SC Magazine
Sisense customers told to reset credentials amid supply chain attack fears
While details of the breach are limited, CISA sends alert after security researchers discover compromise.
CyberNews
US vs TikTok: could VPNs be the answer
TikTok faces a total ban from the US market after the company was told to sever ties with Chinese owner ByteDance.
SC Magazine
Microsoft says Russia-backed Midnight Blizzard accessed its source code
Security pros say targeting source code will continue because it lets attackers identify new bugs and inject their own malware into the software supply chain.
SC Magazine
Apple’s 17.4 emergency update patches two iPhone zero-days
Security pros say the zero-days are serious because nation-states tend to exploit flaws to launch spyware attacks on high-risk individuals.
DarkReading
China's Cyberattackers Maneuver to Disrupt US Critical Infrastructure
Volt Typhoon is positioning itself to physically disrupt and cripple US critical infrastructure by gaining access to operational technology networks in the energy, water, communications, and transportation sectors, according to the Feds.
SC Magazine
All Okta customer support users exposed in October breach, company discloses
While Okta did not report how many customers were affected, the company’s website says more than 18,000 customers use its platform.
Infosecurity News
Valve Enhances Steam Security With SMS Verification
The move comes after threat actors compromised developers’ accounts
SecurityWeek
Industry Reactions to Qakbot Botnet Disruption: Feedback Friday
Industry professionals comment on the law enforcement operation targeting the Qakbot botnet and its implications.
Bleeping Computer
OpenAI's new ChatGPT bot: 10 coolest things you can do with it
From precisely spotting security vulnerabilities in your code, to writing an entire block of functional code on a whim, to opening portals to another dimension, OpenAI's newly launched ChatGPT is a game changer with its possibilities seeming limited only by your limitedness.
The Hacker News
Is Cybersecurity Awareness Month Anything More Than PR?
Here's a roundup of reactions to cybersecurity awareness month and traction from this year's themes and messaging.
Computerworld
Apple has good privacy arguments, but critics aren't listening
The problem with Apple’s passionate stance on privacy and user security is that those attacking its position aren’t interested in the same thing.
ThreatPost
Lapsus$ ‘Back from Vacation’
Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers' DevOps platforms – to its hit list.
ThreatPost
UK Cops Collar 7 Suspected Lapsus$ Gang Members
London Police can't say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021.
CyberSecurity Dive
DHS warns local authorities, critical infrastructure providers over potential Russia threat
As tensions rise over a possible incursion into the Ukraine, federal authorities say Russia may launch direct cyberattacks against targets in the U.S.
Bleeping Computer
eNom data center migration mistakenly knocks sites offline
A data center migration from eNom web hosting provider caused unexpected domain resolution problems that are expected to last for a few hours.
Bleeping Computer
eNom data center migration knocks hundreds of sites offline
A data center migration from eNom web hosting provider caused unexpected domain resolution problems that are expected to last for a few hours.