Cybersecurity News, Insights and Analysis

Police Dismantle Major Ukrainian Ransomware Operation

Police from several countries have dismantled a major Ukraine-based ransomware operation and arrested its alleged ringleader.

Exploitation of Critical ownCloud Vulnerability Begins

Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.

Critical Vulnerability Found in Ray AI Framework

A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes.

Los Angeles SIM Swapper Sentenced to 8 Years in Prison

Amir Golshan of Los Angeles was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes.

Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets

AWS announces Amazon One Enterprise, a palm-based identity service that enables users to easily access physical locations and digital assets.

Ardent Hospitals Diverting Patients Following Ransomware Attack

Ransomware attack forces Ardent hospitals to shut down systems, impacting clinical and financial operations.

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass

Three critical vulnerabilities in ownCloud could lead to sensitive information disclosure and authentication and validation bypass.

Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption

Healthcare solutions giant Henry Schein is once again restoring systems after ransomware group claims it re-encrypted files.

US, UK Cybersecurity Agencies Publish AI Development Guidance

New guidance from US and UK cybersecurity agencies provides recommendations for secure AI system development.

Hacktivism: What’s in a Name… It May be More Than You Expect

Hacktivism is evolving. It is important for both the law and cyber defenders to understand the current and potential activity of hacktivism to better understand how it should be treated.

Fidelity National Financial Takes Down Systems Following Cyberattack

Fidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack.

UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws

UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.

Hackers Hijack Industrial Control System at US Water Utility

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or water supply.

Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons

The U.S. military is increasing use of AI technology that will fundamentally alter the nature of war.

North Korean Software Supply Chain Attack Hits North America, Asia

North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack.

Exploitation of Critical ownCloud Vulnerability Begins

Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.

Hackers Hijack Industrial Control System at US Water Utility

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or water supply.

Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons

The U.S. military is increasing use of AI technology that will fundamentally alter the nature of war.

Police Dismantle Major Ukrainian Ransomware Operation

Police from several countries have dismantled a major Ukraine-based ransomware operation and arrested its alleged ringleader.

Exploitation of Critical ownCloud Vulnerability Begins

Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.

Critical Vulnerability Found in Ray AI Framework

A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes.

Los Angeles SIM Swapper Sentenced to 8 Years in Prison

Amir Golshan of Los Angeles was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes.

Humans Are Notoriously Bad at Assessing Risk

When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality.

Joshua Goldfarb Read more

5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms

It’s crucial to thoroughly assess the risk profiles of various SSE platforms and weigh their suitability against their organization’s risk tolerance before adopting SSE.

Etay Maor Read more

Threat Intel: To Share or Not to Share is Not the Question

To share or not to share threat intelligence isn’t the question. It’s how to share, what to share, where and with whom.

Marc Solomon Read more

Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation

By embracing a strategy that combines technological advancements with critical thinking skills, collaboration, and a culture of continuous learning, organizations can safeguard against AI’s disruptive effects.

Rik Ferguson Read more

Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point

Offensive Security does not focus on discreet attacks, singular actors, or Indicators of compromise, but understands the entirety of both sides of the battlefield.

Tom Eston Read more

More Expert Insights

Virtual Event: Cyber AI & Automation Summit

Wednesday, December 6, 2023

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Webinar: Scaling Software Supply Chain Security: Driving Actionable SBOM Management with the OpenSSF S2C2F OSS Specification

On Demand

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Watch Now

Topics for 2023 Cybersecurity Insights Series

Hacker Conversations: Interview with Chris Wysopal, AKA Weld Pond

CISO Conversations: Cloud Security Firms

CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning.

Learn More

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Exploitation of Critical ownCloud Vulnerability Begins

Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.

November 28, 2023
Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass

Three critical vulnerabilities in ownCloud could lead to sensitive information disclosure and authentication and validation bypass.

November 27, 2023
Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products

Microsoft invites researchers to new bug bounty program focused on vulnerabilities in its Defender products.

November 22, 2023
Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability

Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it.

November 22, 2023

Los Angeles SIM Swapper Sentenced to 8 Years in Prison

Amir Golshan of Los Angeles was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes.

