CISO Express | A Security Professional’s Home Page

Latest Security News

Credit Card Breach

Data Breach

Cyber Security

The Hackers News

  • newHigh-Severity RCE Flaw Disclosed in Several Netgear Router Models

    High-Severity RCE Flaw Disclosed in Several Netgear Router Models

    Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.<!--adsense-->Tr…
    - 2 hours ago 23 Sep 21, 8:15am -
  • newNew Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures

    New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures

    As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and ph…
    - 2 hours ago 23 Sep 21, 8:09am -

Krebs On Security

  • Does Your Organization Have a Security.txt File?

    Does Your Organization Have a Security.txt File?

    It happens all the time: Organizations get hacked because there isn't an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn't entirely clear who should get the report when remote access…
    - 2 days ago 20 Sep 21, 9:57pm -
  • Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

    Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

    A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attac…
    - 6 days ago 17 Sep 21, 1:22am -

Dark Reading

SC Magazine

    Naked Security

    Data Breach Today

    • US DHS, FBI Face Ransomware Questions from Congress

      US DHS, FBI Face Ransomware Questions from Congress

      DHS' Alejandro Mayorkas, FBI's Christopher Wray Discuss Ransomware SurgeU.S. FBI and Department of Homeland Security leaders fielded several cybersecurity questions from House lawmakers Wednesday, particularly around the surge in ransomware attacks,…
      - -
    • Russians Prevent Mēris Botnet From Hijacking 45,000 Devices

      Russians Prevent Mēris Botnet From Hijacking 45,000 Devices

      Russia’s Remote Electronic Voting System Fends Off 19 DDoS AttacksRussian cybersecurity firm Rostelecom-Solar reports that it prevented what it believes is the Mēris botnet from an attempted takeover of 45,000 new devices. The company's president…
      - -

    Bank Info Security

    • US DHS, FBI Face Ransomware Questions from Congress

      US DHS, FBI Face Ransomware Questions from Congress

      DHS' Alejandro Mayorkas, FBI's Christopher Wray Discuss Ransomware SurgeU.S. FBI and Department of Homeland Security leaders fielded several cybersecurity questions from House lawmakers Wednesday, particularly around the surge in ransomware attacks,…
      - -
    • Russians Prevent Mēris Botnet From Hijacking 45,000 Devices

      Russians Prevent Mēris Botnet From Hijacking 45,000 Devices

      Russia’s Remote Electronic Voting System Fends Off 19 DDoS AttacksRussian cybersecurity firm Rostelecom-Solar reports that it prevented what it believes is the Mēris botnet from an attempted takeover of 45,000 new devices. The company's president…
      - -

    CSO Online

    • new10 top API security testing tools

      10 top API security testing tools

      Application programming interfaces (APIs) are a critical part of most modern programs and applications. In fact, both cloud deployments and mobile applications have come to rely so heavily on APIs that you can’t have either without an API managi…
      - 51 mins ago 23 Sep 21, 9:00am -
    • newBreach reporting required for health apps and devices, FTC says

      Breach reporting required for health apps and devices, FTC says

      The Federal Trade Commission (FTC) commissioners, in a split-vote (3-2), issued a policy statement on September 15, requiring both health applications and connected devices to comply with the “Health Breach Notification Rule (August 2009).” Th…
      - 51 mins ago 23 Sep 21, 9:00am -

    eSecurity Planet

    • newCould You Be a Ransomware Target? Here’s What Attackers Look For

      Could You Be a Ransomware Target? Here’s What Attackers Look For

      Ransomware is one of the fastest-growing and most destructive cyber threats today. Cybersecurity researchers largely agree that ransomware growth has been astronomical; the only question is by how much. A recent Positive Technologies report found tha…
      - 11 hours ago 22 Sep 21, 10:43pm -
    • newBest Backup Solutions for Ransomware Protection
      Backup has in some sense always been about the security of data. In the event of a data loss or disaster, you could turn to your backup to retrieve the data. But these days, backup must do much more. Not only must it provide a way to restore data in…
      - 15 hours ago 22 Sep 21, 6:50pm -

    Network World

    • Tape backup as a defense vs. ransomware

      Tape backup as a defense vs. ransomware

      Tape is definitely not the best choice for primary recovery, but it does have features that make it a credible option for restoring systems and data that have fallen victim to ransomware without having to pay the ransom.The cloud has many more ups…
      - 2 days ago 20 Sep 21, 10:44pm -
    • Palo Alto shapes SASE package for hybrid enterprises

      Palo Alto shapes SASE package for hybrid enterprises

      Palo Alto Networks has bolted together its SD-WAN and security technologies to offer an integrated, cloud-based, secure-access service edge (SASE) offering aimed at simplifying distributed enterprises.Called Prisma SASE, the package brings togethe…
      - 7 days ago 16 Sep 21, 4:32pm -

