Blog

Identifying the cyber risks that matter

From noise to clarity: Why CISOs are shifting to adversarial exposure validation Partner content  A vast majority of security teams are overwhelmed by the large number of security alerts and vulnerabilities.…

CVE program gets last-minute funding from CISA – and maybe a new home

Uncertainty is the new certainty In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) program.…

Law firm ‘didn’t think’ data theft was a breach, says ICO. Now it’s nursing a £60K fine

DPP Law is appealing against data watchdog's conclusions A law firm is appealing against a £60,000 fine from the UK's data watchdog after 32 GB of personal information was stolen from its systems.…

Russians lure European diplomats into malware trap with wine-tasting invite

Vintage phishing varietal has improved with age Russia never stops using proven tactics, and its Cozy Bear, aka APT 29, cyber-spies are once again trying to lure European diplomats into downloading malware with a phony invitation to a lux event.…

Guess what happens when ransomware fiends find ‘insurance’ ‘policy’ in your files

It involves a number close to three or six depending on the pickle you're in Ransomware operators jack up their ransom demands by a factor of 2.8x if they detect a victim has cyber-insurance, a study highlighted by the Netherlands government has confirmed.…

Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program

Because vulnerability management has nothing to do with national security, right? Updated  US government funding for the world's CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.…

All right, you can have one: DOGE access to Treasury IT OK’d judge

Login green-lit for lone staffer if he’s trained, papered up, won’t pull an Elez A federal judge has partly lifted an injunction against Elon Musk's Trump-blessed cost-trimming DOGE unit, allowing one staff member to access sensitive US Treasury payment systems. This access includes personally identifiable financial information tied…

Chinese snoops use stealth RAT to backdoor US orgs – still active last week

Let the espionage and access resale campaigns begin (again) A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access…

ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK?

Stopping users shooting themselves in the foot with last century's tech Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt.…

Where it Hertz: Customer data driven off in Cleo attacks

Car hire biz takes your privacy seriously, though Car hire giant Hertz has confirmed that customer information was stolen during the zero-day data raids on Cleo file transfer products last year.…

Copyright © 2024 Lugapel