November 28, 2023
Hacktivism: What’s in a Name… It May be More Than You Expect

Hacktivism is evolving. It is important for both the law and cyber defenders to understand the current and potential activity of hacktivism to better…

November 27, 2023
Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’

Cybercriminals hacked into the Kansas court system, stole sensitive data and threatened to post it on the dark web in a ransomware attack that…

November 22, 2023
2 Environmentalists Who Were Targeted by a Hacking Network Say the Public Is the Real Victim

Two environmentalists told a judge that the public was the real victim of a global computer hacking campaign that targeted those fighting big oil…

November 17, 2023

SECURITYWEEK NETWORK:

ICS:

Latest Cybersecurity News

Police Dismantle Major Ukrainian Ransomware Operation

Exploitation of Critical ownCloud Vulnerability Begins

Critical Vulnerability Found in Ray AI Framework

Los Angeles SIM Swapper Sentenced to 8 Years in Prison

Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets

Ardent Hospitals Diverting Patients Following Ransomware Attack

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass

Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption

US, UK Cybersecurity Agencies Publish AI Development Guidance

Hacktivism: What’s in a Name… It May be More Than You Expect

Fidelity National Financial Takes Down Systems Following Cyberattack

UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws

Hackers Hijack Industrial Control System at US Water Utility

Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons

North Korean Software Supply Chain Attack Hits North America, Asia

Exploitation of Critical ownCloud Vulnerability Begins

Hackers Hijack Industrial Control System at US Water Utility

Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons

Top Cybersecurity Headlines

Police Dismantle Major Ukrainian Ransomware Operation

Exploitation of Critical ownCloud Vulnerability Begins

Critical Vulnerability Found in Ray AI Framework

Los Angeles SIM Swapper Sentenced to 8 Years in Prison

SecurityWeek Industry Experts

Humans Are Notoriously Bad at Assessing Risk

5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms

Threat Intel: To Share or Not to Share is Not the Question

Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation

Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point

Trending

Daily Briefing Newsletter

Virtual Event: Cyber AI & Automation Summit

Webinar: Scaling Software Supply Chain Security: Driving Actionable SBOM Management with the OpenSSF S2C2F OSS Specification

Broadcom Planning to Complete Deal for $69 Billion Acquisition of VMware After Regulators Give OK

Cybersecurity M&A Roundup: 31 Deals Announced in October 2023

Palo Alto to Acquire Talon, Intensifying Competition in Cloud Data Security

Proofpoint to Acquire Tessian for AI-Powered Email Security Tech

Cybersecurity M&A Roundup for First Half of October 2023

SecurityWeek Cyber Insights 2023 Series

Cyber Insights 2023 | The Coming of Web3

Cyber Insights 2023 | Zero Trust and Identity and Access Management

Cyber Insights 2023: Venture Capital

Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse

Cyber Insights 2023 | Ransomware

Hacker Conversations: Chris Wysopal, AKA Weld Pond

Hacker Conversations: Natalie Silvanovich From Google’s Project Zero

Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd

Hacker Conversations: Alex Ionescu

Hacker Conversations: Cris Thomas (AKA Space Rogue) From Lopht Heavy Industries

CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership

CISO Conversations: Field CISOs From VMware Carbon Black and NetSPI

CISO Conversations: CISOs of Identity Giants IDEMIA and Ping

CISO Conversations: Three Leading CISOs From the Payment Industry

CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief

Upcoming Virtual Events

Vulnerabilities

Exploitation of Critical ownCloud Vulnerability Begins

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass

Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products

Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability

Cybercrime

Los Angeles SIM Swapper Sentenced to 8 Years in Prison

Hacktivism: What’s in a Name… It May be More Than You Expect

Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’

2 Environmentalists Who Were Targeted by a Hacking Network Say the Public Is the Real Victim

CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations

Morgan Stanley Fined $6.5 Million for Exposing Customer Information

Microsoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His Firing

Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products

5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms

Yamaha Motor Confirms Data Breach Following Ransomware Attack

Russia’s LitterDrifter USB Worm Spreads Beyond Ukraine

250 Organizations Take Part in Electrical Grid Security Exercise

US Announces $70 Million Cybersecurity Boost for Rural, Municipal Utilities

K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs

ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company

2 Environmentalists Who Were Targeted by a Hacking Network Say the Public Is the Real Victim

Webinar: Scaling Software Supply Chain Security: Driving Actionable SBOM Management with the OpenSSF S2C2F OSS Specification