The US Cybersecurity and Infrastructure Security Agency (CISA) wants feedback on its analysis or approaches in "Software Identification Ecosystem Option Analysis," a white paper outlining a community goal for a more harmonized software identification ecosystem that can be used across the global software space for all important cybersecurity use cases.

According to researchers from American and German universities, the A- and M-Series processors used in Apple's mobile devices and PCs contain a flaw that makes it easy for hackers to access sensitive data. The researchers refer to the flaw as iLeakage, which is a side-channel vulnerability. In side-channel attacks, information becomes visible using clues left in electromagnetic radiation, data caches, and other manifestations within a system. This article continues to discuss the iLeakage vulnerability.

The Cybersecurity and Infrastructure Security Agency (CISA) has recently published a new set of online resources designed to help IT security leaders in the healthcare sector improve their organization’s security posture.  The new tools include CISA’s Cyber Hygiene Services, which use vulnerability scanning to help organizations reduce their attack surface.

Malware, believed to just be a cryptocurrency miner was, in fact, a sophisticated spy platform for Windows and Linux systems. It has already infected more than one million people. When it was first detected in 2017, StripedFly was regarded as a mainly ineffective malware for cryptocurrency mining. However, since then, it has been functioning as a complex piece of modular malware that enables attackers to gain persistence on networks, visibility over their activity, and the ability to exfiltrate credentials and other data, according to researchers.

According to GuidePoint Security, ransomware activity continued to increase in the third quarter of 2023. GuidePoint Research and Intelligence Team (GRIT) observed a nearly 15 percent rise in ransomware activity due to an increase in the number of ransomware groups, including the discovery of 10 new groups. GRIT tracked 1,353 publicly posted ransomware victims claimed by 46 different threat groups during the third quarter.

The Pwn2Own Toronto 2023 hacking contest started yesterday, and participants successfully hacked NAS devices, printers, mobile phones, and other devices, earning more than $400,000 on the first day.  The highest reward of the day went to team Orca of Sea Security, which executed a two-vulnerability exploit chain (out-of-bounds read and use-after-free) against the Sonos Era 100 speaker, earning $60,000.  The Pentest Limited team earned the second highest reward of the day, at $50,000, for an improper input validation exploit targeting the Samsung Galaxy S23 mobile phone.

By grigby1 

By aekwall 

By krahal

Seiko Group Corporation (SGC) has recently revealed the extent of a data breach that it disclosed initially in August.  The company's latest notice focuses on the security of 60,000 records.  The data breach notification, originally published on its website on August 10, resulted from unauthorized access detected on July 28, 2023, after the ransomware gang BlackCat listed Seiko on its data leak site.