CISO Express | A Security Professional’s Home Page

Latest Security News

Credit Card Breach

    Data Breach

      Cyber Security

        The Hackers News

        • How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19

          How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19

          The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other, and collaborating at work.There are several trends taking place as a consequence of th…
          - 4 days ago 21 May 20, 11:34am -
        • Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

          Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

          Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known…
          - 4 days ago 21 May 20, 8:11am -

        Krebs On Security

        • Riding the State Unemployment Fraud ‘Wave’

          Riding the State Unemployment Fraud ‘Wave’

          When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that's exactly what appear…
          - 2 days ago 23 May 20, 1:40pm -
        • Ukraine Nabs Suspect in 773M Password ‘Megabreach’

          Ukraine Nabs Suspect in 773M Password ‘Megabreach’

          In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A su…
          - 6 days ago 19 May 20, 4:46pm -

        Dark Reading

        SC Magazine

        • Fast and furious: breaches keep rolling in, orgs must act quickly

          Fast and furious: breaches keep rolling in, orgs must act quickly

          The threat landscape and nature of data breaches are constantly changing, requiring lightning fast response and throwing organizations into an nearly perpetual state of transformation. a panelist told attendees at the LegalTech Show in New York on Tu…
          - 3 Feb 16, 1:00pm -
        • Flash is dead. Long live Flash.

          Flash is dead. Long live Flash.

          Flash has a reputation for security flaws, but experts say it is time to develop a strategy for "dealing" because its ubiquity means it will remain for years to come. Alan R. Earls reports.
          - 3 Feb 16, 12:00pm -

        Naked Security

        Data Breach Today

        • Ransomware Gang Posting Financial Details From Bank Attack

          Ransomware Gang Posting Financial Details From Bank Attack

          Maze Started Releasing Payment Card Data From Costa Rican Bank This WeekThe Maze ransomware gang has started releasing payment card data from an attack that happened earlier this year at Banco BCR, which is the state-owned Bank of Costa Rica. The cyb…
          - -
        • Framework for Managing Identity in Healthcare Introduced

          Framework for Managing Identity in Healthcare Introduced

          H-ISAC Guidance Offers a Step-by-Step ApproachIn response to the growing threat of identity-centric cyberattacks in healthcare, the Health Information Sharing and Analysis Center has published a framework for managing identity for the full work lifec…
          - -

        Bank Info Security

        • Ransomware Gang Posting Financial Details From Bank Attack

          Ransomware Gang Posting Financial Details From Bank Attack

          Maze Started Releasing Payment Card Data From Costa Rican Bank This WeekThe Maze ransomware gang has started releasing payment card data from an attack that happened earlier this year at Banco BCR, which is the state-owned Bank of Costa Rica. The cyb…
          - -
        • Phishing Campaign Leverages Google to Harvest Credentials

          Phishing Campaign Leverages Google to Harvest Credentials

          Researchers: Emails Contain Google Links to Make Them Appear CredibleSome fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which not…
          - -

        CSO Online

        • How Abnormal Security combats business email compromise

          How Abnormal Security combats business email compromise

          When looking at all the different ways that hackers can threaten networks and enterprises, flashy incidents like ransomware scams often come to mind. But a relatively new kind of attack called business email compromise (BEC) has taken the lead in bot…
          - 3 days ago 22 May 20, 10:00am -
        • BrandPost: Real Time Matters in Endpoint Protection

          BrandPost: Real Time Matters in Endpoint Protection

          Given the speed and potentially devastating impact of malware targeting your end users and devices (think ransomware these days), if your endpoint security isn’t able to react immediately, the fight is over – and you will have lost. Sodinbiki ran…
          - 4 days ago 21 May 20, 1:39pm -

        eSecurity Planet

        Network World

        • COVID-19 pandemic ratchets up threats to medical IoT

          COVID-19 pandemic ratchets up threats to medical IoT

          The mere fact of the COVID pandemic’s existence has pushed the American healthcare system to capacity, but another threat to that system has reared its ugly head – cyberattacks, particularly those based on ransomware, have become more common as t…
          - 3 days ago 22 May 20, 10:00am -
        • Amid the pandemic, using trust to fight shadow IT

