Blog

Blog

1. Dragos Expands Defense Program for Small Utilities - News, news analysis, and commentary on the latest trends in cybersecurity technology.The Dragos Community Defense Program provides small water, gas, and electric utilities with access to the Dragos Platform, training resources, and threat intelligence.December 7, 2023Dragos has expanded its Dragos Community Defense Program to help small water, gas, and electric utilities in the U.S. protect their networks from advanced threats. Threat actors are increasingly targeting critical infrastructure networks, and small utilities are outgunned when it… Continue Reading
2. New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks - New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers.The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8) and were responsibly disclosed in October 2022.The attacks "enable device impersonation and machine-in-the-middle across sessions by only compromising one session key," EURECOM researcher Daniele Antonioli said in… Continue Reading
3. Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques - Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging."While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs researcher Daniel Stepanic said in a report published this week.First spotted in late 2019, GuLoader (aka CloudEyE) is an advanced shellcode-based malware downloader that's… Continue Reading
4. LABScon Replay | The Cyber Arm of China’s Soft Power: Reshaping a Continent - In his keynote at LABScon23, SentinelLabs’ Principal Threat Researcher Tom Hegel addressed a crucial but often overlooked aspect of global cybersecurity: cyber threat activity in less-monitored regions, particularly Africa. Focusing on China’s strategic use of soft power across the African continent, Hegel provides a compelling analysis of how technology and investments are wielded as tools of influence and control.Highlighting its significant investments in key sectors, Hegel explores how China has established strategic influence in African… Continue Reading
5. Scaling Security Operations with Automation - In an increasingly complex and fast-paced digital landscape, organizations strive to protect themselves from various security threats. However, limited resources often hinder security teams when combatting these threats, making it difficult to keep up with the growing number of security incidents and alerts. Implementing automation throughout security operations helps security teams alleviate these challenges by streamlining repetitive tasks, reducing the risk of human error, and allowing them to focus on higher-value initiatives. While automation offers… Continue Reading
6. Mine Secures $30M in Series B Funding - December 5, 2023PRESS RELEASEBOSTON and TEL AVIV, Israel, Dec. 5, 2023 /PRNewswire/ -- Mine, a pioneering company disrupting the data privacy market, announced today that it has raised $30 million in Series B funding, co-led by Battery Ventures and PayPal Ventures, with significant investments from Nationwide Ventures and with the participation of all existing investors including Saban Ventures, Gradient Ventures (Google's AI), MassMutual Ventures and Headline Ventures. This substantial investment will propel Mine's mission to redefine data privacy and governance management for… Continue Reading
7. Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger - Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet.""This isn't a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts," Loredana Crisan, vice president of Messenger at Meta, said in a post shared on X (formerly Twitter).CEO Mark Zuckerberg, who announced a… Continue Reading
8. Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks - Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023.The vulnerabilities are as follows -Google's Threat Analysis Group and Google Project Zero revealed back in October 2023 that the three flaws, along with CVE-2022-22071 (CVSS score: 8.4), have been exploited in the wild as part of limited, targeted attacks.A security researcher named luckyrb, the Google Android Security team, and TAG researcher Benoît… Continue Reading
9. This Mini Router Gives You Lifetime Wi-Fi and VPN Coverage for $599.99 - This Mini Router Gives You Lifetime Wi-Fi and VPN Coverage for $599.99Your email has been sent Connect and protect your whole team with this mini router that offers 10,000 sq ft coverage and a built-in VPN for the low price of $599.99. When people visit your office or event, they expect to find Wi-Fi. It’s a digital courtesy that all credible businesses provide today. Delivering this kind of service can pose some surprising technical challenges.… Continue Reading
10. Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines - Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December DeadlinesYour email has been sent Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules. The U.S. Securities and Exchange Commission’s new rules around disclosure of cybersecurity incidents go into effect on Dec. 15 for public companies with fiscal years starting on or… Continue Reading