Weekly Cyber Security News 22/02/2024
A selection of this week’s more interesting vulnerability disclosures and cyber security news. A rather cunning and slippery (see what I did there?) shell script to watch out for…
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Asset Importance: The Overlooked Factor in Cyber Risk Prioritization
This blog post delves into a critical yet often neglected aspect of cyber risk analysis —adding organizational context by understanding and prioritizing the importance of assets. Without considering the unique business context of an organization, security teams cannot effectively prioritize and remediate what matters most to their organization.
Media vault features
Short video demonstrating media vault features that use foreground services (e.g. download something into the vault, encrypt some local file, decrypt some vault file...)
Conversations with Charlotte AI: Credential Exposure on Win10 Hosts
With Charlotte AI, the information security analysts need to stop breaches is simply a question away. Watch how analysts are turning hours of work into minutes and seconds — getting the context they need to identify credential exposure on Win10 hosts.
Conversations with Charlotte AI: Vulnerabilities on Internet-Facing Hosts
With Charlotte AI, the information security analysts need to stop breaches is simply a question away. Watch how analysts are turning hours of work into minutes and seconds — getting the context they need to identify vulnerabilities on internet-facing hosts.
CVE-2024-1709 & CVE-2024-1708: Follow-Up: Active Exploitation and PoCs Observed for Critical ScreenConnect Vulnerabilities
On February 20, 2024, we published a security bulletin detailing newly disclosed authentication bypass and path traversal vulnerabilities in ConnectWise ScreenConnect. Shortly after the bulletin was sent, ConnectWise updated their security bulletin with IOCs from observed active exploitation of these vulnerabilities. On February 21, 2024, the vulnerabilities were assigned the following CVE numbers.
Operation Cronos: The Takedown of LockBit Ransomware Group
On February 20, 2024, the National Crime Agency (NCA) of Britain and the Federal Bureau of Investigation (FBI) announced the successful disruption of the Lockbit ransomware gang, marking a significant milestone in the fight against cybercrime. This operation, known as Operation Cronos, was a collaborative effort involving law enforcement agencies from the UK, the US, and several other countries, with support from private sector partners.
Is It Safe to Text a Password?
No, it is not safe to text a password because text messages are not encrypted. This means anyone can intercept the data being sent through texts, including passwords, placing your accounts at risk of becoming compromised. Continue reading to learn more about password-sharing practices to avoid and how you can share passwords safely with friends, family and colleagues.
Deepfakes vs. Digital Verification: India's eKYC at a Crossroads
In an era where artificial intelligence (AI) crafts indistinguishably realistic deepfakes, India stands at a critical juncture, facing the formidable task of defending its digital domain. These AI-generated forgeries, capable of impersonating individuals with frightening accuracy, pose not just a threat to personal privacy but also to national security, misinformation control, and the integrity of digital transactions.