CISA and the FDA are Warning of Critical Medical Vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) are issuing alerts about the presence of hidden functionality. This hidden functionality can be found in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability makes these monitors vectors […]
Category: Uncategorized
Third-Party Apps are Accessing User Data Without Permission
Third-Party apps are accessing user data without permission. New research from web exposure management specialist Reflectiz highlights alarming website vulnerabilities across industries. Using proprietary data from the top 100 websites by traffic in each sector, the findings reveal critical risks: 45% of third-party apps access user data without proper authorization. 53% of retail risk exposures […]
Smartphones can leave your organization open to vulnerabilities
Smartphones can leave your organization open to vulnerabilities. Cybersecurity researchers have uncovered a critical vulnerability in the Monkey’s Audio (APE) decoder on Samsung smartphones. This potentially allows attackers to execute malicious code. This high-severity flaw affects Samsung devices running Android 12, 13, and 14, according to a December 2024 advisory from Samsung. The Danger this […]
Ransomware is Utilizing AI for Extortion and Data Brokering
Ransomware is Utilizing AI for Extortion and Data Brokering. Cybersecurity researchers have uncovered an AI-assisted ransomware group, FunkSec, that emerged in late 2024. According to Check Point Research, FunkSec employs double extortion tactics, combining data theft and encryption to pressure victims into paying unusually low ransoms—sometimes as little as $10,000. The group also acts as […]
Malware is putting financial instiutions in jeopardy
Malware is putting financial institutions in jeopardy. Brazilian banking institutions are under attack from a custom variant of the AllaKore remote access trojan (RAT), dubbed AllaSenha, according to French cybersecurity firm HarfangLab. The malware, designed to steal banking credentials, uses Azure cloud infrastructure for its command-and-control (C2) operations. Targeted banks include Banco do Brasil, Bradesco, […]
Real Time Proactive PAM Strategies are Vital
Real-time proactive PAM strategies are vital. Privileged accounts are frequent targets for attackers, yet many organizations focus on managing access rather than securing the accounts and users themselves. This gap often arises from the complexities of Privileged Access Management (PAM) deployments. As threats evolve, organizations must shift priorities to secure privileged access, preventing trust from […]
Velox Systems Cybersecurity Workshop Insights
On Tuesday, November 12th, Velox Systems and TDS teamed up to host an interactive Cybersecurity/Resiliency Workshop at 10 Barrel Eastside. The event drew attendees from various industries and positions from across Central Oregon. The workshop offered a valuable hands-on learning about cybersecurity. We now provide some Velox Systems Cybersecurity workshop insights. Cybersecurity Workshop Format […]
Stolen session tokens can wreak havoc on your data
Stolen session tokens can wreak havoc on your data. The Chinese-linked threat actor Evasive Panda is targeting government entities and a religious organization in Taiwan using a previously undocumented toolset called CloudScout. What is CloudScout? According to ESET security researcher Anh Ho, CloudScout does this through the leveraging of stolen web session cookies to […]
AI has the power to elevate our lives but also wreak havoc
AI has the power to elevate our lives yet also wreak havoc. Many are excited about AI’s capabilities yet concerned about its impact on the workforce. As Etay Maor, Chief Security Strategist at Cato Networks, says, “AI won’t replace humans, but those who know how to use AI will replace those who don’t.” Cybercriminals are […]
CMMC, your Necessity for Achieving Compliance
CMMC or Cybersecurity Maturity Model Certification is a necessity for achieving compliance for defense industrial base organizations. CMMC compliance provides a standardized framework for enhancing cybersecurity across the defense industrial base. Established by the Department of Defense, it manages and protects Controlled Unclassified Information (CUI) and Federal Contract Info (FCI). It does this in […]