CISO Express | A Security Professional’s Home Page

Latest Security News

Credit Card Breach

Data Breach

Cyber Security

The Hackers News

Krebs On Security

  • Microsoft Patch Tuesday, April 2021 Edition

    Microsoft Patch Tuesday, April 2021 Edition

    Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server -- the same systems that have been besieged by attacks on…
    - 2 days ago 13 Apr 21, 11:12pm -
  • ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

    ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

    Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that's popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing…
    - 3 days ago 12 Apr 21, 10:18pm -

Dark Reading

SC Magazine

    Naked Security

    Data Breach Today

    • Senators Push for Changes in Wake of SolarWinds Attack

      Senators Push for Changes in Wake of SolarWinds Attack

      Intelligence Hearing Focuses on Need for Federal Breach Notification Law, Fixing 'Blind Spots'The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requirin…
      - -
    • Phishing Campaign Targeting COVID Vaccine 'Cold Chain' Expands

      Phishing Campaign Targeting COVID Vaccine 'Cold Chain' Expands

      Updated Report From IBM Provides New DetailsCybercriminals, likely backed by nation-states, are expanding global spear-phishing campaigns targeting the COVID-19 vaccine "cold chain" in an attempt to steal credentials so they can gain "privileged insi…
      - -

    Bank Info Security

    • Lazarus E-Commerce Attackers Also Targeted Cryptocurrency

      Lazarus E-Commerce Attackers Also Targeted Cryptocurrency

      Magecart-Style Attacks Included Bitcoin-Grabbing Functionality, Group-IB ReportsHackers with apparent ties to North Korea who hit e-commerce shops via Magecart-style attacks to steal payment card data also tested malicious tools for stealing cryptocu…
      - -
    • Senators Push for Changes in Wake of SolarWinds Attack

      Senators Push for Changes in Wake of SolarWinds Attack

      Intelligence Hearing Focuses on Need for Federal Breach Notification Law, Fixing 'Blind Spots'The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requirin…
      - -

    CSO Online

    • newBrandPost: Remediate Insecure Configurations to Improve Cybersecurity

      BrandPost: Remediate Insecure Configurations to Improve Cybersecurity

      A data breach can result in catastrophic consequences for any organization. Ensuring that your IT environment is safe from cyber threats can be a real challenge.To keep intruders out of your networks and data, you need more than up-to-date guidance;…
      - 17 hours ago 14 Apr 21, 7:15pm -
    • Tips to improve domain password security in Active Directory

      Tips to improve domain password security in Active Directory

      The concept of zero trust is that nothing should be trusted by default. Most of us are trying to work our way to zero trust but are not there yet. Until then, you can take steps to protect your networks better, starting with handling passwords better…
      - 1 day ago 14 Apr 21, 9:00am -

    eSecurity Planet

    Network World

    • Cisco streamlines, upgrades its SASE bundle

      Cisco streamlines, upgrades its SASE bundle

      Cisco made enhancements to its security offerings that will expand and change the way customers buy its Secure Access Service Edge products as well as bolster network-access authentication.Cisco's SASE plan will focus on enhancing networking and secu…
      - 15 days ago 31 Mar 21, 7:34pm -
    • Report: 5G network slicing could leave flaws for bad actors to exploit

      Report: 5G network slicing could leave flaws for bad actors to exploit

      5G networks that incorporate legacy technology could be vulnerable to compromise via a lack of mapping between transport and application layers, according to a report by Ireland-based AdaptiveMobile Security.5G resourcesWhat is 5G? Fast wireless tec…
      - 17 days ago 29 Mar 21, 8:56pm -

    FierceITSecurity

      Security Week

      • newNVIDIA Unveils 'Morpheus' Cybersecurity Framework

        NVIDIA Unveils 'Morpheus' Cybersecurity Framework

        NVIDIA this week unveiled Morpheus, a cloud-native application framework designed to help cybersecurity providers analyze more data without sacrificing performance.read more
        - 3 hours ago 15 Apr 21, 8:35am -
      • newIrish Watchdog Opens Another Facebook Probe, Over Data Dump

        Irish Watchdog Opens Another Facebook Probe, Over Data Dump

        Ireland’s privacy regulator said Wednesday it has opened an investigation into Facebook after data on more than 500 million users was reportedly found dumped online, in a suspected violation of strict European Union privacy rules.read more…
        - 10 hours ago 15 Apr 21, 2:15am -

