CISO Express | A Security Professional’s Home Page

Latest Security News

Credit Card Breach

Data Breach

Cyber Security

The Hackers News

Krebs On Security

  • Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

    Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

    On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In…
    - 9 days ago 14 Oct 21, 5:37pm -
  • How Coinbase Phishers Steal One-Time Passwords

    How Coinbase Phishers Steal One-Time Passwords

    A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by t…
    - 10 days ago 13 Oct 21, 2:27pm -

Dark Reading

SC Magazine

    Naked Security

    Data Breach Today

    • New Bill Would Secure Government Contractors' Use of AI

      New Bill Would Secure Government Contractors' Use of AI

      Co-Sponsor of Bipartisan Proposal Calls Bill 'Common-Sense Legislation'Two Senate leaders on Thursday introduced legislation that would form a working group charged with monitoring the security of AI data obtained by federal contractors. This body wo…
      - -
    • FIN7 Sets Up Fake Pentesting Company Site to Recruit Talent

      FIN7 Sets Up Fake Pentesting Company Site to Recruit Talent

      The Cybercrime Group Posted Job Advertisements on Russian Job PortalsThreat group FIN7 has set up a website posing as a security company to recruit talent, according to fraud intelligence company Gemini Advisory. The aim of the scam was to lure secur…
      - -

    Bank Info Security

    • New Bill Would Secure Government Contractors' Use of AI

      New Bill Would Secure Government Contractors' Use of AI

      Co-Sponsor of Bipartisan Proposal Calls Bill 'Common-Sense Legislation'Two Senate leaders on Thursday introduced legislation that would form a working group charged with monitoring the security of AI data obtained by federal contractors. This body wo…
      - -
    • FIN7 Sets Up Fake Pentesting Company Site to Recruit Talent

      FIN7 Sets Up Fake Pentesting Company Site to Recruit Talent

      The Cybercrime Group Posted Job Advertisements on Russian Job PortalsThreat group FIN7 has set up a website posing as a security company to recruit talent, according to fraud intelligence company Gemini Advisory. The aim of the scam was to lure secur…
      - -

    CSO Online

    • BrandPost: CIS CSAT Pro v1.7: CIS Controls v8 Assessment and More

      BrandPost: CIS CSAT Pro v1.7: CIS Controls v8 Assessment and More

      The CIS Controls Self Assessment Tool (CIS CSAT) allows organizations to perform assessments on their implementation of the CIS Critical Security Controls (CIS Controls). You can track progress over time and identify areas for improvement. CIS CSA…
      - 1 day ago 22 Oct 21, 3:25pm -
    • Security Recruiter Directory

      Security Recruiter Directory

      Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positi…
      - 2 days ago 22 Oct 21, 9:00am -

    eSecurity Planet

    • Multi-Party Cyberattacks Lead to Big Losses: Security Researchers

      Multi-Party Cyberattacks Lead to Big Losses: Security Researchers

      The attacks on SolarWinds and Kaseya over the past year put a spotlight on how an attack on a single company can have downstream consequences on the victim’s partners and customers. The attackers used the entry they gained into the companies to fan…
      - 2 days ago 21 Oct 21, 11:37pm -
    • ThycoticCentrify Ransomware Report: 83 Percent of Victims Paying Ransom

      ThycoticCentrify Ransomware Report: 83 Percent of Victims Paying Ransom

      The bulk of companies hit by ransomware are deciding that paying the ransom is the best and fastest way to get their businesses back online, despite growing pressure from the federal government and some in industry to not give into the cybercriminals…
      - 3 days ago 20 Oct 21, 8:03pm -

    Network World

    • Gartner: Top strategic predictions for 2022 and beyond

      Gartner: Top strategic predictions for 2022 and beyond

      Expect the unexpected – that’s just one of the core premises IT leaders need to embrace in the next few years, according to Gartner's top strategic predictions for 2022 and beyond.IT leaders need to be able to move in multiple strategic direc…
      - 2 days ago 21 Oct 21, 6:34pm -
    • Gartner says IT spending to top $4 trillion in 2022

      Gartner says IT spending to top $4 trillion in 2022

      With IT budgets growing at the fastest rate in 10 years, worldwide IT spending is projected to total $4.5 trillion in 2022, an increase of 5.5% from 2021, according to the latest Gartner forecasts.All IT spending segments—from data-center system…
      - 3 days ago 20 Oct 21, 10:08pm -

