The FBI has issued an alert warning of a widespread SMS phishing (smishing) campaign targeting people in several US states with phony notices of unpaid tolls, BleepingComputer reports. The scammers are currently impersonating the Pennsylvania Turnpike Commission and E-ZPass services on the East Coast, but the FBI warns that the scam will likely expand to other states.

I started my career as a Counterintelligence Special Agent in the U.S. Army, quickly learning how to decode the complex signals of security threats. Next, I sharpened my skills in state law enforcement, investigating (and preventing) cybercrime by identifying and mitigating digital threats.

In today’s digital age, where cars have evolved into data centers on wheels within the Internet of Things (IoT) landscape, ensuring cybersecurity in the automotive industry has become paramount. The emergence of connected cars, a significant subset of IoT, brings with it a host of cybersecurity challenges, prompting regulators to take swift action. One such pivotal step is the establishment of WP.29 standards, revolutionizing automotive cybersecurity.

As information security professionals, you play a crucial role in using the term “indicators of compromise” (IOC) to describe any malicious activity that may suggest a computer system has been compromised. Your expertise in identifying IoCs can help quickly determine when an attack has occurred and identify the perpetrators. Your insights can also help determine the extent and severity of an attack and aid in an incident’s forensic analysis.

Network infrastructures in many industries today are challenged by a surge of connected devices, especially as IoTs and BYODs are increasingly popular. The complexity and granularity of managing IP address assignments pose a considerable challenge. Traditional methods of network management often fall short in providing a granular understanding of the devices in use.

Just a few weeks ago, we wrote about how the National Vulnerability Database (NVD) is seriously behind in enriching CVEs. On LinkedIn, Mastodon, and other social sites, the NVD’s mounting backlog and what should be done about it has become a hot topic of conversation within the cybersecurity community.

The CrowdStrike Falcon platform has received the Best Endpoint Detection and Response 2024 Award from SE Labs for the third consecutive year. This award honors CrowdStrike’s leadership in demonstrated detection, prevention and investigation capabilities.

A command injection vulnerability has been discovered in the GlobalProtect feature within Palo Alto Networks PAN-OS software for specific versions that have distinct feature configurations that may enable a remote, unauthenticated attacker to execute arbitrary code with root privileges on the firewall. These specific versions require configurations for GlobalProtect gateway and device telemetry enabled.

Incident response is a crucial aspect of cybersecurity that involves identifying, containment, eradicating, and recovering from security incidents. It is designed to minimise the impact of security breaches, protect sensitive data, and restore normal operations as quickly as possible. To facilitate a smooth incident response, organisations should create a comprehensive checklist that outlines the necessary steps, resources, and communication channels.