Incident Response
China Steals Defense Secrets ‘on Industrial Scale’
Richi Jennings | | china, china espionage, China-linked Hackers, Chinese, Chinese Communists, chinese government, chinese hacker, Chinese hackers, Chinese Intelligence, Chinese state-sponsored hacking group, Chinese Threat Actors, ConnectWise, ConnectWise Vulnerabilities, CVE-2022-0185, CVE-2022-3052, CVE-2023-22518, CVE-2024-1709, Data Stolen By China, Dawn Calvary, f5, F5 BIG-IP, F5 BIG-IP vulnerability, Genesis Day, gov.uk, Mandiant, MSS, MSS Hackers, Peoples Republic of China, PRC, PRC Espionage, SB Blogwatch, ScreenConnect, Teng Snake, uk, UNC302, UNC5174, Uteus, Xiaoqiying
UNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic ...
Security Boulevard
Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys
Richi Jennings | | Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iOS, Apple iPad, ARM, cache, dmp, GoFetch, iPad, M1, M2, M3, Macintosh, macos, SB Blogwatch
GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads ...
Security Boulevard
Beyond Detection: Enhancing Your Security Posture with Predictive Cyberthreat Insights
Tony Bradley | | Blog, endpoint detection and response, Endpoint Protection, Incident Response, security posture, sophos, Sophos X-Ops
The goal of cybersecurity is not just to respond to today’s threats but to anticipate tomorrow’s challenges. I recently had an enlightening conversation with Christopher Budd, Director of Sophos X-Ops Intelligence, to ...
How to Build a Phishing Playbook Part 3: Playbook Development
Kartik Subramanian, Engineering | | automated response, Cybersecurity, dkim, dmarc, email security, Incident Response, phishing playbook, playbook development, Playbook Editor, Smart SOAR, SOAR, spf, utility commands
Welcome the third part of our series on how to build an automated incident response playbook for phishing threats inside of Smart SOAR. In this part, we will be transferring our rough ...
EPA and White House Raise Alarm on Water Cybersecurity
Richi Jennings | | Critical Infrastructure, critical infrastructure assets, critical infrastructure attack, Critical Infrastructure Cyber security, Critical Infrastructure Cybersecurity, Drinking Water, Environmental Protection Agency, EPA, ICS, operational technologies, OT, public water systems, SB Blogwatch, wastewater, water, water distribution systems, Water industry, water infrastructure, White House
Iran and China fingered: Biden admin. chides governors: Water infra. lacks “even basic cybersecurity precautions.” ...
Security Boulevard
TikTok ‘Ban’ — ByteDance CEO and EFF are BFFs
Richi Jennings | | Bytedance, china, chinese government, EFF, Electronic Frontier Foundation, Privacy, SB Blogwatch, Shou Zi Chew, social media, spyware, TikTok, TikTok Ban
7521 momentum builds: Shou Zi Chew plays for time, while Electronic Frontier Foundation says TikTok-kill bill is DOA ...
Security Boulevard
French Gov. Leaks 43 Million People’s Data — ‘France Travail’ Says Sorry
Richi Jennings | | Alexandre Saubot, Cap emploi, CNIL, cyber attacks on governm, devops in government, DevSecOps in Government, digital government, European Governments, france, France Travail, government, Government & Regulatory News, government agencies, Government Authority, SB Blogwatch
La grande cybermalveillance: French government’s employment agency loses control of citizens’ data after biggest breach in Gallic history ...
Security Boulevard
HHS to Investigate Change’s Security in Wake of Crippling Cyberattack
The U.S. Department of Health and Human Services (HHS) is opening an investigation into UnitedHealth and its Change Healthcare subsidiary following a ransomware attack that for three weeks has essentially shut down ...
Security Boulevard
Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date
Richi Jennings | | alphabet, bounty, bug bounty, bug bounty program, bugbounty, ethical hacker, ethical hackers, ethical hacking, google, SB Blogwatch, Vulnerability Rewards Program (VRP), white hat, white hat hacker, white hat hackers, White Hat Security, White Hats, WhiteHat, whitehat hackers, WhiteHat Security
Wanna be a VRP VIP? Last year, $GOOG paid $10 million to ethical hackers for finding vulnerabilities ...
Security Boulevard
Irony of Ironies: CISA Hacked — ‘by China’
Richi Jennings | | china, china espionage, Chinese, Chinese Communists, Chinese drive-by attack, chinese government, chinese hacker, Chinese hackers, Chinese state-sponsored hacking group, Chinese Threat Actors, CIRCIA, cisa, CISA.gov, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, Cyber Security and Infrastructure Security Agency, Cybersecurity & Infrastructure Security Agency, Cybersecurity and Infrastructure Agency, Data Stolen By China, federal agency, Ivanti, Ivanti Connect Secure, Ivanti Policy Secure, Ivanti security, Ivanti Vulnerabilities, Ivanti Zero day vulnerability, Ligolo, Magnet Goblin, NerbianRAT, NSA/CISA, Peoples Republic of China, SB Blogwatch, Volt Typhoon, WARPWIRE
Free rides and traffic jams: U.S. Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti ...
Security Boulevard