Breaking (Cyber) News
Keep abreast of breaking cyber security news and evolution in the cyber threat landscape
The Hacker News
- Severe Flaws Disclosed in Brocade SANnav SAN Management SoftwareSeveral security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,
- 10 Critical Endpoint Security Tips You Should KnowIn today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT
- New 'Brokewell' Android Malware Spread Through Fake Browser UpdatesFake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development,
CSO Online
- The biggest data breach fines, penalties, and settlements so farSizable fines assessed for data breaches in recent years suggest that regulators are getting more serious about cracking down on organizations that don’t properly protect consumer data. Hit with a $ 1.3 billion fine for unlawfully transferring personal data from the European Union to the US, Meta tops the list of recent big-ticket sanctions, with […]
- New CISO appointments 2024The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security. Follow this column to keep […]
- Top cybersecurity product news of the weekAmplifier launches copilot to guide teams through security protocols April 24: Amplifier Security is coming into the market and has announced a product that promises to connect the dots between an organization’s security stack and their staff. Copilot Ampy is designed to engage with employees, guiding them through security protocols based on real-time insights. Ampy […]
darkreading
- Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable SoftwareAttackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws.
- Minimum Viable Compliance: What You Should Care About and WhyUnderstand what security measures you have in place, what you need to keep secure, and what rules you have to show compliance with.
- Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine CyberattackThe targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.
Sophos News
- Malware campaign attempts abuse of defender binariesCommand-and-control wares try to sneak onto systems disguised as various vendors; payloads vary, but Sophos customers are protected
- Earth Day 2024: Sophos Supports this Year’s Planet vs. Plastics CampaignTo mark Earth Day on April 22, and its theme of Planet vs. Plastics, Sophos employees are being encouraged to use their Sophos Volunteering hours to take part in practical opportunities to join the fight against plastic pollution, as well as take part in a series of wellbeing webinars focused on sustainability and climate anxiety.
- ‘Junk gun’ ransomware: Peashooters can still pack a punchA Sophos X-Ops investigation finds that a wave of crude, cheap ransomware could spell trouble for small businesses and individuals – but also provide insights into threat actor career development and the wider threat landscape