    FierceITSecurity

      Security Week

      • newLithuanian Agency Warns Against Use of Chinese-made Phones

        Lithuanian Agency Warns Against Use of Chinese-made Phones

        Lithuanian cybersecurity experts are urging the country’s government agencies to abandon the use of Chinese smartphone brands after an investigation identified security vulnerabilities and censorship concerns with certain devices.read more…
        - 12 hours ago 22 Sep 21, 9:37pm -
      • newNetgear Patches Remote Code Execution Flaw in SOHO Routers

        Netgear Patches Remote Code Execution Flaw in SOHO Routers

        A security vulnerability in Small Offices/Home Offices (SOHO) routers from Netgear could be exploited to execute arbitrary code remotely as root, according to security researchers at consulting firm GRIMM.read more
        - 16 hours ago 22 Sep 21, 5:32pm -

      US-CERT Current Activity

      • newCISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware 
        Original release date: September 22, 2021CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Maliciou…
        - 17 hours ago 22 Sep 21, 5:00pm -
      • newGoogle Releases Security Updates for Chrome
        Original release date: September 22, 2021Google has released Chrome version 94.0.4606.54  for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.CISA encourages user…
        - 18 hours ago 22 Sep 21, 3:36pm -

      CIO Online

      • What is AIOps? Injecting intelligence into IT operations

        What is AIOps? Injecting intelligence into IT operations

        Cloud platforms, managed service providers, and organizations undertaking digital transformations are beginning to reap the benefits of an emerging IT trend: the use of AI-powered IT operations technology to monitor and manage the IT portfolio aut…
        - 21 days ago 2 Sep 21, 9:00am -
      • 4 reasons to prioritize developers' infrastructure needs

        4 reasons to prioritize developers' infrastructure needs

        As companies make digital transformation both an immediate priority and an ongoing process for the future, I see a worrying trend in many organizations.To read this article in full, please click here(Insider Story)
        - 52 days ago 2 Aug 21, 9:00am -

      Virus Bulletin

      • VB2021 localhost call for last-minute papers
        The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research! Read more
        - 52 days ago 2 Aug 21, 10:29am -
      • test
        test Read more
        - 77 days ago 8 Jul 21, 11:40am -

      Apple Security Announcement

        Homeland Security Today

        SANS Newsletter

          Graham Cluley Latest

          US-CERT Bulletin

          • Vulnerability Summary for the Week of September 13, 2021
            Original release date: September 20, 2021 High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infozohocorp -- manageengine_adselfservice_plusZoho ManageEngine A…
            - 3 days ago 20 Sep 21, 10:58am -
          • Vulnerability Summary for the Week of September 6, 2021
            Original release date: September 13, 2021 High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadaptivescale -- lxduiA Hardcoded JWT Secret Key in metadata.p…
            - 10 days ago 13 Sep 21, 10:54am -

          Zero Day Initiative

          Wired Threat Level

            Network World

            • Tape backup as a defense vs. ransomware

              Tape backup as a defense vs. ransomware

              Tape is definitely not the best choice for primary recovery, but it does have features that make it a credible option for restoring systems and data that have fallen victim to ransomware without having to pay the ransom.The cloud has many more ups…
              - 2 days ago 20 Sep 21, 10:44pm -
            • Palo Alto shapes SASE package for hybrid enterprises

              Palo Alto shapes SASE package for hybrid enterprises

              Palo Alto Networks has bolted together its SD-WAN and security technologies to offer an integrated, cloud-based, secure-access service edge (SASE) offering aimed at simplifying distributed enterprises.Called Prisma SASE, the package brings togethe…
              - 7 days ago 16 Sep 21, 4:32pm -

            Symantec Vulnerabilities and Exploits

            Risky Business

            • Show notes: Risky Business #443
              Bad week for Macs, Hal Martin and CrowdStrike... Links to everything discussed in episode 443 of the Risky Business podcast.read more
              - 15 Feb 17, 3:13am -
            • Show notes: Risky Business #442
              So. Much. News. Links to everything discussed in episode 442 of the Risky Business podcast.read more
              - 8 Feb 17, 4:43am -

            Packet Storm Latest

            ITSecurityNews

            • new10 top API security testing tools
              This article has been indexed from CSO Online Application programming interfaces (APIs) are a critical part of most modern programs and applications. In fact, both cloud deployments and mobile applications have come to rely so heavily on APIs that yo…
              - 15 mins ago 23 Sep 21, 9:37am -
            • newBreach reporting required for health apps and devices, FTC says
              This article has been indexed from CSO Online The Federal Trade Commission (FTC) commissioners, in a split-vote (3-2), issued a policy statement on September 15, requiring both health applications and connected devices to comply with the “Health Br…
              - 15 mins ago 23 Sep 21, 9:37am -

            Secuity Affairs

            NIST Latest in IT

            Darknet - The Dark Side

            • Karkinos – Beginner Friendly Penetration Testing Tool

              Karkinos – Beginner Friendly Penetration Testing Tool

              Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a ‘Swiss Army Knife’ for pen-testing and/or hacking CTF’s.Karkinos Beginner Friendly Penetration Testing Tool FeaturesEncoding/Decoding charactersEnc…
              - 24 days ago 30 Aug 21, 6:53pm -
            • Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory

              Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory

              Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths.It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation…
              - 79 days ago 6 Jul 21, 4:16pm -

            Cyber Punk Latest

            • Mod que permite mudar o cabelo no Cyberpunk 2077 (Presentinho de Natal)

              Mod que permite mudar o cabelo no Cyberpunk 2077 (Presentinho de Natal)

                Mod que permite você mudar a aparência do seu V durante o game. Cyberpunk não possui um tipo de barbearia que você possa mudar a aparência do seu V durante o game, pensando nisso um modder fez um programa para que você possa mudar a apar…
              - 25 Dec 20, 10:17pm -
            • COMO FICAR MILIONÁRIO NO CYBERPUNK 2077 (glitch)

              COMO FICAR MILIONÁRIO NO CYBERPUNK 2077 (glitch)

                                            Primeiro temos que ir para o centro neste local do mapa.Aqui neste local vai ter tipo uma praça com varias maquinas de energéticos .Vocês vão encontrar um lugar cheio dessas maquinas, é ai que o gli…
              - 25 Dec 20, 5:07pm -

            Top Security Alerts

            Symantec Virus Status Alerts

            • Norton 360 (later than 6.0) for Windows XP/Vista/7/8
              File-Based Protection (Traditional Antivirus)Definitions Created : 2/28/2020Definitions Released : 2/28/2020Definitions Version : 220228cSequence Number : 204972Extended Version : 2/28/2020 re…
              - -
            • Symantec Endpoint Protection 12.1.3 (or later)
              File-Based Protection (Traditional Antivirus)Definitions Created : 2/28/2020Definitions Released : 2/28/2020Definitions Version : 220228cSequence Number : 204972Extended Version : 2/28/2020 re…
              - -

            US- CERT Alerts

            • newAA21-265A: Conti Ransomware
              Original release date: September 22, 2021SummaryImmediate Actions You Can Take Now to Protect Against Conti Ransomware• Use multi-factor authentication.• Segment and segregate networks and functions.• Update your operating system and softwar…
              - 17 hours ago 22 Sep 21, 5:00pm -
            • AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
              Original release date: September 16, 2021SummaryThis Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for  referenced threat actor tactic…
              - 7 days ago 16 Sep 21, 5:00pm -

            Microsoft Comprehensive Alerts

            Internet Storm Center

            Cisco Security Alerts

            Microsoft Basic Alerts

            Compliance and Non Profit Boards News

            Federal Financial Institutions Examination Council News

            • US DHS, FBI Face Ransomware Questions from Congress

              US DHS, FBI Face Ransomware Questions from Congress

              DHS' Alejandro Mayorkas, FBI's Christopher Wray Discuss Ransomware SurgeU.S. FBI and Department of Homeland Security leaders fielded several cybersecurity questions from House lawmakers Wednesday, particularly around the surge in ransomware attacks,…
              - -
            • Russians Prevent Mēris Botnet From Hijacking 45,000 Devices

              Russians Prevent Mēris Botnet From Hijacking 45,000 Devices

              Russia’s Remote Electronic Voting System Fends Off 19 DDoS AttacksRussian cybersecurity firm Rostelecom-Solar reports that it prevented what it believes is the Mēris botnet from an attempted takeover of 45,000 new devices. The company's president…
              - -

            HIPPA Omnibus Rule

            • US DHS, FBI Face Ransomware Questions from Congress

              US DHS, FBI Face Ransomware Questions from Congress

              DHS' Alejandro Mayorkas, FBI's Christopher Wray Discuss Ransomware SurgeU.S. FBI and Department of Homeland Security leaders fielded several cybersecurity questions from House lawmakers Wednesday, particularly around the surge in ransomware attacks,…
              - -
            • Russians Prevent Mēris Botnet From Hijacking 45,000 Devices

              Russians Prevent Mēris Botnet From Hijacking 45,000 Devices

              Russia’s Remote Electronic Voting System Fends Off 19 DDoS AttacksRussian cybersecurity firm Rostelecom-Solar reports that it prevented what it believes is the Mēris botnet from an attempted takeover of 45,000 new devices. The company's president…
              - -

            PCI Compliance Press Releases

            PCI Compliance News

            Electronic Frontier Foundation | Deep Links

            • Stop Military Surveillance Drones from Coming Home
              A federal statute authorizes the Pentagon to transfer surveillance technology, among other military equipment, to state and local police. This threatens privacy, free speech, and racial justice. So Congress should do the right thing and enact Repres…
              - 2 days ago 21 Sep 21, 9:49pm -
            • HTTPS Is Actually Everywhere

              HTTPS Is Actually Everywhere

              For more than 10 years, EFF’s HTTPS Everywhere browser extension has provided a much-needed service to users: encrypting their browser communications with websites and making sure they benefit from the protection of HTTPS wherever possible. Since w…
              - 2 days ago 21 Sep 21, 6:37pm -

            More News and Media Coverage

            Latest Tweets