      US-CERT Current Activity

      • newThreat Actors Targeting Cybersecurity Researchers
        Original release date: April 14, 2021Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites t…
        - 21 hours ago 14 Apr 21, 2:54pm -
      • Google Releases Security Updates for Chrome
        Original release date: April 13, 2021Google has updated the stable channel for Chrome to 89.0.4389.128 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA…
        - 1 day ago 14 Apr 21, 12:23am -

      CIO Online

      • How Brunswick IT enables digital business

        How Brunswick IT enables digital business

        Mike Adams joined Brunswick, the $4.3 billion manufacturing business, in 2017 to define its enterprise architecture function and to work with then CIO Danielle Brown to craft a modernization strategy. Since then, the company has sold off its non-mari…
        - 8 days ago 7 Apr 21, 12:31pm -
      • BrandPost: Episode 1: Introduction to CIAM and Why It’s Important

        BrandPost: Episode 1: Introduction to CIAM and Why It’s Important

        If your customers and clientele don’t feel secure using your products and/or accessing your corporate websites, web portals, and web shops, they won’t sign up, share information, or otherwise engage with your brand. Developing a robust approach t…
        - 10 days ago 5 Apr 21, 5:00pm -

      Virus Bulletin

      Apple Security Announcement

        Homeland Security Today

        • newIMO Council Set to Expand Under Approved Amendments
          The IMO Council has approved draft amendments to the IMO Convention to expand the size of the Council, extend the term of its Members and recognize three additional language texts as authentic versions  of the IMO Convention.
          - 11 hours ago 15 Apr 21, 12:43am -
        • newExceptional Maritime People Honored at Virtual IMO Awards
          The International Maritime Organization has recognized the contributions of a long-standing maritime industry chief and has presented its highest bravery accolade to two maritime pilots from Brazil and an off-duty seafarer from the Philippines.
          - 11 hours ago 15 Apr 21, 12:36am -

        Security Focus

        SANS Newsletter

          Graham Cluley Latest

          US-CERT Bulletin

          • Vulnerability Summary for the Week of April 5, 2021
            Original release date: April 12, 2021 High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- ipad_osAn out-of-bounds read was addressed with improved input validation. Th…
            - 3 days ago 12 Apr 21, 10:51am -
          • Vulnerability Summary for the Week of March 29, 2021
            Original release date: April 5, 2021 High VulnerabilitiesPrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoarubanetworks -- instantA remote buffer overflow vulnerability was discovered in some A…
            - 10 days ago 5 Apr 21, 11:01am -

          Zero Day Initiative

          Wired Threat Level

            Network World

            • Cisco streamlines, upgrades its SASE bundle

              Cisco streamlines, upgrades its SASE bundle

              Cisco made enhancements to its security offerings that will expand and change the way customers buy its Secure Access Service Edge products as well as bolster network-access authentication.Cisco's SASE plan will focus on enhancing networking and secu…
              - 15 days ago 31 Mar 21, 7:34pm -
            • Report: 5G network slicing could leave flaws for bad actors to exploit

              Report: 5G network slicing could leave flaws for bad actors to exploit

              5G networks that incorporate legacy technology could be vulnerable to compromise via a lack of mapping between transport and application layers, according to a report by Ireland-based AdaptiveMobile Security.5G resourcesWhat is 5G? Fast wireless tec…
              - 17 days ago 29 Mar 21, 8:56pm -

            Symantec Vulnerabilities and Exploits

            Risky Business

            • Show notes: Risky Business #443
              Bad week for Macs, Hal Martin and CrowdStrike... Links to everything discussed in episode 443 of the Risky Business podcast.read more
              - 15 Feb 17, 3:13am -
            • Show notes: Risky Business #442
              So. Much. News. Links to everything discussed in episode 442 of the Risky Business podcast.read more
              - 8 Feb 17, 4:43am -

            Packet Storm Latest

            • newMicrosoft Azure DevOps Server 2020.0.1 Cross Site Scripting
              Microsoft Azure DevOps Server version 2020.0.1 suffers from a cross site scripting vulnerability.
              - 19 hours ago 14 Apr 21, 4:50pm -
            • newRed Hat Security Advisory 2021-1195-01
              Red Hat Security Advisory 2021-1195-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Va…
              - 19 hours ago 14 Apr 21, 4:50pm -

            ITSecurityNews

            • newThe password hall of shame (and 10 tips for better password security)
              Read the original article: The password hall of shame (and 10 tips for better password security) Pop quiz: What has been the most popular — and therefore least secure — password every year since 2013? If you answered “password,” you’d…Re…
              - 3 hours ago 15 Apr 21, 9:05am -
            • newTop cybersecurity M&A deals for 2021
              Read the original article: Top cybersecurity M&A deals for 2021 2021 is shaping up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity…Read more…
              - 3 hours ago 15 Apr 21, 9:05am -

