Security News | CSO

Federal agencies face new zero-threat cybersecurity requirements.

Views expressed in this cybersecurity-intelligence update are those of the reporters and correspondents.

Accessed on 13 September 2021, 1252 UTC.

Content supplied by CSOonline.com.

Source:  https://www.csoonline.com/news/

Please scroll down to read your selections.

News

Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars
A magnifying lens exposes an exploit amid binary code.

a hooded figure targets a coding vulnerability

Cosmos DB users advised to regenerate their keys following serious vulnerability

The Azure vulnerability, which affects only those using the Jupyter Notebook feature, gives attackers access to data in databases.

radar grid / computer circuits / intrusion detection / scanning

LockFile ransomware uses intermittent encryption to evade detection

This newly discovered ransomware works fast, has multiple ways to avoid detection, and preys on Windows systems with known vulnerabilities.

A laptop displays binary code and the flag of China.

China’s PIPL privacy law imposes new data handling requirements

The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.

joe biden cyberceomeeting public domain wh

Tech giants pledge at least $30 billion to improve cybersecurity following White House meeting

Technology, financial, and education leaders commit to a wide range of initiatives to enhance the nation’s cybersecurity posture in collaboration with the Biden Administration.

Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, August 2021

Keep up with news of CSO, CISO, and other senior security executive appointments.

blind spot side view mirror car vehicle

Security blind spots persist as companies cross-breed security with devops

As devops matures into devsecops, cultural obstacles continue to exert drag.

ransomware breach hackers dark web

OnePercent ransomware group hits companies via IceID banking Trojan

This new, aggressive ransomware group also uses Cobalt Strike to move laterally across the network.

Ransomware  >  A masked criminal ransoms data for payment.

4 most dangerous emerging ransomware threat groups to watch

New research identifies four emerging ransomware groups currently affecting organizations and that show signs of becoming bigger threats in the future.

network security concept

Amazon Sidewalk highlights network security visibility risks consumer services pose

Research warns consumer-grade services can undermine risk assessment of corporate networks amid remote working as Houdini malware spoofs devices to exfiltrate data.

iot internet of things chains security by mf3d getty

IoT devices have serious security deficiencies due to bad random number generation

It’s not the IoT vendors’ fault. Lack of a cryptographically secure pseudo-random number generator subsystem for the internet of things devices will be vulnerable.

Security system alert, warning of a cyberattack.

Wave of native IIS malware hits Windows servers

IIS malware presents diverse, persistent, and growing threats from old and new threat actors.

A binary eye sits within the center of a targeted virtual framework.

Apple plan to scan users’ iCloud photos raises new fears of government-mandated data access

Experts argue that Apple is clearing a path for governments to gain access to their citizens’ data–essentially an encryption backdoor.

Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars

CISA unveils Joint Cyber Defense Collaborative with tech heavyweights as first private partners

The new initiative aims to provide organizations with unprecedented levels of information and context with an initial focus on ransomware and incident response for cloud providers.

keeping the cloud secure cloud security lock padlock private cloud

NSA, CISA release Kubernetes hardening guidance following Colonial Pipeline, other attacks

The guidance seeks to educate IT administrators about cloud security risks and best practices for implementing and maintaining Kubernetes.

industrial power plant hacked skull and crossbone pixels security breach power plant by jason black

Serious flaws in widespread embedded TCP/IP stack endanger industrial control devices

Critical vulnerabilities potentially affect millions of devices, but finding and patching them will be difficult.

stethoscope mobile healthcare ipad tablet doctor patient

Basic flaws put pneumatic tube transport systems in hospitals at risk

Multiple vulnerabilities could allow persistent take-over and ransom demands by attackers.

USA / United States of America stars + stripes and binary code superimposed over The White House

Biden memo, infrastructure deal deliver cybersecurity performance goals and money

The White House initiatives and expected passage of the US infrastructure plan will set new cybersecurity standards for critical infrastructure, provide money to state and local governments.

Praying mantis among green leaves [camouflage/stealth]

APT group hits IIS web servers with deserialization flaws and memory-resident malware

Praying Mantis group is likely a nation-state actor that uses custom malware and is adept at avoiding detection.

LOAD MORE

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.

Russ Roberts

https://cyber-security-intelligence.org

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s