          Amid the pandemic, using trust to fight shadow IT

          With most workers scattered at home and trying to come up with their own ad-hoc IT workarounds, there’s an easy way for IT shops to build trust: communicate. (Insider Story)
          - 5 days ago 20 May 20, 10:00am -

        FierceITSecurity

        • Comment on CBD For Pain by blog3005.xyz
          Hello there! I simply want to offer you a big thumbs up for the excellent info you have got right here on this post.I am returning to your web site for more soon.
          - 40 days ago 14 Apr 20, 7:32pm -
        • Comment on Private Label CBD by James
          Our dispensary saved hundreds of thousands of dollars by producing our own CBD Brand using Globals Private Label CBD program. Highly recommended.
          - 41 days ago 13 Apr 20, 11:54pm -

        Security Week

        US-CERT Current Activity

        • Microsoft Releases Security Update for Edge
          Original release date: May 22, 2020<br/><p>Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privil…
          - 3 days ago 22 May 20, 1:10pm -
        • Cisco Releases Security Updates
          Original release date: May 22, 2020<br/><p>Cisco has released security updates to address vulnerabilities in Unified CCX software and Prime Network Registrar. A remote attacker could exploit one of these vulnerabilities to take control of an affected…
          - 3 days ago 22 May 20, 1:05pm -

        CIO Online

        • Amid the pandemic, using trust to fight shadow IT

          Amid the pandemic, using trust to fight shadow IT

          With most workers scattered at home and trying to come up with their own ad-hoc IT workarounds, there’s an easy way for IT shops to build trust: communicate. (Insider Story)
          - 5 days ago 20 May 20, 10:00am -
        • The Internet of Things in 2020: More vital than ever

          The Internet of Things in 2020: More vital than ever

          Just when we needed it most, the internet of things is delivering gobs of data and remote device control across almost every industry, from healthcare to agriculture.
          - 14 days ago 11 May 20, 10:00am -

        Virus Bulletin

        • Ransomware not a problem for half of businesses
          According to a report by IBM Security, 70 per cent of businesses that are the victim of a ransomware attack end up paying the ransom. However, the report also suggests that a little over half of businesses manage to avoid getting infected at all, sho…
          - 11 Jan 17, 10:13am -
        • Ransomware would be much worse if it wasn't for email security solutions
          The latest VBSpam test brings good news: at least 199 out of every 200 emails containing a malicious attachment were blocked by email security solutions. All of the full solutions tested achieved a VBSpam award, with five earning a VBSpam+ award.…
          - 5 Jan 17, 2:40pm -

        Apple Security Announcement

          Homeland Security Today

          Security Focus

          SANS Newsletter

          Graham Cluley Latest

          US-CERT Bulletin

          • Vulnerability Summary for the Week of May 11, 2020
            Original release date: May 18, 2020The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated…
            - 7 days ago 18 May 20, 10:39am -
          • Vulnerability Summary for the Week of May 4, 2020
            Original release date: May 11, 2020The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated v…
            - 14 days ago 11 May 20, 10:32am -

          Zero Day Initiative

          Wired Threat Level

            Network World

            • COVID-19 pandemic ratchets up threats to medical IoT

              COVID-19 pandemic ratchets up threats to medical IoT

              The mere fact of the COVID pandemic’s existence has pushed the American healthcare system to capacity, but another threat to that system has reared its ugly head – cyberattacks, particularly those based on ransomware, have become more common as t…
              - 3 days ago 22 May 20, 10:00am -
            • Amid the pandemic, using trust to fight shadow IT

              Amid the pandemic, using trust to fight shadow IT

              With most workers scattered at home and trying to come up with their own ad-hoc IT workarounds, there’s an easy way for IT shops to build trust: communicate. (Insider Story)
              - 5 days ago 20 May 20, 10:00am -

            Symantec Vulnerabilities and Exploits

            Risky Business

            • Show notes: Risky Business #443
              Bad week for Macs, Hal Martin and CrowdStrike... Links to everything discussed in episode 443 of the Risky Business podcast.read more
              - 15 Feb 17, 3:13am -
            • Show notes: Risky Business #442
              So. Much. News. Links to everything discussed in episode 442 of the Risky Business podcast.read more
              - 8 Feb 17, 4:43am -

