Source: go.theregister.com – Author: Team Register An improper access control bug in Apache Flink that was fixed in January 2021 has been added to the US government’s Known Exploited Vulnerabilities Catalog, meaning criminals are right now abusing the flaw in the wild to compromise targets. Plus, its inclusion in the catalog means federal agencies need […]

La entrada Three-year-old Apache Flink flaw under active attack – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Yet more ransomware is using Microsoft BitLocker to encrypt corporate files, steal the decryption key, and then extort a payment from victim organizations, according to Kaspersky. The antivirus maker’s Global Emergency Response team spotted the malware, dubbed ShrinkLocker, in Mexico, Indonesia, and Jordan, and said the code’s unnamed operators […]

La entrada Here’s yet more ransomware using BitLocker against Microsoft’s own users – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Interview The cyberattacks against Las Vegas casinos over the summer put a big target on the backs of prime suspects Scattered Spider, according to Mandiant CTO Charles Carmakal. The Google-owned security biz has been tracking the loosely knit crew – believed to be teens and twenty-somethings located in the […]

La entrada Casino cyberattacks put a bullseye on Scattered Spider – and the FBI is closing in – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register A Google security bigwig has had enough of federally mandated phishing tests, saying they make colleagues hate IT teams for no added benefit. Matt Linton leads Google’s security response and incident management division. Tasked with rolling out phishing exercises every year, he believes tests should be replaced by the […]

La entrada Google guru roasts useless phishing tests, calls for fire drill-style overhaul – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Veeam says the recent critical vulnerability in its Backup Enterprise Manager (VBEM) can’t be used by cybercriminals to delete an organization’s backups. Rated 9.8 out of a possible 10, exploiting CVE-2024-29849 could allow attackers the chance to log into the VBEM web interface without the need for authentication. The […]

La entrada Veeam says critical flaw can’t be abused to trash backups – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Chief information security officers around the globe “are nervously looking over the horizon,” according to a survey of 1,600 CISOs that found more than two thirds (70 percent) worry their organization is at risk of a material cyber attack over the next 12 months.  This is compared to 68 […]

La entrada 70% of CISOs worry their org is at risk of a material cyber attack – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Bitdefender says it has tracked down and exposed an online gang that has been operating since 2018 nearly without a trace – and likely working for Chinese interests. A report from the antivirus maker details the miscreants – dubbed Unfading Sea Haze – and their methods for breaking into […]

La entrada ‘China-aligned’ spyware slingers operating since 2018 unmasked at last – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register The House Foreign Affairs Committee voted Wednesday to advance a law bill expanding the White House’s authority to police exports of AI systems – including models said to pose a national security threat to the United States. “AI has created a technology revolution that will determine whether America remains […]

La entrada Lawmakers advance bill to tighten White House grip on AI model exports – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register More than 100 medical industry groups have asked the Feds to make UnitedHealth Group, not them, go through the rigmarole of notifying everyone about the Change Healthcare ransomware infection. In a letter to the US Department of Health and Human Services, 102 national and state medical associations – whose […]

La entrada Go after UnitedHealth, not us, 100+ medical groups urge Uncle Sam – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Canadian pharmacy chain London Drugs has confirmed that ransomware thugs stole some of its corporate files containing employee information and says it is “unwilling and unable to pay ransom to these cybercriminals.” In a statement to The Register, the British Columbia-based biz described the April 28 intrusion, which it […]

La entrada Canada’s London Drugs confirms ransomware attack after LockBit demands $25M – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register The New York Stock Exchange’s parent company has just been hit with a $10 million fine for failing to properly inform the Securities and Exchange Commission (SEC) of a 2021 cyber intrusion.  In an order published today, the SEC said that Intercontinental Exchange (ICE) will pay the penalty to […]

La entrada NYSE parent gets $10M wrist tap for failing to report 2021 systems break-in – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Georgia resident Malachi Mullings received a decade-long sentence for laundering money scored in scams against healthcare providers, private companies, and individuals to the tune of $4.5 million. The Department of Justice initially brought charges against the 31-year-old back in February 2022, accusing him of money laundering and conspiracy to […]

La entrada Laundering cash from healthcare, romance scams lands US man in prison for a decade – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register The US Securities and Exchange Commission (SEC) wants to clarify guidelines for public companies regarding the disclosure of ransomware and other cybersecurity incidents. According to the breach reporting rules the federal agency adopted in July, public companies must disclose material events under Item 1.05 of Form 8-K. This is […]

La entrada Confused by the SEC’s IT security breach reporting rules? Read this – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Sponsored Survey and Live Event What are the biggest risks to your organization posed by ransomware and what security defenses does it have in place to protect its sensitive data from cyber criminals? We recently put these questions and more to readers of The Register as we sought to […]

La entrada Stopping ransomware in multicloud environments – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register The takedown of LockBit in February is starting to bear fruit for rival gangs with Play overtaking it after an eight-month period of LockBit topping the attack charts. For the first time since the National Crime Agency-led takedown of LockBit, the gang didn’t register the most number of attacks […]

La entrada LockBit dethroned as leading ransomware gang for first time post-takedown – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register GitHub has patched its Enterprise Server software to fix a security flaw that scored a 10 out of 10 CVSS severity score. The vulnerability affects instances of GitHub Enterprise Server, and gives full admin access to anyone exploiting the issue in any version of the code prior to version […]

La entrada GitHub Enterprise Server patches 10-outta-10 critical hole – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.