Schneier on Security
JUNE 13, 2023
The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students. Pay attention to the techniques: The case has shown the degree to which law enforcement investigators have come to rely on the digital footprints that ordinary Americans leave in nearly every facet of their lives.
Krebs on Security
JUNE 13, 2023
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JUNE 13, 2023
Read the technical details about a new AiTM phishing attack combined with a BEC campaign as revealed by Microsoft, and learn how to mitigate this threat. The post New phishing and business email compromise campaigns increase in complexity, bypass MFA appeared first on TechRepublic.
Bleeping Computer
JUNE 13, 2023
VMware patched today a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JUNE 13, 2023
A poll of security software buyers shows 39% of small and medium-sized businesses lost customer data due to cyberattacks. The post Cyberattacks surge to 61% of small and medium-sized businesses, says study appeared first on TechRepublic.
Bleeping Computer
JUNE 13, 2023
Hackers are distributing Windows 10 using torrents that hide cryptocurrency hijackers in the EFI (Extensible Firmware Interface) partition to evade detection. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JUNE 13, 2023
A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. [.
Tech Republic Security
JUNE 13, 2023
A cryptographer uses their expertise in mathematics and computer science to develop algorithms, ciphers and other encryption systems to protect sensitive data. It can be a difficult position to fill. This hiring kit from TechRepublic Premium provides a workable framework you can use to find the best cryptographer candidate for your business. It includes a.
Bleeping Computer
JUNE 13, 2023
The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin. [.
Security Boulevard
JUNE 13, 2023
At the Google Cloud Security Summit, Google today announced that Broadcom, Crowdstrike, Egnyte, Exabeam, F5, Fortinet, Netskope, Securiti, SentinelOne, Sysdig, Tenable and Thales have all committed to using generative artificial intelligence AI capabilities from Google within their cybersecurity platforms. Last month, Google launched a Google Cloud Security AI Workbench, an extensible large language model (LLM).
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
JUNE 13, 2023
Multiple editions of Windows 10 21H2 have reached their end of service (EOS) in this month's Patch Tuesday, as Microsoft reminded customers today. [.
Dark Reading
JUNE 13, 2023
Threat actors have grown increasingly sophisticated in applying social engineering tactics against their victims, which is key to this oft-underrated cybercriminal scam's success.
Bleeping Computer
JUNE 13, 2023
CISA issued this year's first binding operational directive (BOD) ordering federal civilian agencies to secure misconfigured or Internet-exposed networking equipment within 14 days of discovery. [.
CyberSecurity Insiders
JUNE 13, 2023
Microsoft has made an official announcement that it will pay a $20m penalty to the US Federal Trade Commission (FTC) as it was found guilty of collecting children info via gaming consoles without their valid consent. Digging deep into the context, a lawsuit was slapped against the technology giant for collecting information of children playing games on Xbox Gaming Consoles.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JUNE 13, 2023
Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.
Digital Guardian
JUNE 13, 2023
Whether you work for a doctor's office, healthcare organization, or just find yourself handling protected health information or ePHI, this blog breaks down what to look for in a HIPAA-compliant email service provider.
Bleeping Computer
JUNE 13, 2023
Microsoft has released the Windows 11 22H2 KB5027231 cumulative update to fix security vulnerabilities and introduce 34 changes, improvements, and bug fixes. [.
CyberSecurity Insiders
JUNE 13, 2023
Clop ransomware gang has targeted the databases of Transport for London (TfL) customers, thus stealing information of over 13,000 drivers listed on the Ulez and Congestion Charges Repository. Clop is the same gang that struck MoveIT file transfer software last week and the TFL seems to be one of the impacted customers worldwide. And TfL became a victim as one of its customers incharge of storing and securing the databases was affected by the file encrypting malware spreading gang.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
JUNE 13, 2023
In the digital age, we all live in glass houses. Our lives, personal and professional, are intertwined with technology in a way that renders us vulnerable to cyber threats. The consequences of these threats are not limited to our personal realm. The spillover into the professional sphere often results in significant business losses, theft of […] The post The High Stakes of Personal Cyber Attacks: Impact on Business, Data, and Reputation appeared first on BlackCloak | Protect Your Digital Li
We Live Security
JUNE 13, 2023
While not a 'get out of jail free card' for your business, cyber insurance can help insulate it from the financial impact of a cyber-incident The post Cyber insurance: What is it and does my company need it?
Security Boulevard
JUNE 13, 2023
Quantum computers are an emerging technology that will revolutionize several aspects of computational power across countless fields. One of the more concerning predictions is the likelihood that quantum computers will eventually break and expose many of the technologies we use to secure information transmissions and storage today. In fact, The Department of Commerce’s National Institute.
CSO Magazine
JUNE 13, 2023
What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence, which is seemingly in nearly every applica
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
JUNE 13, 2023
Microsoft has released the Windows 10 KB5027215 and KB5026435 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix problems and add new features to the operating system. [.
eSecurity Planet
JUNE 13, 2023
Microsoft’s Patch Tuesday for June 2023 addresses 78 vulnerabilities, a significant increase from last month’s total of 37. While six of the flaws are critical, Microsoft says none are currently being exploited in the wild. The six critical vulnerabilities are as follows: CVE-2023-24897 , a remote code execution vulnerability in.NET,NET Framework, and Visual Studio, with a CVSS score of 7.8 CVE-2023-29357 , an elevation of privilege vulnerability in Microsoft SharePoint Server, with
Security Boulevard
JUNE 13, 2023
A global survey of 2,300 security decision-makers published today by CyberArk, a provider of a privileged access management (PAM) platform, finds that while there is a much greater appreciation for the need to secure identities, most organizations are encountering major challenges securing them. Macroeconomic changes resulting in layoffs coupled with digital transformation initiatives and a.
Security Affairs
JUNE 13, 2023
St. Margaret’s Health in Illinois is partly closing operations at its hospitals due to a 2021 ransomware attack that impacted its payment system. In February 2021a ransomware attack hit the St. Margaret’s Health in Illinois and forced the organization to shutdown of IT infrastructure at the Spring Valley hospital to contain the threat. The cyber attack did not impact the Peru branch because it relies on a separate infrastructure The payment system was taken offline for months, which caused delay
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
JUNE 13, 2023
Anyone who knows me knows my passion for hiking, so let me start with a question close to my heart – Have you explored a new trail while hiking? Imagine this: You are deep into your hike, surrounded by beautiful scenery, and come across a hidden trail that not many have explored. You forge the … Read More The post Combating the cybersecurity tools overload appeared first on Security Boulevard.
Bleeping Computer
JUNE 13, 2023
Remote desktop connections are so powerful a magnet for hackers that an exposed connection can average more than 37,000 times every day from various IP addresses. [.
Security Boulevard
JUNE 13, 2023
The next time there is a zero-day sweeping the internet, your organization shouldn’t have to panic. This shouldn’t be a crisis. Instead, it should be a controlled exercise that follows a playbook that a drill has validated. While that’s easier said than done, this proactive approach will yield long-term benefits, saving time and minimizing stress.
Dark Reading
JUNE 13, 2023
While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
210 
Let's personalize your content