Troy Hunt
JUNE 2, 2023
And so ends a long period of back-to-back weeks of conferences and talks. It's funny how these things seem to cluster together at times and whilst the last 6 or 8 weeks (I honestly lose track!) have been chaotic, I've now got a few weeks of much less pressure which will give me time to finally push out some HIBP stuff that's been in the wings for ages.
Tech Republic Security
JUNE 2, 2023
Identity management company 1Password is spinning up a pair of new features that constitute a major shift away from passwords and toward their low-friction replacement: passkeys. The post 1Password enables passkeys — a new option from passwords appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
JUNE 2, 2023
Microsoft says SMB signing (aka security signatures) will be required by default for all connections to defend against NTLM relay attacks, starting with today's Windows build (Enterprise edition) rolling out to Insiders in the Canary Channel. [.
Tech Republic Security
JUNE 2, 2023
Not only do you get access to over 90 courses, but also career mentoring, skills evaluation, training on real cyber security projects, and much more. The post Develop valuable cyber security skills over a lifetime for only $70 appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
JUNE 2, 2023
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million. [.
Security Boulevard
JUNE 2, 2023
Tit-For-Tat Triangulation Trojan Talk: Backdoor inserted at U.S. behest, alleges FSB. The post Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CyberSecurity Insiders
JUNE 2, 2023
By Matt Morris, Global Managing Director of 1898 & Co. Two years have passed since the notorious Colonial Pipeline hack, an incident that plunged the nation into a state of emergency, causing fuel disruptions in airlines and commercial sectors, and triggering panic-buying among consumers leading to a sharp rise in gas prices. In May 2021, the hack infiltrated critical systems of the pipeline, resulting in its shutdown for several days.
Bleeping Computer
JUNE 2, 2023
State-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions, and various media organizations. [.
Tech Republic Security
JUNE 2, 2023
Application instance lock, Azure Virtual Network Manager and Network Watcher troubleshooting: tools for making the applications you run on Azure more secure. The post Improve your app security on Azure appeared first on TechRepublic.
Anton on Security
JUNE 2, 2023
Using Cloud Securely — The Config Doom Question First, “Use Cloud Securely? What Does This Even Mean?!” and “How to Solve the Mystery of Cloud Defense in Depth?” (and “Where Does Shared Responsibility Model for Security Breaks in the Real World?” too) would make for good “recommended reading” here. Use Cloud Securely? What Does This Even Mean?! At this point, it is clear that most discussions on using cloud securely or secure use of cloud computing include the dreaded configuration question — or
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
JUNE 2, 2023
A recent campaign tricks victims into visiting credential harvesting sites by hiding malicious URLs behind photos advertising deals from trusted brands.
Security Boulevard
JUNE 2, 2023
In February 2018, Oxford Biomedica, a large biological research company in Oxford, UK, was hit by a ransomware attack. The hackers were demanding more than £300,000 in ransom. Oxford invoked its incident response plan and called in its team. One member of Oxford’s internal incident response team, Ashley Liles, had a brilliant idea—he was going. The post A New Ransomware Scam: Fraud by the Incident Responders appeared first on Security Boulevard.
Bleeping Computer
JUNE 2, 2023
It has been a fairly quiet week regarding ransomware, with only a few reports released and no new significant attacks. However, we may have a rebrand in the making, and a ransomware operation is likely behind a new zero-day data-theft campaign, so we have some news to talk about. [.
Security Boulevard
JUNE 2, 2023
The rollout of 5G networks has been surprisingly slow. As a concept, it was introduced in 2016, but it only became globally available in 2019. Four years later, the number of people with 5G-enabled devices is still small in most countries. It’s uncertain if the reason behind the sluggish adoption is affordability, the lack of. The post 5G and Cybersecurity Risks in 2023 appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
JUNE 2, 2023
Russia's FSB intelligence agency says the zero-click attacks range far beyond Kaspersky, and it has blamed them on the United States' NSA. Those allegations are thus far uncorroborated.
