

GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks

GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services.

BlackBerry to Split Cybersecurity, IoT Business Units

BlackBerry plans to split its cybersecurity and IOT (Internet of Things) businesses and pursue an IPO for the IOT unit early next year.

Red Cross Publishes Rules of Engagement for Hacktivists During War

ICRC is telling hacktivists involved in conflict during war to avoid targeting civilian objectives and hospitals, or making threats of violence.

CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors

New US government guidance details the challenges that application developers and vendors face in identity and access management (IAM).

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol

The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws

CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range.

Sony Confirms Data Stolen in Two Recent Hacker Attacks

Qualcomm Patches 3 Zero-Days Reported by Google

MGM Resorts Says Ransomware Hack Cost $110 Million

MGM Resorts said costs from a disruptive ransomware hack has exceeded $110 million, including $10 million in one-time consulting cleanup fees.

Android Devices With Backdoored Firmware Found in US Schools

A global cybercriminal operation called BadBox has infected the firmware of more than 70,000 Android smartphones, CTV boxes, and tablets with the Triada malware.

Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations

US, Ukraine, and Israel remain the most heavily attacked by cyberespionage and cybercrime threat actors, Microsoft says.

In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters

Noteworthy stories that might have slipped under the radar: cybersecurity funding increases, new laws, and government’s illegal use of smartphone location data.

Addressing the People Problem in Cybersecurity

Addressing the people problem with effective approaches and tools for users and security practitioners will enable us to work smarter, and force attackers into a position where they must work harder.
Marc SolomonRead more

Network, Meet Cloud; Cloud, Meet Network

The widely believed notion that the network and the cloud are two different and distinct entities is not true.
Matt WilsonRead more

Moving From Qualitative to Quantitative Cyber Risk Modeling

Migrating to a quantitative cyber risk model of analysis allows for more accurate data, which leads to more informed decision-making.
Fawaz RasheedRead more

Every Network Is Now an OT Network. Can Your Security Keep Up?

Many previously isolated OT networks, like manufacturing, processing, distribution, and inventory management, have now been woven into larger IT networks.
John MaddisonRead more

Navigating the Digital Frontier in Cybersecurity Awareness Month 2023

ZTNA stands out as a solution that enables organizations to minimize their attack surface while ensuring the productivity and security of their remote workforce.
Torsten GeorgeRead more

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Facebook
Twitter
LinkedIn
RSS Feed

Webinar: Beyond VPN Replacement: Other ZTNA superpowers CISOs Should Know

Tuesday, August 22, 2023
Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.
Register

Webinar: Scaling Software Supply Chain Security: Driving Actionable SBOM Management with the OpenSSF S2C2F OSS Specification

Thursday, September 7, 2023
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

SecurityWeek Briefing

"New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 10 September 2024, 0035 UTC. Content and Source: https://www.securityweek.com Please check link or scroll down to read your selections. Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Monday, September 9 , 2024 Are you worried about unmanaged devices and apps? LATEST CYBERSECURITY HEADLINES New RAMBO Attack Allows Air-Gapped Data Theft Predator Spyware Resurfaces With Fresh Infrastructure Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws 300,000 Impacted by Data Breach at Car Rental Firm Avis One Million US Kaspersky Customers Transferred to Pango’s UltraAV Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks CISA Breaks Silence on Controvers...