Attackers can steal NTLM password hashes via calendar invites
A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two …
Tietoevry ransomware attack halts Swedish organizations
Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden. The attack The …
New method to safeguard against mobile account takeovers
Computer science researchers have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where an attacker gains …
Without clear guidance, SEC’s new rule on incident reporting may be detrimental
The SEC has instituted a set of guidelines “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material …
The reality of hacking threats in connected car systems
With the integration of sophisticated technologies like over-the-air updates and increased data connectivity, cars are no longer just modes of transportation but also hubs of …
CloudFoxable: Open-source AWS penetration testing playground
CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to …
Global cyber inequity skyrockets
There has been a sharp increase in cyber inequity globally, with 90% of executives warning that urgent action is needed to address it, according to the World Economic Forum. …
Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Key elements for a successful cyber risk management strategy In this Help Net …
Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)
A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity …
Out with the old and in with the improved: MFA needs a revamp
From AI to ZTA (zero-trust architecture), the technology responsible for protecting your company’s data has evolved immensely. Despite the advances, cybercriminals repeatedly …
New infosec products of the week: January 19, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Living Security, Skopenow, Skyhigh Security, and Wing Security. Skyhigh Security’s …
Digital nomads amplify identity fraud risks
The number of foreign document verification cases in all parts of the world has grown by an average of 21% since the summer of 2021, according to Regula. It’s even higher in …