            Secuity Affairs

            NIST Latest in IT

            Darknet - The Dark Side

            • APT-Hunter – Threat Hunting Tool via Windows Event Log

              APT-Hunter – Threat Hunting Tool via Windows Event Log

              APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.This will help you to decrease the time to uncover suspic…
              - 42 days ago 4 Mar 21, 5:16pm -
            • GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials

              GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials

              GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally – this includes code, commits, wiki pages and more.GitLab Watchman searches GitLab for internally shared projects and…
              - 71 days ago 3 Feb 21, 1:13pm -

            Cyber Punk Latest

            • Mod que permite mudar o cabelo no Cyberpunk 2077 (Presentinho de Natal)

              Mod que permite mudar o cabelo no Cyberpunk 2077 (Presentinho de Natal)

                Mod que permite você mudar a aparência do seu V durante o game. Cyberpunk não possui um tipo de barbearia que você possa mudar a aparência do seu V durante o game, pensando nisso um modder fez um programa para que você possa mudar a apar…
              - 25 Dec 20, 10:17pm -
            • COMO FICAR MILIONÁRIO NO CYBERPUNK 2077 (glitch)

              COMO FICAR MILIONÁRIO NO CYBERPUNK 2077 (glitch)

                                            Primeiro temos que ir para o centro neste local do mapa.Aqui neste local vai ter tipo uma praça com varias maquinas de energéticos .Vocês vão encontrar um lugar cheio dessas maquinas, é ai que o gli…
              - 25 Dec 20, 5:07pm -

            Top Security Alerts

            Symantec Virus Status Alerts

            • Norton 360 (later than 6.0) for Windows XP/Vista/7/8
              File-Based Protection (Traditional Antivirus)Definitions Created : 2/28/2020Definitions Released : 2/28/2020Definitions Version : 220228cSequence Number : 204972Extended Version : 2/28/2020 rev. 3…
              - -
            • Symantec Endpoint Protection 12.1.3 (or later)
              File-Based Protection (Traditional Antivirus)Definitions Created : 2/28/2020Definitions Released : 2/28/2020Definitions Version : 220228cSequence Number : 204972Extended Version : 2/28/2020 rev. 3…
              - -

            US- CERT Alerts

            • AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool
              Original release date: March 18, 2021 | Last revised: April 9, 2021SummaryThis Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicator…
              - 28 days ago 18 Mar 21, 6:00pm -
            • AA21-076A: TrickBot Malware

              AA21-076A: TrickBot Malware

              Original release date: March 17, 2021 | Last revised: March 24, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics…
              - 29 days ago 17 Mar 21, 3:00pm -

            Microsoft Comprehensive Alerts

            Cisco Security Alerts

            Microsoft Basic Alerts

            Compliance and Non Profit Boards News

            Federal Financial Institutions Examination Council News

            • Lazarus E-Commerce Attackers Also Targeted Cryptocurrency

              Lazarus E-Commerce Attackers Also Targeted Cryptocurrency

              Magecart-Style Attacks Included Bitcoin-Grabbing Functionality, Group-IB ReportsHackers with apparent ties to North Korea who hit e-commerce shops via Magecart-style attacks to steal payment card data also tested malicious tools for stealing cryptocu…
              - -
            • Senators Push for Changes in Wake of SolarWinds Attack

              Senators Push for Changes in Wake of SolarWinds Attack

              Intelligence Hearing Focuses on Need for Federal Breach Notification Law, Fixing 'Blind Spots'The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requirin…
              - -

            HIPPA Omnibus Rule

            • Senators Push for Changes in Wake of SolarWinds Attack

              Senators Push for Changes in Wake of SolarWinds Attack

              Intelligence Hearing Focuses on Need for Federal Breach Notification Law, Fixing 'Blind Spots'The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requirin…
              - -
            • Phishing Campaign Targeting COVID Vaccine 'Cold Chain' Expands

              Phishing Campaign Targeting COVID Vaccine 'Cold Chain' Expands

              Updated Report From IBM Provides New DetailsCybercriminals, likely backed by nation-states, are expanding global spear-phishing campaigns targeting the COVID-19 vaccine "cold chain" in an attempt to steal credentials so they can gain "privileged insi…
              - -

            PCI Compliance Press Releases

            PCI Compliance News

            Electronic Frontier Foundation | Deep Links

            More News and Media Coverage

            Latest Tweets