(Adobe Stock)

Exploited ‘Looney Tunables’ Linux privileged escalation bug linked to Kinsing threat actor

Steve ZurierNovember 3, 2023

Aqua Nautilus researchers claim they’ve observed the first documented exploit of the "Looney Tunables" vulnerability by threat actor Kinsing.

Threat Intelligence: Eyes on the enemy

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Ransomware

Ransomware gang HelloKitty quickly exploits critical Apache ActiveMQ bug

Simon HenderyNovember 3, 2023

The ransomware gang was spotted exploiting the vulnerability just two days after Apache disclosed the flaw and released patched versions of the software.

A partial view of a factory complex is seen

Vulnerability Management

CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT

Steve ZurierNovember 2, 2023

The Forum of Incident Response and Security Teams (FIRST) published CVSS 4.0 with an eye toward delivering finer granularity around threat intelligence metrics.

Endpoint/Device Security

Mozi botnet goes dark under mysterious circumstances

Simon HenderyNovember 2, 2023

Researchers speculate that Chinese authorities may be responsible for turning off one of the internet’s most prolific IoT botnets.

(Photo by Sebastian Gollnow/picture alliance via Getty Images)

Security Staff Acquisition & Development

AI gives security pros employment jitters, study says

Stephen WeigandNovember 2, 2023

Respondents in an ICS2 workforce study expect the combination of economic uncertainty, a workforce skills gap and emerging technology to lead to a decrease in cybersecurity hiring.

Endpoint/Device Security

Citrix NetScaler bug protection: Close all active sessions, says Mandiant

Steve ZurierNovember 1, 2023

Critical 9.4 vulnerability lets attackers steal the token of recently connected users, allowing the attacker to gain access to whatever resources the user has permissions to access in Citrix.

Cloud Security

Cloud security still a challenge as 1 in 4 companies cite skills gap

Steve ZurierNovember 1, 2023

While cloud security investments are starting to pay off, respondents to a CyberRisk Alliance survey say their organizations still face skills gaps and lack visibility into the cloud.

Patch/Configuration Management

ServiceNow misconfiguration went unexploited, but still cause for concern

Steve ZurierOctober 31, 2023

In one sampling, Adaptive Shield reported that only 1% of 5,000 vulnerable companies are still exposed.

Risk Assessments/Management

Transform cybersecurity with process mining

SC StaffOctober 31, 2023

Gutsy’s cofounder discusses the use of the data science of process mining into cybersecurity.

Exploited ‘Looney Tunables’ Linux privileged escalation bug linked to Kinsing threat actor

Threat Intelligence: Eyes on the enemy

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

Biden’s AI Executive Order: A small step in the right direction

How cars have become the biggest threat to privacy

When companies make everything a priority, nothing’s a priority

The case for container-based firewalls

The 5 Cs of effective cyber defense: Beyond traditional technical skills

In Brief

Suspected DDoS attack impacts AP news site

Over 100 Microsoft 365 app bugs prompt temporary SketchUp support removal

Immediate patching of Atlassian Confluence flaw urged

23andMe sought to detail recent data breach

Henry Schein attack claimed by ALPHV/BlackCat ransomware

More Resources

IAM optimization checklist

Ransomware attacks are getting faster: How to adjust incident response plans accordingly

Ransomware gangs take less than a day to breach Microsoft Active Directory. Here’s what to do

PCI DSS 4.0: Things to do by March 2024

Endpoint security: How to protect end users from themselves

Ransomware gang HelloKitty quickly exploits critical Apache ActiveMQ bug

CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT

Mozi botnet goes dark under mysterious circumstances

AI gives security pros employment jitters, study says

Citrix NetScaler bug protection: Close all active sessions, says Mandiant

Cloud security still a challenge as 1 in 4 companies cite skills gap

ServiceNow misconfiguration went unexploited, but still cause for concern

Transform cybersecurity with process mining

EVENTS

Optimizing AppSec: A Deep Dive into ASPM’s Risk-Based Approach

Survive or sink? The before, during and after of a ransomware attack

Ransomware: Designing a Strategic Detection and Response Plan

Cyber threat Intelligence: Making sense of a chaotic world

Network security in 2024: What has changed in the era of cloud computing, and how to adapt

Cybersecurity News, Awards, Webinars, eSummits, Research

Exploited ‘Looney Tunables’ Linux privileged escalation bug linked to Kinsing threat actor

Threat Intelligence: Eyes on the enemy

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

Biden’s AI Executive Order: A small step in the right direction

How cars have become the biggest threat to privacy

When companies make everything a priority, nothing’s a priority

The case for container-based firewalls

The 5 Cs of effective cyber defense: Beyond traditional technical skills

In Brief

Suspected DDoS attack impacts AP news site

Over 100 Microsoft 365 app bugs prompt temporary SketchUp support removal

Immediate patching of Atlassian Confluence flaw urged

23andMe sought to detail recent data breach

Henry Schein attack claimed by ALPHV/BlackCat ransomware

More Resources

IAM optimization checklist

Ransomware attacks are getting faster: How to adjust incident response plans accordingly

Ransomware gangs take less than a day to breach Microsoft Active Directory. Here’s what to do

PCI DSS 4.0: Things to do by March 2024

Endpoint security: How to protect end users from themselves

Ransomware gang HelloKitty quickly exploits critical Apache ActiveMQ bug

CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT

Mozi botnet goes dark under mysterious circumstances

AI gives security pros employment jitters, study says

Citrix NetScaler bug protection: Close all active sessions, says Mandiant

Cloud security still a challenge as 1 in 4 companies cite skills gap

ServiceNow misconfiguration went unexploited, but still cause for concern

Transform cybersecurity with process mining

EVENTS

Optimizing AppSec: A Deep Dive into ASPM’s Risk-Based Approach

Survive or sink? The before, during and after of a ransomware attack

Ransomware: Designing a Strategic Detection and Response Plan

Cyber threat Intelligence: Making sense of a chaotic world

Network security in 2024: What has changed in the era of cloud computing, and how to adapt