SecurityWeek Briefing

Dropbox hacked:  Source code, data stolen.

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 02 November 2022, 2331 UTC.  Content provided by email subscription to "SecurityWeek Briefing."

Source:  https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGqRQBnqtQbnpqBplMMvdhJnCQX

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjounrnal.net and https://paper.li/RussellRoberts).

SecurityWeek Weekend Briefing | Wednesday, November 2, 2022 Hackers Stole Source Code, Data From Dropbox Fortinet Patches 6 High-Severity Vulnerabilities Minority Persecuted in Iran Targeted With Sophisticated Android Spyware US Electric Cooperatives Awarded $15 Million to Expand ICS Security Capabilities CISA Urges Organizations to Implement Phishing-Resistant MFA Microsoft Patches Azure Cosmos DB Flaw Leading to Remote Code Execution Anxiously Awaited OpenSSL Vulnerability's Severity Downgraded From Critical to High Webinar | November 3, 2022 | 12PM ET ESG: A CISO's Guide to an Emerging Risk Cornerstone Join Mastercard and SecurityWeek for a live session as we discuss the strategies and tools needed to mitigate ESG risk on a business’s supply chain and reputation. Register for Session Tailoring Security Training to Specific Kinds of Threats By focusing on attack tactics and techniques that pose clear and present danger to the business, a company can achieve the greatest return on its training initiatives. -  Read the Column by Jeff Orloff How to Prepare for New SEC Cybersecurity Disclosure Requirements The new SEC requirements are putting on paper what many companies—public and private—should have been investing in already. -  Read the Column by Gordon Lawson Leveraging Managed Services to Optimize Your Threat Intelligence Program During an Economic Downturn How organizations can use managed services to optimize their threat intelligence program during an economic downturn. -  Read the Column by Landon Winkelvoss Deepfakes - Significant Risk or Hyped Threat? SecurityWeek spoke to Nasir Memon, an IEEE Fellow and NYU professor to understand the current state and future significance of deepfakes. Read More If you missed it... Anxiously Awaited OpenSSL Vulnerability's Severity Downgraded From Critical to High FTC Orders Chegg to Improve Security Following Multiple Data Breaches Bed Bath & Beyond Investigating Data Breach After Employee Falls for Phishing Attack US Gov Issues Supply Chain Security Guidance for Software Suppliers Engineering Workstations Used as Initial Access Vector in Many ICS/OT Attacks: Survey Copper Giant Shuts Down Systems Due to Cyberattack RSS Feed | Webcasts | Virtual Events © 2022 Wired Business Media

The Hacker News Daily Updates

Critical RCE vulnerability reported in ConnectWise server.

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 01 November 2022, 2147 UTC.  Content supplied by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGqRPzfVhmbClcsDXVXPrQdgVCT

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

Reduce Non-vital Security Alerts by 97% with MxDR by OpenText With a shortage of several million security workers in the workforce, IT teams do not have time to chase after non-vital and false positive security alerts. Download Now Sponsored

LATEST NEWS Nov 1, 2022

Last Years Open Source - Tomorrow's Vulnerabilities Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: "given enough eyeballs, all bugs are shallow." This phrase puts the finger on the very principle of open source: the more, the merrier - if the code is easily available for anyone and ... Read More

Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM). The issue, characterized as a "neutralization of Special Elements in Output Used by a Downstream Component," could be abused to ... Read More

Fodcha DDoS Botnet Resurfaces with New Capabilities The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, ... Read More

Tips for Choosing a Pentesting Company In today's world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider? The sheer ... Read More

Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a ... Read More

Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when ... Read More

GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks. The RepoJacking technique, disclosed by Checkmarx, entails a bypass of a protection mechanism called popular ... Read More

Twilio Reveals Another Breach from the Same Hackers Behind the August Hack Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the ... Read More

Reduce Non-vital Security Alerts by 97% with MxDR by OpenText With a shortage of several million security workers in the workforce, IT teams do not have time to chase after non-vital and false positive security alerts. Download Now Sponsored