CyberSecurity Blog

CISA and ENISA signed a Working Arrangement to enhance cooperation Pierluigi Paganini December 11, 2023 ENISA has signed a Working Arrangement with the US CISA to enhance capacity-building, best practices exchange and awareness. The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) to enhance…
Read more

ICYMI: Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION  |  Researchers devised an attack technique to extract ChatGPT training data  |  Fortune-telling website WeMystic exposes 13M+ user records  |  Expert warns of Turtle macOS ransomware  |  Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022…
Read more

Researcher discovered a new lock screen bypass bug for Android 14 and 13 Pierluigi Paganini December 10, 2023 Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen bypass vulnerability for Android 14 and 13.…
Read more

ICYMI: The Incident Involves Ransomware Encryption and Follows Familiar, Concerning TrendsA large, Seattle-based surgical group is notifying nearly 437,400 individuals that their information was potentially compromised in a ransomware and data theft incident earlier this year. The breach is part of a larger, disturbing trend in the healthcare sector in 2023. The post Surgical Practice…
Read more

Hacktivists hacked an Irish water utility and interrupted the water supply Pierluigi Paganini December 09, 2023 Threat actors launched a cyberattack on an Irish water utility causing the interruption of the power supply for two days. Threat actors hacked a small water utility in Ireland and interrupted the water supply for two days. The victim…
Read more

ICYMI: Also: Vendor Self-Attestation vs. Third Parties; Safe Harbor Guidelines In the latest “Proof of Concept,” Chris Hughes, co-founder and CISO of Aquia, join editors at ISMG to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.http://dlvr.it/Szx3qF

ICYMI: SEC Says Large Companies Must Report Material Incidents to Investors as of Dec. 18 The FBI outlined procedures for publicly traded companies to invoke a delay in reporting material cybersecurity incidents to investors as required under a U.S. SEC rule. Regulators allow companies a pause of up to 60 business days and up to…
Read more

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips Pierluigi Paganini December 09, 2023 A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems from major vendors impacts Android and iOS devices. A team of researchers from the Singapore University of Technology and Design discovered a set of…
Read more

ICYMI: The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance’s risk management framework and update the Agencies’ expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment. The post FFIEC Final Authentication Guidance appeared first on DanTechServices, Inc.http://dlvr.it/SzvWpv

Also: Vendor Self-Attestation vs. Third Parties; Safe Harbor Guidelines In the latest “Proof of Concept,” Chris Hughes, co-founder and CISO of Aquia, join editors at ISMG to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.http://dlvr.it/SzvGqk