Somcert

As of December 18, 2023, publicly traded organizations must comply with the Security and Exchange Commission (SEC) incident disclosure regulations, which were originally unveiled in July 2023. Under the new rules, publicly traded companies will be required to report cyber incidents within four business days of determining that the incident is “material,” meaning it would potentially impact a […]

United States officials say they dismantled a China-backed hacking operation targeting civilian infrastructure, but the Federal Bureau of Investigation (FBI) warned of future threats if the two superpowers ever go to war. The Chinese state-sponsored hacking group Volt Typhoon allegedly sought to damage public sector facilities such as water treatment plants, the electric grid, oil and natural […]

The cybersecurity landscape is undergoing significant transformations exemplified by increasing complexity, constantly evolving threats and, as a result, the necessity for ever-more sophisticated and integrated security solutions. Automation, artificial intelligence (AI), and machine learning (ML) are fueling technological advancements and innovation. At the same time, escalating cybersecurity challenges and growing regulations means that organizations are […]

Between November and December 2023, a threat actor successfully stole more than two million email addresses and other personal information from at least 65 websites, threat intelligence firm Group-IB reports. Mainly relying on SQL injection attacks, the hacking group, tracked as ResumeLooters, has been active since early 2023, selling the stolen information on Chinese-speaking hacking-themed Telegram […]

Microsoft on Tuesday rolled out a massive batch of security-themed software updates and called urgent attention to at least three vulnerabilities being exploited in live malware attacks. The world’s largest software maker documented 72 security vulnerabilities in the Windows ecosystem and warned users of the risk of remote code execution, security feature bypass, information disclosure […]

Video messaging giant Zoom on Tuesday announced patches for seven vulnerabilities in its desktop and mobile applications, including a critical-severity bug in Windows software. The critical issue, tracked as CVE-2024-24691 (CVSS score of 9.6), is described as an improper input validation that could allow an attacker with network access to escalate privileges. Zoom’s Desktop Client […]

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. “A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying […]

Incident response (IR) is a race against time. You engage your internal or external team because there’s enough evidence that something bad is happening, but you’re still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files […]

Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to “enable every organization across the globe to innovate responsibly with the latest artificial intelligence advances,” Ram Shankar Siva Kumar, AI red team lead at […]