Hawaii Cybersecurity Digest

Latest Cybersecurity Information

Cyber Crime, Cyber Intelligence, Cyber Security, Cyber War, Information Security

Security News | CSO Online

What countries are more or less at risk for cybercrime?

Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents. 

Accessed on 16 November 2021, 1302 UTC.

Content supplied by email subscription to “CSO Online.”

Source; https://www.csoonline.com/news/

Please click link or scroll down to read your selections.


cso security global breach networking hack invasion infiltrate 5g connected gettyimages 1211443622


BusyBox flaws highlight need for consistent IoT updates

Some of the 14 vulnerabilities could result in remote code execution or denial of service attacks.


Pentagon announces version 2.0 of its controversial CMMC program

CMMC 2.0 simplifies the process for SMBs, but critics say the verification process relies too much on self-attestation.


US DOJ recovers $6 million and indicts two REvil principals

The DOJ promises a whole of government approach to fighting ransomware groups no matter which country they operate from.


Infrastructure bill includes $1.9 billion for cybersecurity

Passage of the infrastructure bill includes $1.9 billion for cybersecurity, and more could be on the way with the Build Back Better and other bills working their way through Congress.


Update and isolate your Nagios servers now

Recently discovered vulnerabilities in Nagios servers could give attackers broad access to systems and data if exploited.


Graylog unites SIEM, AI-based anomaly detection in new security suite

Graylog is consolidating SIEM and UEBA (anomaly detection and user entity behavior analytics) in its new security package for streamlined detection and elimination of enterprise security threats .


CISA releases directive to remediate dangerous vulnerabilities across civilian agencies

While the move is applauded, a short timeframe to address vulnerabilities will be a challenge for security resource-strapped agencies.


Stealthy Trojan that roots Android devices makes its way on app stores

The criminals behind the Trojan have placed fully functional utilities that carry malicious code on the Google Play store in a way that evades detection.


Enterprises with subsidiaries more prone to cyberattacks, study says

Global enterprises with numerous subsidiaries are more exposed to cybersecurity threats and have more difficulty managing risk than companies with no or fewer subsidiaries, according to an Osterman Research report.


Biden’s cybersecurity executive order, a progress report

Of the 46 tasks President Biden mandated to protect digital government assets, 19 are now completed, though not all agencies have reported their progress.


New US CISO appointments, October 2021

Keep up with news of CSO, CISO, and other senior security executive appointments.


Russian cyberspies target cloud services providers and resellers to abuse delegated access

A new Microsoft advisory claims Russia’s Nobelium group is trying to gain long-term access to the technology supply chain and offers mitigation advice.


Decline in ransomware claims could spark change for cyber insurance

New research indicates that ransomware attack and payment claims are in decline as resiliency takes priority for organizations.


Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises

Researchers at Splunk outline a technique, pioneered by Salesforce, that could detect malicious activity in the software supply chain, but with some limitations.


(ISC)2 pilots new entry-level cybersecurity certification to tackle workforce shortages

New certification aims to validate knowledge of foundational cybersecurity concepts and best practices to address skills gap. Is another cybersecurity qualification the answer?


How shape-shifting threat actors complicate attack attribution

Researchers explain how they identified—or failed to identify—the threat actors behind three high-profile incidents and why attribution is so difficult.


Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation

The attackers used the exploit to deploy a new remote shell Trojan called MysterySnail.


Google forms Cybersecurity Action Team to support customer security transformation

Google’s initiative will offer security and compliance services to guide governments, critical infrastructure, enterprises, and small businesses through digital transformation.



For the latest cybersecurity and cybercrime information, please check the blog sidebar, links, and twitter posts.

Russ Roberts