Ciatrine Security

Are you aware of the differences between Cybersecurity, IT Security, and Information Security? These terms are often used interchangeably, but they actually refer to distinct areas of expertise.
According to the National Institute of Standards and Technology (NIST), information security and cybersecurity are separate career fields.

Cybersecurity is all about safeguarding your enterprise's sensitive and critical data from cybercriminals. These malicious attacks may take place over the internet or even in person.

IT Security, on the other hand, focuses on securing your company's data via host and network security. This concept is closely related to Information Assurance, which is based on the principles of Confidentiality, Integrity, and Availability., commonly known as the CIA triad.

In today's interconnected world, everyone wants their personal information to be secure and accessible only to authorized individuals. This is where Information Security (InfoSec) comes in. NIST defines InfoSec as the protection of information and information systems against unauthorized use. The goal of this field is to provide availability, integrity, and confidentiality.

Information security teams create and implement policies and systems to protect information, especially for large organizations that must safeguard customer data.

Don't fall into the trap of thinking that your company is too small or insignificant to be a target for cyberattacks. The potential threats to your enterprise are real and pervasive. It's crucial to prioritize cybersecurity measures and stay ahead of the game.

Microsoft-signed malicious Windows drivers used in ransomware attacks Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.

Apple urgently releases security patches for its line of products vulnerable to a zero day present in the Webkit browser engine that could be leveraged to perform arbitrary code ex*****on.
https://thehackernews.com/2022/12/new-actively-exploited-zero-day.html

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products Zero-day vulnerability alert! Apple has released security updates to prevent malicious code ex*****on on your devices.

https://www.bleepingcomputer.com/news/security/british-govt-is-scanning-all-internet-devices-hosted-in-uk

British govt is scanning all Internet devices hosted in UK The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities.

Way easier, right? 😃

https://nakedsecurity.sophos.com/2022/10/28/updates-to-apples-zero-day-update-story-iphone-and-ipad-users-read-this

Updates to Apple’s zero-day update story – iPhone and iPad users read this! Turns out that Tuesday’s zero-day for iOS 16 is Friday’s zero-day for iOS 15…

https://www.bleepingcomputer.com/news/security/new-azov-data-wiper-tries-to-frame-researchers-and-bleepingcomputer/

New Azov data wiper tries to frame researchers and BleepingComputer A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack.

Just download and install Java 😂😂😂

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.

GitHub: Hackers steal information from dozens of organizations' private leavers GitHub announced that hackers could gain access tokens through a cloud service and a CI service, allowing access to the private locks of dozens...

Google Chrome emergency update fixes zero-day used in attacks Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks.