Corelight Expands Partnership With CrowdStrike to Provide Network Detection and Response Technology for CrowdStrike Services

It Isn't Time to Worry About Quantum Computing Just Yet

<div>Don't let something that's a decade away distract you from today's cyber threats.</div>

Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet

<div>Omdia has learned that Gigamon sold its ThreatInsight NDR business to Fortinet for approximately $31 million. The deal highlights what may be a pivot point for the NDR market.</div>

Why ChatGPT Isn't a Death Sentence for Cyber Defenders

<div>Generative AI combined with user awareness training creates a security alliance that can let organizations work protected from ChatGPT.</div>

GAO Calls for Action to Protect Cybersecurity of Critical Energy, Communications Networks

<div>Enhanced industrial control systems cybersecurity for energy and communications sector among top recommendations in new GAO cybersecurity assessment.</div>

Toyota Global Supply Chain Portal Flaw Put Hacker in the Driver's Seat

<div>The automaker closed a hole that allowed a security researcher to gain system administrator access to more than 14,000 corporate and partner accounts and troves of sensitive data.</div>

Skybox Security Appoints Cybersecurity Veteran Mordecai Rosen as CEO

<div>Skybox closes $50 million in financing to drive growth of its SaaS-based security platform.</div>

SecuriThings Brings Managed Service Capabilities to Physical Security, With New Managed Service Platform

<div>Platform opens new opportunities for managed service providers to manage, visualize, and secure customer devices from a single pane of glass, including automated maintenance and other operations.</div>

PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 (Severity: NONE)

CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User (Severity: MEDIUM)

CVE-2023-0001 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password (Severity: MEDIUM)

CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server (Severity: MEDIUM)

AA23-039A: ESXiArgs Ransomware Virtual Machine Recovery Guidance

Original release date: February 8, 2023SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access and deploy ransomware. The ES

Android 14 to block malware from abusing sensitive permissions

<div>Google has announced the release of the first developer preview for Android 14, the next major version of the world's most popular mobile operating system, which comes with security and privacy enhancements, among other things. [...]</div>

US NIST unveils winning encryption algorithm for IoT data protection

<div>The National Institute of Standards and Technology (NIST) announced that ASCON is the winning bid for the "lightweight cryptography" program to find the best algorithm to protect small IoT (Internet of Things) devices with limited hardware resources. [...]</div>

Malicious Dota 2 game modes infected players with malware

<div>Security researchers have discovered four malicious Dota 2 game modes that were used by a threat actor to backdoor the players' systems. [...]</div>

Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach

<div>A Sydney man has been sentenced to an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme. The suspect</div>

Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware

<div>A Russian national on February 7, 2023, pleaded guilty in the U.S. to money laundering charges and for attempting to conceal the source of funds obtained in connection with Ryuk ransomware attacks. Denis Mihaqlovic Dubnikov, 30, was arrested in Amsterdam in November 2021 before he was extradited from the Netherlands in August 2022. He is awaiting sentencing on April 11, 2023. "Between at least</div>

Unpatched Security Flaws Disclosed in Multiple Document Management Systems

<div>Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed</div>

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

<div>The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators," NIST said.</div>