    FierceITSecurity

      Security Week

      US-CERT Current Activity

      • newMalware Discovered in Popular NPM Package, ua-parser-js
        Original release date: October 22, 2021Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent dat…
        - 23 hours ago 23 Oct 21, 1:57am -
      • GPS Daemon (GPSD) Rollover Bug
        Original release date: October 21, 2021Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD ver…
        - 2 days ago 21 Oct 21, 7:36pm -

      CIO Online

      • UiPath partners with CrowdStrike to secure SaaS workflow automation

        UiPath partners with CrowdStrike to secure SaaS workflow automation

        UiPath is expanding its robotic process automation (RPA) platform with new features it hopes will put it on CIOs’ radar, including better security, a cloud-native delivery model, and the ability to automate through APIs as well as the UI.The sec…
        - 13 days ago 11 Oct 21, 9:00am -
      • What is AIOps? Injecting intelligence into IT operations

        What is AIOps? Injecting intelligence into IT operations

        Cloud platforms, managed service providers, and organizations undertaking digital transformations are beginning to reap the benefits of an emerging IT trend: the use of AI-powered IT operations technology to monitor and manage the IT portfolio aut…
        - 52 days ago 2 Sep 21, 9:00am -

      Virus Bulletin

      Apple Security Announcement

        Homeland Security Today

        SANS Newsletter

          Graham Cluley Latest

          US-CERT Bulletin

          • Vulnerability Summary for the Week of October 11, 2021
            Original release date: October 18, 2021 High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoardour -- ardourArdour v5.12 contains a use-after-free vulnerabi…
            - 6 days ago 18 Oct 21, 11:23am -
          • Vulnerability Summary for the Week of October 4, 2021
            Original release date: October 11, 2021 High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoarchibus -- web_central** UNSUPPORTED WHEN ASSIGNED ** In ARCHIB…
            - 12 days ago 11 Oct 21, 2:14pm -

          Zero Day Initiative

          Wired Threat Level

            Network World

            • Gartner: Top strategic predictions for 2022 and beyond

              Gartner: Top strategic predictions for 2022 and beyond

              Expect the unexpected – that’s just one of the core premises IT leaders need to embrace in the next few years, according to Gartner's top strategic predictions for 2022 and beyond.IT leaders need to be able to move in multiple strategic direc…
              - 2 days ago 21 Oct 21, 6:34pm -
            • Gartner says IT spending to top $4 trillion in 2022

              Gartner says IT spending to top $4 trillion in 2022

              With IT budgets growing at the fastest rate in 10 years, worldwide IT spending is projected to total $4.5 trillion in 2022, an increase of 5.5% from 2021, according to the latest Gartner forecasts.All IT spending segments—from data-center system…
              - 3 days ago 20 Oct 21, 10:08pm -

            Symantec Vulnerabilities and Exploits

            Risky Business

            • Show notes: Risky Business #443
              Bad week for Macs, Hal Martin and CrowdStrike... Links to everything discussed in episode 443 of the Risky Business podcast.read more
              - 15 Feb 17, 3:13am -
            • Show notes: Risky Business #442
              So. Much. News. Links to everything discussed in episode 442 of the Risky Business podcast.read more
              - 8 Feb 17, 4:43am -

            Packet Storm Latest

            • Faraday 3.18.0
              Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security a…
              - 1 day ago 22 Oct 21, 3:48pm -
            • Ubuntu Security Notice USN-5121-1
              Ubuntu Security Notice 5121-1 - Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain…
              - 1 day ago 22 Oct 21, 3:47pm -

            ITSecurityNews

            • newCISA warns of trojanized versions of JavaScript library’s NPM package
              This article has been indexed from HackRead By Deeba Ahmed The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository. This is a post from HackRead.com Read……
              - 5 hours ago 23 Oct 21, 8:05pm -
            • newHere’s When You Can Download macOS Monterey

              Here’s When You Can Download macOS Monterey

              This article has been indexed from MacRumors: Mac News and Rumors – Front Page Apple’s official public release of macOS Monterey is set to occur on Monday, October 25, just a few days after Apple released the second release candidate…Read more…
              - 6 hours ago 23 Oct 21, 7:35pm -

            Secuity Affairs

            NIST Latest in IT

            Darknet - The Dark Side

            • Karkinos – Beginner Friendly Penetration Testing Tool

              Karkinos – Beginner Friendly Penetration Testing Tool

              Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a ‘Swiss Army Knife’ for pen-testing and/or hacking CTF’s.Karkinos Beginner Friendly Penetration Testing Tool FeaturesEncoding/Decoding charactersEnc…
              - 54 days ago 30 Aug 21, 6:53pm -
            • Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory

              Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory

              Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths.It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation…
              - 6 Jul 21, 4:16pm -

            Cyber Punk Latest

            • Mod que permite mudar o cabelo no Cyberpunk 2077 (Presentinho de Natal)

              Mod que permite mudar o cabelo no Cyberpunk 2077 (Presentinho de Natal)

                Mod que permite você mudar a aparência do seu V durante o game. Cyberpunk não possui um tipo de barbearia que você possa mudar a aparência do seu V durante o game, pensando nisso um modder fez um programa para que você possa mudar a apar…
              - 25 Dec 20, 10:17pm -
            • COMO FICAR MILIONÁRIO NO CYBERPUNK 2077 (glitch)

              COMO FICAR MILIONÁRIO NO CYBERPUNK 2077 (glitch)

                                            Primeiro temos que ir para o centro neste local do mapa.Aqui neste local vai ter tipo uma praça com varias maquinas de energéticos .Vocês vão encontrar um lugar cheio dessas maquinas, é ai que o gli…
              - 25 Dec 20, 5:07pm -

            Top Security Alerts

            Symantec Virus Status Alerts

            • Norton 360 (later than 6.0) for Windows XP/Vista/7/8
              File-Based Protection (Traditional Antivirus)Definitions Created : 2/28/2020Definitions Released : 2/28/2020Definitions Version : 220228cSequence Number : 204972Extended Version : 2/28/2020 re…
              - -
            • Symantec Endpoint Protection 12.1.3 (or later)
              File-Based Protection (Traditional Antivirus)Definitions Created : 2/28/2020Definitions Released : 2/28/2020Definitions Version : 220228cSequence Number : 204972Extended Version : 2/28/2020 re…
              - -

            US- CERT Alerts

            • AA21-291A: BlackMatter Ransomware
              Original release date: October 18, 2021SummaryActions You Can Take Now to Protect Against BlackMatter Ransomware• Implement and enforce backup and restoration policies and procedures.• Use strong, unique passwords.• Use multi-factor authenti…
              - 5 days ago 18 Oct 21, 5:00pm -
            • AA21-287A: Ongoing Cyber Threats to U.S. Water and Wastewater Systems
              Original release date: October 14, 2021SummaryImmediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity• Do not click on suspicious links.• If you use RDP, secure and monitor it.• Use strong passwords.• Use…
              - 9 days ago 14 Oct 21, 6:00pm -

            Microsoft Comprehensive Alerts

            Internet Storm Center

            Cisco Security Alerts

            Microsoft Basic Alerts

            Compliance and Non Profit Boards News

            Federal Financial Institutions Examination Council News

            • New Bill Would Secure Government Contractors' Use of AI

              New Bill Would Secure Government Contractors' Use of AI

              Co-Sponsor of Bipartisan Proposal Calls Bill 'Common-Sense Legislation'Two Senate leaders on Thursday introduced legislation that would form a working group charged with monitoring the security of AI data obtained by federal contractors. This body wo…
              - -
            • FIN7 Sets Up Fake Pentesting Company Site to Recruit Talent

              FIN7 Sets Up Fake Pentesting Company Site to Recruit Talent

              The Cybercrime Group Posted Job Advertisements on Russian Job PortalsThreat group FIN7 has set up a website posing as a security company to recruit talent, according to fraud intelligence company Gemini Advisory. The aim of the scam was to lure secur…
              - -

            HIPPA Omnibus Rule

            • New Bill Would Secure Government Contractors' Use of AI

              New Bill Would Secure Government Contractors' Use of AI

              Co-Sponsor of Bipartisan Proposal Calls Bill 'Common-Sense Legislation'Two Senate leaders on Thursday introduced legislation that would form a working group charged with monitoring the security of AI data obtained by federal contractors. This body wo…
              - -
            • FIN7 Sets Up Fake Pentesting Company Site to Recruit Talent

              FIN7 Sets Up Fake Pentesting Company Site to Recruit Talent

              The Cybercrime Group Posted Job Advertisements on Russian Job PortalsThreat group FIN7 has set up a website posing as a security company to recruit talent, according to fraud intelligence company Gemini Advisory. The aim of the scam was to lure secur…
              - -

            PCI Compliance Press Releases

            PCI Compliance News

            Electronic Frontier Foundation | Deep Links

            More News and Media Coverage

            Latest Tweets