News threat intelligence...

News threat intelligence

  • Charlie Moore: Pilot to head honcho in cyber. [Cyber Command] [Career Notes[
    par CyberWire, Inc. le 29 janvier 2023 à 8h17

    Our guest, Charlie Moore, is a recently retired USAF Lieutenant General who sits down to share his story from flying high in the air to becoming a bigwig in the cyber community. He was most recently the Deputy Commander of the United States Cyber Command, and also spent part of his career as a human factors engineer working on human interfaces for fighter aircraft. When he first began his Air Force career, he was a member of the last class entering into the Academy that was not issued desktop computers. Charlie discusses how this changed as the year went on and how that impacted his career both in and out of the military. Charlie worked for different companies over the years to further his career and his goals, and discusses how his flying career has helped him and says, "I was extremely passionate about the flying aspect of my career for 25 years and I became even more passionate about operating in this space." We thank Charlie for sharing his story with us.

  • Interview with the AI, part one. [Special Editions]
    par CyberWire, Inc. le 29 janvier 2023 à 6h19

    Cybersecurity interview with ChatGPT.In part one of CyberWire’s Interview with the AI, Brandon Karpf interviews ChatGPT about topics related to cybersecurity. Rick Howard joins Brandon to analyze the conversation and discuss potential use cases for the cybersecurity community.ChatGPT is a chatbot launched by OpenAI and built on top of OpenAI’s GPT-3 family of large language models.Cyber questions answered by ChatGPT in part one of the interview. What were the most significant cybersecurity incidents up through 2021? What leads you to characterize these specific events as significant? What were the specific technical vulnerabilities associated with these incidents? Who were the cyber actors involved in each of these attacks? Do you think it's valuable to attribute cyber attacks to specific actors?

  • Hackers use new SwiftSlicer wiper to destroy Windows domains
    par Ionut Ilascu le 28 janvier 2023 à 23h52

    Security researchers have identified a new data-wiping malware they named SwiftSlicer that aims to overwrite crucial files used by the Windows operating system. [...]

  • Researchers to release VMware vRealize Log RCE exploit, patch now
    par Sergiu Gatlan le 28 janvier 2023 à 23h52

    Security researchers with Horizon3's Attack Team will release next week an exploit targeting a vulnerability chain for gaining remote code execution on unpatched VMware vRealize Log Insight appliances. [...]

  • Flagging firmware vulnerabilities. [Research Saturday]
    par CyberWire, Inc. le 28 janvier 2023 à 8h37

    Roya Gordon from Nozomi Networks sits down with Dave to discuss their research on "Vulnerabilities in BMC Firmware Affect OT/IoT Device Security." Researchers at Nozomi Networks has revealed that there are thirteen vulnerabilities that affect BMCs of Lanner devices based on the American Megatrends (AMI) MegaRAC SP-X.The research states "By abusing these vulnerabilities, an unauthenticated attacker may achieve Remote Code Execution (RCE) with root privileges on the BMC, completely compromising it and gaining control of the managed host." As well as mentioning what patches could be in the future to help fix these vulnerabilities.The research can be found here:Vulnerabilities in BMC Firmware Affect OT/IoT Device Security – Part 1

  • Enterprises Don't Know What to Buy for Responsible AI
    par Dark Reading Staff, Dark Reading le 28 janvier 2023 à 7h53

    Organizations are struggling to procure appropriate technical tools to address responsible AI, such as consistent bias detection in AI applications.

  • Enterprises Need to Do More to Assure Consumers About Privacy
    par Edge Editors, Dark Reading le 28 janvier 2023 à 6h23

    Organizations care about data privacy, but their priorities appear to be different from what their customers think are important.

  • The Week in Ransomware - January 27th 2023 - 'We hacked the hackers'
    par Lawrence Abrams le 28 janvier 2023 à 0h13

    For the most part, this week has been relatively quiet regarding ransomware attacks and researcher — that is, until the FBI announced the disruption of the Hive ransomware operation. [...]

  • Why Most Companies Still Don’t Know What’s on Their Network
    par Terry Sweeney, Contributing Editor le 27 janvier 2023 à 22h17

    Chris Kirsch, CEO of runZero, sits down with Dark Reading’sTerry Sweeney for a Fast Chat on the importance of asset discovery.

  • An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.
    par CyberWire, Inc. le 27 janvier 2023 à 21h47

    An update on the takedown of the Hive ransomware gang, plus insights from CrowdStrike’s Adam Meyers. If you say you’re going to unleash the Leopards, expect a noisy call from Killnet. Our guest is ExtraHop CISO Jeff Costlow talking about nation-state attackers in light of ongoing Russian military operations. CISA has released eight ICS advisories, and the agency has also added an entry to its Known Exploited Vulnerabilities Catalog.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/18Selected reading.Cybercriminals stung as HIVE infrastructure shut down (Europol)U.S. Department of Justice Disrupts Hive Ransomware Variant (U.S. Department of Justice)Director Christopher Wray’s Remarks at Press Conference Announcing the Disruption of the Hive Ransomware Group (Federal Bureau of Investigation)Taking down the Hive ransomware gang. (CyberWire)US hacks back against Hive ransomware crew (BBC News)Cyberattacks Target Websites of German Airports, Admin (SecurityWeek) Delta Electronics CNCSoft ScreenEditor (CISA) Econolite EOS (CISA) Snap One Wattbox WB-300-IP-3 (CISA) Sierra Wireless AirLink Router with ALEOS Software (CISA).Mitsubishi Electric MELFA SD/SQ series and F-series Robot Controllers (CISA) Rockwell Automation products using GoAhead Web Server (CISA)Landis+Gyr E850 (CISA) Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA) CISA Has Added One Known Exploited Vulnerability to Catalog (CISA)