Security Leftovers
-
Hong Kong Free Press ☛ US says it dismantled China-backed hacker network that targeted American infrastructure
US authorities said Wednesday they had dismantled a network of hackers known as Volt Typhoon, which was targeting key American public sector infrastructure like water treatment plants and transportation systems at the behest of China.
-
Kubernetes Security Best Practices for 2024
Here's what you should be focusing on in 2024 to keep your Kubernetes environments secure.
-
Cado Security Labs Exposes Commando Cat Container Malware Campaign
Cado Security Labs today disclosed it has discovered a malware campaign, dubbed “Commando Cat,” that targets Docker API endpoints.
-
Scoop News Group ☛ CISA orders Ivanti devices targeted by Chinese hackers be disconnected
An updated emergency directive includes instructions on how to bring affected devices back online securely.
-
Security Week ☛ CISA Sets 48-Hour Deadline for Removal of Insecure Ivanti Products
In an unprecedented move, CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours.
-
Silicon Angle ☛ CISA instructs federal agencies to disconnect deployments of vulnerable Ivanti products
The U.S. Cybersecurity and Infrastructure Security Agency has instructed federal agencies to disable their deployments of two Ivanti Inc. products that contain vulnerabilities. In a directive issued on Wednesday, CISA stated that administrators must take the affected deployments offline by Saturday.
-
Federal News Network ☛ CISA directs agencies to shut down vulnerable software products
Agencies have just over 24 hours to shut down any instances of affected Ivanti VPN products, per a new directive from CISA.
-
Security Week ☛ Albania’s Institute of Statistics Suffers Cyberattack, Some Systems Affected
Albania’s Institute of Statistics (INSTAT) suffered a cyberattack which affected some of its systems.
-
Scoop News Group ☛ National cybersecurity plans lack performance measures and estimated costs, GAO says
In response to the watchdog’s report, the Office of the National Cyber Director said that performance measures don't really exist in the cybersecurity field.
-
Security Week ☛ Why Are Cybersecurity Automation Projects Failing?
The cybersecurity industry has taken limited action to reduce cybersecurity process friction, reduce mundane tasks and improve overall user experience.
-
Security Week ☛ New York Sues Citibank Over Poor Data Security
New York attorney general is suing Citibank for failing to protect customers against hackers and fraudsters who have stolen millions.
-
Security Week ☛ Johnson Controls Ransomware Attack: Data Theft Confirmed, Cost Exceeds $27 Million
Johnson Controls confirms that the recent ransomware attack resulted in data theft and says expenses reached $27 million.
-
Security Week ☛ ‘Leaky Vessels’ Container Escape Vulnerabilities Impact Docker, Others
Snyk discloses information on Leaky Vessels, several potentially serious container escape vulnerabilities affecting Docker and others.
-
Security Week ☛ Apple Patches Vision Pro Vulnerability as CISA Warns of iOS Flaw Exploitation
Apple releases first security update for Vision Pro VR headset as CISA issues warning about exploitation of iOS vulnerability.
-
Security Week ☛ Watch: Top Cyber Officials Testify on China’s Cyber Threat to US Critical Infrastructure
Video: Top US cyber officials testify on China’s cyber threat to U.S. national security and critical infrastructure.
-
Security Week ☛ Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping
Daniel James Junk sentenced to six years in prison for stealing millions in cryptocurrency through SIM swapping.
-
Silicon Angle ☛ Clownflare Atlassian server hacked by suspected nation-state attacker
Clownflare Inc. disclosed today that one of its internal Atlassian servers was hacked by a suspected nation-state attacker in November and provided details of what occurred so others know the risks.