FINRA’s Cybersecurity Conference

"FINRA’s Cybersecurity Conference is a one-day, hybrid event that is designed to help you stay current on today’s cybersecurity challenges, understand vulnerabilities and latest threats and create resilience against cyber-attacks. Whether you work in information security, information technology, cybercrime, compliance or are a business owner, you will learn from leading experts in the industry and participate in engaging sessions to leave you with valuable information to help you protect your organization."

THAT Conference

"A full-stack, tech-obsessed conference full of fun, code-loving humans who share and learn together.  THAT Conference is unlike any other technical conference. This unique three-day summer camp is full of workshops, sessions, open spaces, family events, and networking, all nestled in the gorgeous Kalahari Resort and Waterpark. This family-friendly event is comprised of professional and family tracks, so there is something to learn and experience at all ages."

"Cisco Warns of Critical RCE Flaw in Communications Software"

"Cisco Warns of Critical RCE Flaw in Communications Software"

Cisco warns that several of its Unified Communications Manager (CM) and Contact Center Solutions products are impacted by a critical Remote Code Execution (RCE) flaw. The vulnerability, tracked as CVE-2024-20253, could allow an unauthenticated, remote attacker to execute arbitrary code on an impacted device. Synacktiv researcher Julien Egloff discovered the vulnerability, which received a severity score of 9.9. It stems from improper processing of user-provided data read into memory. Exploiting it involves sending a specially crafted message to a listening port.

Submitted by Gregory Rigby on

"SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks"

"SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks"

Researchers have provided further details regarding the Command-and-Control (C2) server operations of SystemBC, a malware family. SystemBC can be purchased on underground markets and comes in an archive that includes the implant, a C2 server, and a PHP-based web administration portal. Kroll, a risk and financial advisory solutions provider, reported an increase in the use of the malware in the second and third quarters of 2023.

Submitted by Gregory Rigby on

"Longer Passwords Aren't Safe From Intensive Cracking Efforts"

"Longer Passwords Aren't Safe From Intensive Cracking Efforts"

According to a new Specops Software report, 88 percent of organizations continue to rely on passwords as their primary authentication method. The report highlighted that 31.1 million breached passwords had more than 16 characters, suggesting longer passwords are still vulnerable to cracking. Researchers found that 40,000 admin portal accounts were using 'admin' as a password, and only half of organizations scan for compromised passwords more than once a month.

Submitted by Gregory Rigby on

"Russian TrickBot Malware Developer Sentenced to Prison in US"

"Russian TrickBot Malware Developer Sentenced to Prison in US"

A Russian national has recently been sentenced in the US to five years and four months in prison for his role in the development and distribution of the TrickBot malware.  On November 30, 2023, the man, Vladimir Dunaev, 40, of Amur Oblast, Russia, admitted in court to his role in the TrickBot scheme, which caused tens of millions of dollars in losses to organizations worldwide, including schools and hospitals.

Submitted by Adam Ekwall on

"ICS Ransomware Danger Rages Despite Fewer Attacks"

"ICS Ransomware Danger Rages Despite Fewer Attacks"

According to Dragos' latest industrial ransomware analysis, threat actors continue to develop new tactics while exploiting zero-day vulnerabilities in order to cause more damage to Industrial Control Systems (ICS) with fewer attacks. Dragos' analysis for the fourth quarter of 2023 reveals that the threat landscape is more sophisticated than ever before despite recent high-profile busts of ransomware operators such as Ragnar Locker and ALPHV. There were fewer ransomware attacks on industrial systems during the analysis period.

Submitted by Gregory Rigby on

"Watch Out, Experts Warn of a Critical Flaw in Jenkins"

"Watch Out, Experts Warn of a Critical Flaw in Jenkins"

Jenkins maintainers have addressed nine security vulnerabilities, including a critical Remote Code Execution (RCE) flaw reported by researcher Yaniv Nizry. Jenkins is a popular open-source automation server with hundreds of thousands of active installations worldwide and over a million users. The automation server helps developers build, test, and deploy their applications. This article continues to discuss the potential exploitation and impact of the critical flaw in Jenkins.

Submitted by Gregory Rigby on
Subscribe to