Top #cybersecurity resource for Monday, Dec 11, 2023: Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | from @cisagov

.

• TL;DR: Russian cyber actor Star Blizzard conducts global spear-phishing campaigns, primarily targeting personal email addresses to bypass corporate security controls and steal credentials; mitigation measures include using strong passwords, enabling multi-factor authentication, and disabling mail-forwarding or monitoring for malicious forwarding rules.

.

• Find more resources in today's 5+All Security Resource Digest on Medium

.

#5andAllDailyDigest

Top #cybersecurity resource for Thursday, Dec 7, 2023: 2023 Cyberthreat Defense Report | from Check Point Research

.

• TL;DR: - The CyberEdge Cyberthreat Defense Report provides insights into IT security professionals' perspectives, including decreases in cyberattacks, overall threat concern, and the prevalence of double extortion ransomware, as well as the involvement of IT security leaders with the board of directors and the popularity of zero trust frameworks.

.

• Find more resources in today's 5+All Security Resource Digest on Medium

.

#5andAllDailyDigest

Top #cybersecurity resource for Wednesday, Dec 6, 2023: Vast USPS Delivery Phishing Campaign Sees Threat Actors Abusing Freemium Dynamic DNS and SaaS Providers | from Bolster AI

.

• TL;DR: Increased vigilance and awareness is essential as scammers evolve parcel delivery scams into more sophisticated methods, including impersonating Walmart and using IP location data to enhance the authenticity of phishing sites, targeting customers globally and exploiting free hosting services, making it challenging to differentiate genuine services from scams.

.

• Find more resources in today's 5+All Security Resource Digest on Medium

.

#5andAllDailyDigest

Top #cybersecurity resource for Tuesday, Dec 5, 2023: How CISA’s “Secure by Design” Balances National Security, According to Eric Goldstein | from Ashley Stryker (HI! ;D)

.

• TL;DR: CISA's "secure by design" campaign promotes public awareness and economic pressure on companies to create secure products by disclosing vulnerabilities in US and allied code while keeping enemy vulnerabilities for security agencies.

.

• Find more resources in today's 5+All Security Resource Digest on Medium

.

#5andAllDailyDigest

Top #cybersecurity resource for Monday, Dec 4, 2023: CISA’s Goldstein wants to ditch ‘patch faster, fix faster’ model | from CyberScoop

.

• TL;DR: Current vulnerability patching model flawed, large companies should take more responsibility in providing secure software and hardware, technology providers should implement default security controls and use secure development practices, AI can help with vulnerability detection and fixing.

.

• Find more resources in today's 5+All Security Resource Digest on Medium

.

#5andAllDailyDigest

Top #cybersecurity resource for Thursday, Nov 30, 2023: Malicious Cyber Activity Against Vulnerable Web Management Interfaces | from CISA

.

• TL;DR: Software manufacturers must prioritize building secure products, take responsibility for customer security outcomes, conduct field tests, enforce authentication, be transparent about vulnerabilities, and adopt secure-by-design principles.

.

• Find more resources in today's 5+All Security Resource Digest on Medium

.

#5andAllDailyDigest

Top #cybersecurity resource for Wednesday, Nov 29, 2023: A Punishing Year of Thunderstorms Has Led to Record-Breaking Losses | from Wall Street Journal (WSJ)

.

• TL;DR: Severe convective storms causing record levels of damage in the U.S., with businesses hiring meteorologists, implementing coping strategies, and accepting policies with large deductibles, while potential damage is growing and climate change may contribute to storm intensity; some businesses utilizing parametric policies to mitigate unpredictability.

.

• Find more resources in today's 5+All Security Resource Digest on Medium

.

#5andAllDailyDigest

Top #cybersecurity resource for Tuesday, Nov 28, 2023: The Internet of Insecure Cows - A Security Analysis of Wireless Smart Devices Used for Dairy Farming | from CPSIoTSec ’23

.

• TL;DR: This resource explores the growing adoption of IoT devices in agriculture and the associated cybersecurity threats, with a particular focus on the security analysis of cow health monitoring collars in smart dairy farming. Researchers successfully reverse-engineered the collar’s wireless protocol, showing the capability to insert false data. It underscores the vulnerabilities and proposes countermeasures, emphasizing the need to secure agritech devices for safeguarding the agriculture sector and the broader food supply chain.

.

• Find more resources in today's 5+All Security Resource Digest on Medium

.

#5andAllDailyDigest

Top #cybersecurity resource for Monday, Nov 27, 2023: Introducing the guidelines for secure AI | from NCSC Feed

.

• TL;DR: Guidelines for secure AI system development published by the NCSC and CISA, emphasizing a 'secure by design' approach and providing considerations for all phases of the AI system development life cycle.

.

• Find more resources in today's 5+All Security Resource Digest on Medium

.

#5andAllDailyDigest

Top #cybersecurity resource for Friday, Nov 24, 2023: Diamond Sleet supply chain compromise distributes a modified CyberLink installer | from Microsoft Threat Intelligence

.

• TL;DR: Supply chain attack by North Korean threat actor Diamond Sleet (ZINC) discovered; impacted over 100 devices in multiple countries; Microsoft takes action to protect customers and provides recommendations for mitigation and detection.

.

• Find more resources in today's 5+All Security Resource Digest on Medium

.

#5andAllDailyDigest