Threat Intelligence
Biden Review Board Gives Microsoft a Big, Fat Raspberry
Richi Jennings | | Active Directory, Authentication, azure, Azure Active Directory, Azure AD, Azure security, cisa, CISA.gov, CSRB, Cyber Safety Review Board, Cybersecurity Infrastructure Security Administration, Entra ID, Exchange, Microsoft, Microsoft Azure, Microsoft Azure Active Directory, Microsoft Azure Security, Outlook.com, SB Blogwatch, Storm-0558
Storm-0558 forecast: Last year’s Chinese hack of federal agencies’ email is still a mystery, and “should never have occurred,” says CISA ...
Security Boulevard
Picus Security Melds Security Knowledge Graph with Open AI LLM
Picus Security today added an artificial intelligence (AI) capability to enable cybersecurity teams to automate tasks via a natural language interface. The capability, enabled by OpenAI, leverages the existing knowledge graph technologies ...
Security Boulevard
Sophos: Backups are in Ransomware Groups’ Crosshairs
Enterprises that ignore their data backups, in contemplating ransomware, do so at their own peril, according to cybersecurity firm Sophos. Protecting backups will significantly reduce the harm to a company hit by ...
Security Boulevard
The Cybersecurity Industry Starts Picking Through Malicious XZ Utils Code
The open source community, federal agencies and cybersecurity researchers are busy trying to get their hands around the security near-miss of the backdoor found in versions of the popular XZ Utils data ...
Security Boulevard
‘Darcula’ PhaaS Campaign Sinks Fangs into Victims
A sprawling phishing-as-a-service (PhaaS) campaign that has been running since at least last summer is using more than 20,000 fake domains to target a wide range of organizations in more than 100 ...
Security Boulevard
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
Industrial Enterprise Operational Technology Under Threat From Cyberattacks
One in four industrial enterprises had to temporarily cease operations due to cyberattacks within the past year, suggesting operational technology must improve ...
Security Boulevard
Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones
Richi Jennings | | 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA solution, 2FA/MFA, Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iCloud, Apple ID, Apple ID failure, Apple iOS, Apple iPad, Apple iPhone, bypass 2FA, MFA, MFA Bombing, mfa fatigue, MFA hacks, mfa protection, mfasecurity, Multi-Factor Authentication (MFA), OTP, OTP circumvention bot, OTP interception bot, phishing-resistant MFA, push otp, SB Blogwatch, TOTP, two-factor-authentication.2fa
Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support ...
Security Boulevard
Google: Zero-Day Attacks Rise, Spyware and China are Dangers
The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors and China-backed cyberespionage groups playing an increasingly bigger role, according to Google ...
Security Boulevard
Checkmarx Aligns With Wiz to Improve Application Security
Checkmarx has integrated its platform for securing application development environments with Wiz's CNAPP ...
Security Boulevard