California and New York already have strict regulations governing the protection of citizens’ private information. Proposed changes will make them even stricter and provide better protection for peoples’ private information.
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar
Published Nov 17 2023 2:51 PM
A new exploit rated at most serious CVSS 10.0 allows attackers to execute code on the compromised devices and servers. It is imperative that the patch be installed as soon as possible. If the servers can be removed from the internet, even better.
Patch high-severity ‘Reptar’ Intel chip bug soon, say security pros
Published Nov 17 2023 2:48 PM
A recently discovered vulnerability in some Intel chips is quite serious with a CVSS rating of 8.8. The vulnerability allows attackers to shut down hypervisors which oversee all the cloud servers. If this occurs, every user would be unable to work. There is a patch available, install it immediately.
'AlphaLock' Hackers Launch 'Pen-Testing Training' Group
Published Nov 17 2023 2:45 PM
Why attempt to break into company devices and servers when you can be invited in? In a new attack angle, cybercriminals are training their people in Pen testing, penetration testing that looks for holes. They then set up companies that performed pen testing. Every company needs pen testing. Be careful who you hire.
BlackCat Gang Tattles to SEC About Victim Not Disclosing Breach
Published Nov 17 2023 2:41 PM
First cybercriminals encrypted your information and required a ransom payment to decrypt it. When companies began not paying, they exfiltrated private information and threatened to reveal it publicly if the ransom wasn’t paid. Now they went a step further. One company didn’t pay the ransom or report the breach. The attackers reported them to the regulators.
Cyber insurers are demanding more information about protections in place before approving a policy application. This can be challenging but can also be helpful in being cybersafe. The rates increases for not having the proper precautions in place can be used to justify cyber security expenses.
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
Published Nov 10 2023 3:23 PM
CISA, the government cyber security watchdog issued an alert about a vulnerability in the Service Location Protocol, SLP, that allows attackers to compromise the device and use it in Distributed Denial of Service attacks against others.