Sat.Oct 01, 2022

Pentagon Bug Bounty Program Uncovers 350 Vulnerabilities

Data Breach Today

Department Paid $110,000 in Rewards for Submitted Vulnerability Reports The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department's networks as part of its experimental bug bounty program launched on American Independence Day.

Microsoft: Two New 0-Day Flaws in Exchange Server

Krebs on Security

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server , a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Possible Chinese Hackers Exploit Microsoft Exchange 0-Days

Data Breach Today

No Patch Yet Available Although Exploitation Requires Authenticated Access Hackers, possibly Chinese, are exploiting Microsoft Exchange zero-day vulnerabilities to apparently implant backdoors and steal credentials.

LA School District Ransomware Attackers Now Threaten to Leak Stolen Data

Dark Reading

Weeks after it breached the Los Angeles Unified School District, the Vice Society ransomware group is threatening to leak the stolen data, unless they get paid

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

Cloudflare, VCs Join Forces to Give $1.25B Away to Startups

Data Breach Today

Venture Capital Firms Commit Up to $50M Each for Startups Using Cloudflare Workers Cloudflare has joined forces with 26 venture capital firms to provide up to $1.25 billion in financing to startups building on the company's developer platform.

More Trending

DOJ: Army Doc, Wife Sought to Leak Health Records to Russia

Data Breach Today

Prosecutors Allege Both Doctors Aimed to Help Russia in Ukraine War A Maryland couple faces federal indictment for an alleged conspiracy to provide the Russian government with military medical records. Anna Gabrielian and U.S. Army Maj.

Microsoft confirms Exchange zero-day flaws actively exploited in the wild

Security Affairs

Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild.

North Korean Trojanizing Open Source Software

Data Breach Today

Lazarus Group Uses Social Engineering to Manipulate Victims Into Downloading Malware North Korean is using weaponized versions of open source utilities to spy on the technology, defense and entertainment sectors worldwide.

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here

Dark Reading

It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones

IT 104

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

Orca Security's Avi Shua on Making Cloud Safe for Government

Data Breach Today

Co-Founder & CEO Discusses Why the Company Is Seeking FedRAMP Authorization Security firms must increasingly follow U.S. government security requirements even if they don't serve federal agencies themselves, says Avi Shua, Orca Security co-founder and CEO.

Witchetty APT used steganography in attacks against Middle East entities

Security Affairs

A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. Broadcom’s Symantec Threat Hunter Team observed a threat actor, tracked as Witchetty, using steganography to hide a previously undocumented backdoor in a Windows logo.

ISMG Editors: Will Others Follow US Lead to Legislate SBOMs?

Data Breach Today

Also: Complying with PCI DSS 4.0 and Managing Security Budget Cuts In the latest weekly update, ISMG editors discuss how organizations can comply with the new PCI DSS 4.0 requirements, whether other countries should follow the U.S.

Security Vulnerabilities in Covert CIA Websites

Schneier on Security

Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by —at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions.

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

U.S. FERC Proposes Revisions to Cybersecurity Incentives for Utilities

Data Matters

On September 22, 2022, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) regarding Incentives for Advanced Cybersecurity Investment, requesting comment on proposed revisions to regulations implementing the Federal Power Act (FPA).

US DoD announced the results of the Hack US bug bounty challenge

Security Affairs

The US Department of Defense (DoD) shared the results of the Hack US bug bounty program that took place in July.

SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates

Dark Reading

The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks

IT 90

Symantec, GTSC Warn of Active Microsoft Exploits

eSecurity Planet

Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at least since early August.

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

Cybercriminals See Allure in BEC Attacks Over Ransomware

Dark Reading

While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter

Release of Quantum Information Science and Technology White Paper

National Archives Records Express

Feynman diagram from 10-inch bubble chamber run at Bevatron. Richard Phillips Feynman, American theoretical physicist. Photograph taken March 26, 1956. Bubble Chamber-78.

Paper 83

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

Dark Reading

The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms

Okta ‘Breaches’ Weren’t Really Breaches

eSecurity Planet

With two high-profile breaches this year, Okta, a leader in identity and access management (IAM) , made the kind of headlines that security vendors would rather avoid.

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here

KnowBe4

Jai Vijayan, Contributing Writer at Dark Reading correctly stated: " It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones. ". Social Engineering Deepfake

IT 77

Onyxia Raises $5M to Help Companies Proactively Manage Cybersecurity Risks Using AI

Dark Reading

Onyxia, an AI-powered cybersecurity strategy and performance platform providing a centralized way for security teams to monitor and manage cybersecurity efforts in real time, has raised $5 million in seed fundraising led by World Trade Ventures with participation by Silvertech Ventures and angel investors.

Risk 76

Guacamaya hacktivists stole sensitive data from Mexico and Latin American countries

Security Affairs

A hacker group called Guacamaya stole classified government information from multiple military and government agencies across several Latin American countries.

Your KnowBe4 Fresh Content Updates from September 2022

KnowBe4

Check out the 35 new pieces of training content added in September, alongside the always fresh content update highlights and new features. Security Awareness Training KnowBe4

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

With the Software Supply Chain, You Can't Secure What You Don't Measure

Dark Reading

Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain

Response-Based Phishing Scams Targeting Corporate Inboxes Hit New Records

KnowBe4

Setting a record for both highest count and share in volume with other types of phishing scams, response-based attacks are at their highest since 2020 and are continuing to grow. Social Engineering Phishing

Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack

Dark Reading

Malicious Comm100 files have been found scattered throughout North America, and across sectors including tech, healthcare, manufacturing, telecom, insurance, and others