Security Boulevard
JUNE 2, 2023
The energy industry is increasingly targeted by malicious actors and threat groups through activity on the dark web, according to a report from Searchlight Cyber, which detailed numerous instances of threat actors selling initial access to energy organizations around the world. These include targets in the U.S., Canada, United Kingdom, France, Italy and Indonesia on popular dark.
CSO Magazine
JUNE 2, 2023
The Russian federal security agency, the FSB, has put out a security alert claiming that US intelligence services are behind an attack campaign that exploits vulnerabilities in iOS and compromised thousands of iPhones devices in Russia, including those of foreign diplomats. In a separate report, Russian antivirus vendor Kaspersky Lab said that several dozen of its senior employees and upper management were targeted as part of the operation, although unlike the FSB, the company did not attribute
Security Boulevard
JUNE 2, 2023
In today’s world of software development, cybersecurity is more than a luxury; it's a necessity. Cyber threats aren’t only growing in frequency, complexity, and sophistication, they’re targeting developer environments and the software supply chain. The need for robust, secure software development frameworks is more critical than ever. However, not all organizations know how to secure their frameworks.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
SecureList
JUNE 2, 2023
In our initial blogpost about “Operation Triangulation”, we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we developed a dedicated utility to scan the backups and run all the checks.
Security Boulevard
JUNE 2, 2023
Discover why identity security awareness is crucial in today's digital landscape. Learn how to protect yourself and your business from cyber threats. Read more now. The post Why is Identity Security Awareness Becoming the Need of the Hour? appeared first on Security Boulevard.
CSO Magazine
JUNE 2, 2023
Progress Software has discovered a vulnerability in its file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory. “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database,” the company said in the post, adding that depending on the database engine bei
Security Boulevard
JUNE 2, 2023
The second anniversary of the Colonial Pipeline ransomware attack has come and gone, and while many lessons have been learned and assimilated, there’s still more we can do. Security Boulevard reached out to some experts in the industry to see how far we’ve come and where work still needs to be done. For those in. The post Two Years After Colonial Pipeline, What Have We Learned?
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
JUNE 2, 2023
Leading snowboard maker Burton Snowboards confirmed notified customers of a data breach after some of their sensitive information was "potentially" accessed or stolen during what the company described in February as a "cyber incident." [.
Security Boulevard
JUNE 2, 2023
Insight #1 "AI scams are on the rise. It’s time for extra diligence when interacting with anything claiming to be AI." Insight #2 "FEDRAMP released rev 5 this week. Those of you with a FEDRAMP ATO have 1 year to comply with the new version." Insight #3 " A recent report shows 92% of orgs experienced an API security incident last year. I would guess the other 8% did but never detected it.
Dark Reading
JUNE 2, 2023
The Python Package Index will require developers to better secure their accounts as cyberattacks ramp up, but protecting the software supply chain will take more than that.
The Hacker News
JUNE 2, 2023
The Chinese nation-stage group known as Camaro Dragon has been linked to yet another backdoor that's designed to meet its intelligence-gathering goals. Israeli cybersecurity firm Check Point, which dubbed the Go-based malware TinyNote, said it functions as a first-stage payload capable of "basic machine enumeration and command execution via PowerShell or Goroutines.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
JUNE 2, 2023
After the recent ransomware attack, Point32Health disclosed a data breach that impacted 2.5 million Harvard Pilgrim Health Care subscribers. In April, the non-profit health insurer Point32Health took systems offline in response to a ransomware attack that took place on April 17. The insurer immediately launched an investigation into the incident with the help of third-party cybersecurity experts to determine the extent of the incident.
The Hacker News
JUNE 2, 2023
Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do you manage it?
Dark Reading
JUNE 2, 2023
Disgruntled users are pursuing offers for "full Netflix access" at steeply discounted rates.
Security Affairs
JUNE 2, 2023
Threat actors are exploiting a zero-day flaw in Progress Software’s MOVEit Transfer product to steal data from organizations. Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product to steal data from organizations. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
199 
Let's personalize your content