Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely u

Firmware 307

Firmware Malware Software Ransomware 307

Troy Hunt

JUNE 8, 2023

I spent most of this week's update on the tweaking I went through with Azure's API Management service and then using Cloudflare to stop a whole bunch of requests that really didn't need to go all the way to the origin (or at least all the way to the API gateway sitting in front of the origin Azure Function instance). I'm still blown away by how cool this is - tweak the firewall via a web UI to inspect traffic and respond differently based on a combination of headers and respo

Firewall 195

Firewall Scams 195

Joseph Steinberg

JUNE 8, 2023

The second edition of Cybersecurity For Dummies , Joseph Steinberg’s best-selling introductory-level book about cybersecurity, is now available in French. Like its first edition counterparts published in several languages, and like the new English-language Second Edition released several months ago, the new French book, La Cybersécurité Pour Les Nuls 2e Édition , is written for general audiences, and can help people of all backgrounds stay cyber-secure, regardless of their technical skillsets.

Cybersecurity 192

Cybersecurity Artificial Intelligence Retail Backups 192

The Last Watchdog

JUNE 8, 2023

When Threat Intelligence Platform ( TIP ) and Security Orchestration, Automation and Response ( SOAR ) first arrived a decade or so ago, they were heralded as breakthrough advances. Related: Equipping SOCs for the long haul TIP and SOAR may yet live up to that promise. I had an evocative discussion about this at RSA Conference 2023 with Willy Leichter , vice president of marketing, and Neal Dennis , threat intelligence specialist, at Cyware , which supplies a cyber fusion solution built around a

Marketing 186

Marketing Healthcare Internet Internet 186

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JUNE 8, 2023

At its annual customer event in Las Vegas, Cisco introduced AI-powered, cloud-based products that are designed to snap into its new Security Cloud platform like LEGO. The post Cisco LIVE 2023: AI and security platforms innovations take center stage appeared first on TechRepublic.

Artificial Intelligence 153

Artificial Intelligence Firewall Cybersecurity 153

Bleeping Computer

JUNE 8, 2023

Microsoft is investigating an ongoing outage that is preventing OneDrive customers from accessing the cloud file hosting service worldwide, just as a threat actor known as 'Anonymous Sudan' claims to be DDoSing the service [.

DDOS 143

DDOS 143

Bleeping Computer

JUNE 8, 2023

Researchers have released a proof-of-concept (PoC) exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday. [.

143

143

Duo's Security Blog

JUNE 8, 2023

I love where I work, and between that and my general lack of fashion sense, I wear Duo t-shirts all the time. This means that, on a somewhat regular basis, I get unsolicited feedback from Duo users in grocery store check-out aisles, coffee shops, and on the sidewalk. Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best.

Authentication 118

Authentication VPN System Administration Engineering 118

Graham Cluley

JUNE 8, 2023

If you, or your kids, are fans of Minecraft - you might be wise to not download any new mods of plugins for a while. Read more in my article on the Tripwire State of Security blog.

Malware 115

Malware Cryptocurrency 115

Security Boulevard

JUNE 8, 2023

Whether it’s production lines halted by a malware attack causing millions of lost revenue, or a cyber-espionage attempt that stealthily infiltrates your network and steals your trade secrets, countless plausible scenarios threaten cybersecurity in manufacturing in the modern hyperconnected, digital age. Arguably, security defenses and awareness still lag behind the pace of digital transformation in manufacturing, where informational and operational.

Manufacturing 112

Manufacturing Risk Digital transformation Cybersecurity 112

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

JUNE 8, 2023

Enterprise security company Barracuda has warned its customers against using email security gateway (ESG) appliances impacted by a recently disclosed zero-day exploit and to replace them immediately. A patch for the vulnerability, which has been exploited since October 2022, had been issued by Barracuda last month to stop the exploit from allowing ESG backdooring.

111

111

Bleeping Computer

JUNE 8, 2023

The Clop ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021, according to Kroll security experts. [.

Ransomware 110

Ransomware 110

CyberSecurity Insiders

JUNE 8, 2023

Google has recently announced a new initiative aimed at protecting users from cryptomining attacks. The company will be offering a Cryptomining Protection Program Cover, which provides a compensation of up to $1 million to users who experience fraudulent usage of their Google Cloud Compute resources resulting in significant operational losses. To be eligible for the program, users must adhere to the terms and conditions outlined in the rule book and file for reimbursement within 30 days of the a

Threat Detection 108

Threat Detection Engineering Cyber threats Cybersecurity 108

CSO Magazine

JUNE 8, 2023

Researchers warn of a social engineering campaign by the North Korean APT group known as Kimsuky that attempts to steal email credentials and plant malware. The campaign, focused on experts in North Korean affairs, is part of this group's larger intelligence gathering operations that target research centers, think tanks, academic institutions, and news outlets globally.

Social Engineering 108

Social Engineering Engineering Phishing Government 108

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Trend Micro

JUNE 8, 2023

We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable (FUD) capabilities.

Engineering 106

Engineering Malware Cyber threats Phishing 106

CyberSecurity Insiders

JUNE 8, 2023

A hacker group, potentially associated with the Ukrainian government, allegedly took control of radio and TV broadcasts, using them to transmit a falsified message attributed to Russian President Putin. The fabricated message claimed that the Kremlin planned to impose martial law along the Ukrainian borders, significantly reducing the civil liberties of the population.

Cyber Attacks 104

Cyber Attacks Artificial Intelligence Government Technology 104

Security Boulevard

JUNE 8, 2023

Fraud is a major concern for businesses of all sizes and industries. With the increasing reliance on technology, it has become easier for cybercriminals to target companies and individuals online. This is why it has become imperative for businesses to understand the different types of fraud and the strategies that can be used to prevent […] The post Fraud Prevention Strategies appeared first on Security Boulevard.

Technology 103

Technology Account Security Accountability 103

Dark Reading

JUNE 8, 2023

With more than 50,000 publicly leaked OpenAI keys on GitHub alone, OpenAI developer accounts are the third-most exposed in the world.

Accountability 115

Accountability 115

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JUNE 8, 2023

Learn how the Synopsys Polaris Software Integrity Platform® offers ease-of-use for even the most complex environments. The post AppSec Decoded: Ease of use with Polaris appeared first on Security Boulevard.

Software 98

Software Risk 98

Identity IQ

JUNE 8, 2023

The Ultimate Guide to Child Identity Theft: Types, Warning Signs & Prevention Strategies IdentityIQ Child identity theft is a significant problem in the US. A recent report by Javelin Strategy & Research, sponsored by AARP , found that 915,000 children, or 1 in 80, were victims of identity theft in the past year. Additionally, 1 in 43 children were affected by a data breach from July 2021 to July 2022.

Identity Theft 98

Identity Theft Accountability Data breaches Education 98

Security Boulevard

JUNE 8, 2023

Wiz this week made available a preview of a sensor for securing workloads that it will add to its cloud-native application protection platform (CNAPP). Yinon Costica, vice president of product for Wiz, said the Runtime Sensor is an agent that extends the capabilities of the Wiz platform to better secure workloads running in cloud computing. The post Wiz Previews Sensor to Secure Cloud Application Workloads appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Network Security 98

Dark Reading

JUNE 8, 2023

Ready-to-defraud turnkey services from Russia's Impulse Team are offered on the cyber underground and have built a campaign that has operated undetected dating back to 2016.

Scams 97

Scams 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JUNE 8, 2023

How do you measure the cost of failure? This was a question posed by SecureIQLab’s VP of Research and Corporate Relations, David Ellis, and senior analyst Randy Abrams, during a conversation at RSA Conference 2023. The knee-jerk, instantaneous answer is that the cost of failure is equal to the dollar figure for a cybersecurity incident–the. The post Considering the Cost of Failure in Security Operations appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity CISO Security Awareness 98

Dark Reading

JUNE 8, 2023

The Global Cybersecurity Forum branch, which will be in Riyadh, is meant to enable the exchange of ideas and facilitate international projects and partnerships.

Cybersecurity 102

Cybersecurity 102

Security Boulevard

JUNE 8, 2023

A recent firmware snafu discovered in more than 400 computer motherboard models produced by Gigabyte offers some powerful lessons to guardians of software supply chains. The post The Gigabyte firmware backdoor: Lessons learned about supply chain security appeared first on Security Boulevard.

Firmware 96

Firmware Software 96

CSO Magazine

JUNE 8, 2023

The Australian Capital Territory government is one of the victims of a vulnerability found in Barracuda’s email security gateway (ESG). In a press conference on 8 June, ACT government chief digital officer Bettina Konti said there is a likelihood that some personal information is involved but the harms assessment needs to completed for that to be clear.

Government 95

Government 95

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JUNE 8, 2023

Google Chrome is getting new security-enhancing features for the built-in Password Manager, making it easier for users to manage their passwords and stay safe from account hijacking attacks. [.

Password Management 94

Password Management Passwords Accountability 94

Security Affairs

JUNE 8, 2023

Researchers published an exploit for an actively exploited Microsoft Windows vulnerability tracked as CVE-2023-29336. The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for providing the interface between user-mode applications and the Windows graphical subsystem.

Antivirus 90

Antivirus Malware Risk Hacking 90

Dark Reading

JUNE 8, 2023

A campaign targeting mainly US users disguised malware in fake security software, game cracks, cheats, free Netflix, and other "modded" apps.

Adware 101

Adware Malware Software 101

Thales Cloud Protection & Licensing

JUNE 8, 2023

Fine-grained Authorization: Protecting and controlling user access in a digital-first world madhav Fri, 06/09/2023 - 05:22 Strong and flexible customer authentication is a key driver for adopting a customer identity & access management (CIAM) solution, with customer experience and security being the apparent benefits. On the other side of the same coin, authorization is becoming a core capability prompting leaders to adopt more advanced CIAM solutions.

Banking 87

Banking Healthcare Authentication Accountability 87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.