Aggregator

Cybercrime is Still Evil Incorporated, But Disruptions Help

BankInfoSecurity.com
1 year 8 months ago
Naming and Sanctioning Cybercrime Syndicate Members Has Repercussions, Police Say
Western law enforcement may not be able to bust every last Russian cybercrime suspect, but newly revealed efforts against Evil Corp and LockBit reveal suspects arrested while on vacation, as well as the psychological fallout criminal syndicates face when members get named, indicted and sanctioned.

Career Spotlight: The Growing Demand for OT Security Experts

BankInfoSecurity.com
1 year 8 months ago
Critical Infrastructure Firms Are Hiring - and Paying Well
As digital transformation continues to reshape industries, the convergence of operational technology and cybersecurity has emerged as a critical area of focus. But there's a noticeable gap in the workforce. Professionals who truly understand both OT and cybersecurity are in short supply.

How AI Shields Enterprises from Advanced Email Attacks

BankInfoSecurity.com
1 year 8 months ago
SEGs have performed admirably for many years, but they’re no match for this new generation of email attacks, and relying on outdated tools can have catastrophic consequences. By upgrading to a behavioral AI-based solution, you can defend against emerging threats and become more proactive in the fight against cybercrime.

Study: 92% of Healthcare Firms Hit by Cyberattacks This Year

BankInfoSecurity.com
1 year 8 months ago
Healthcare organizations should rethink some of their approach to security, enhancing focus on insider threats, improving cyber awareness training and securing mobile applications and devices, said Ryan Witt, vice president of industry solutions at Proofpoint, discussing findings of a new study.

Regulating AI Catastophic Risk Isn't Easy

BankInfoSecurity.com
1 year 8 months ago
AI, Security Experts Discuss Who Defines the Risks, Mitigation Efforts
An attempt by the California statehouse to tame the potential of artificial intelligence catastrophic risks hit a roadblock when Governor Gavin Newsom vetoed the measure late last month. One obstacle is lack of a widely-accepted definition for "catastrophic" AI risks.

ISMG Editors: Chinese Hackers Raise Stakes in Cyberespionage

BankInfoSecurity.com
1 year 8 months ago
Also: AI Safety Bill Vetoed, Global Ransomware Response Guide Gets Some Revisions
In the latest weekly update, ISMG editors discussed the implications of the U.S. investigation into Chinese hackers targeting telecom wiretap systems, the catastrophic risks of AI and the recent veto of an AI safety bill in the U.S., and the latest global ransomware response guidance.

Rhysida Leaks Nursing Home Data, Demands $1.5M From Axis

BankInfoSecurity.com
1 year 8 months ago
Ransomware Gang Could Have Axis Health's Mental Health, Drug Abuse Records
Ransomware gang Rhysida is threatening to dump data on the darkweb that belongs to a Colorado provider of mental health, substance abuse and other healthcare services unless it pays nearly $1.5 million. The group is leaking records it claims to have stolen from a Mississippi nursing home.

Hackers Prowling for Unencrypted BIG-IP Cookies, Warns CISA

BankInfoSecurity.com
1 year 8 months ago
Agency Says Cookies Could Help Attackers Find Network Assets, Vulnerabilities
Unencrypted cookies tied to a suite of secure gateway technology from F5 are gateways for hackers to reach internal devices on corporate networks, warns the Cybersecurity and Infrastructure Security Agency. BIG-IP uses persistent cookies as a traffic load-balancing convenience.

CVE-2002-0951 | Ruslan Communications Body Builder Authentication Username/Password sql injection (EDB-21543 / XFDB-9359)

Vuldb Updates
1 year 8 months ago
A vulnerability was found in Ruslan Communications Body Builder and classified as very critical. This issue affects some unknown processing of the component Authentication. The manipulation of the argument Username/Password with the input -- leads to sql injection. The identification of this vulnerability is CVE-2002-0951. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2014-7613 | Pocketmags WASPS Official Programmes X.509 Certificate cryptographic issues (VU#582497)

Vuldb Updates
1 year 8 months ago
A vulnerability was found in Pocketmags WASPS Official Programmes. It has been classified as critical. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7613. The attack can only be done within the local network. There is no exploit available.
vuldb.com

CVE-2011-0761 | Perl 5.10.0/5.10.1 telldir null pointer dereference (EDB-35725 / Nessus ID 71119)

Vuldb Updates
1 year 8 months ago
A vulnerability was found in Perl 5.10.0/5.10.1. It has been declared as problematic. This vulnerability affects the function telldir. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2011-0761. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Managed ad