            Packet Storm Latest

            • Plesk / myLittleAdmin ViewState .NET Deserialization
              This Metasploit module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded machineKey parameters in the web.config file for ASP.…
              - 2 days ago 22 May 20, 7:06pm -
            • Synology DiskStation Manager smart.cgi Remote Command Execution
              This Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions prior to 5.2-5967-5, which allows the execution of arbitrary commands under root privileges after website authentication. The vulnerability is locate…
              - 2 days ago 22 May 20, 7:03pm -

            ITSecurityNews

            Secuity Affairs

            NIST Latest in IT

            Darknet - The Dark Side

            • Pingcastle – Active Directory Security Assessment Tool

              Pingcastle – Active Directory Security Assessment Tool

              PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level with a methodology based on a risk assessment and maturity framework. It does not aim at a perfect evaluation but rather as an ef…
              - 7 days ago 18 May 20, 4:56pm -
            • Second Order – Subdomain Takeover Scanner Tool

              Second Order – Subdomain Takeover Scanner Tool

              Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by crawling the application and collecting URLs (and other data) that match specific rules or respond in a specific way.Using Second Order Subdo…
              - 25 days ago 30 Apr 20, 2:46pm -

            Top Security Alerts

            Symantec Virus Status Alerts

            • Norton 360 (later than 6.0) for Windows XP/Vista/7/8
              File-Based Protection (Traditional Antivirus)Definitions Created : 2/28/2020Definitions Released : 2/28/2020Definitions Version : 220228cSequence Number : 204972Extended Version : 2/28/2020 rev. 3…
              - -
            • Symantec Endpoint Protection 12.1.3 (or later)
              File-Based Protection (Traditional Antivirus)Definitions Created : 2/28/2020Definitions Released : 2/28/2020Definitions Version : 220228cSequence Number : 204972Extended Version : 2/28/2020 rev. 3…
              - -

            US- CERT Alerts

            • AA20-133A: Top 10 Routinely Exploited Vulnerabilities
              Original release date: May 12, 2020<br/><h3>Summary</h3><p>The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT secu…
              - 13 days ago 12 May 20, 1:00pm -
            • AA20-126A: APT Groups Target Healthcare and Essential Services
              Original release date: May 5, 2020<br/><h3>Summary</h3><p><strong>This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Sec…
              - 20 days ago 5 May 20, 12:58pm -

            Microsoft Comprehensive Alerts

            Internet Storm Center

            Cisco Security Alerts

            Microsoft Basic Alerts

            Compliance and Non Profit Boards News

            Federal Financial Institutions Examination Council News

            • Ransomware Gang Posting Financial Details From Bank Attack

              Ransomware Gang Posting Financial Details From Bank Attack

              Maze Started Releasing Payment Card Data From Costa Rican Bank This WeekThe Maze ransomware gang has started releasing payment card data from an attack that happened earlier this year at Banco BCR, which is the state-owned Bank of Costa Rica. The cyb…
              - -
            • Phishing Campaign Leverages Google to Harvest Credentials

              Phishing Campaign Leverages Google to Harvest Credentials

              Researchers: Emails Contain Google Links to Make Them Appear CredibleSome fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which not…
              - -

            HIPPA Omnibus Rule

            • Framework for Managing Identity in Healthcare Introduced

              Framework for Managing Identity in Healthcare Introduced

              H-ISAC Guidance Offers a Step-by-Step ApproachIn response to the growing threat of identity-centric cyberattacks in healthcare, the Health Information Sharing and Analysis Center has published a framework for managing identity for the full work lifec…
              - -
            • Hackers Tried to Exploit Zero-Day Flaw in Sophos Firewall

              Hackers Tried to Exploit Zero-Day Flaw in Sophos Firewall

              Attackers Attempted to Plant Trojan, Ransomware By Exploiting VulnerabilityHackers tried two methods of exploiting a zero-day vulnerability in Sophos' XG firewall, but Sophos says it made a temporary fix that mitigated the risks. Attackers originally…
              - -

            PCI Compliance Press Releases

            PCI Compliance News

            Electronic Frontier Foundation | Deep Links

            More News and Media Coverage

            Latest Tweets