Schneier on Security
MAY 31, 2022
Interesting paper by Lennart Maschmeyer: “ The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations “: Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utility in both warfare and low-intensity competition.
Krebs on Security
MAY 31, 2022
Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sa
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
MAY 31, 2022
Vulnerability management, or VM, has long been an essential, if decidedly mundane, component of network security. Related: Log4J’s long-run risks. That’s changing — dramatically. Advanced VM tools and practices are rapidly emerging to help companies mitigate a sprawling array of security flaws spinning out of digital transformation. I visited with Scott Kuffer, co-founder and chief operating officer of Sarasota, FL-based Nucleus Security , which is in the thick of this development.
Schneier on Security
MAY 31, 2022
Today is the second day of the fifteenth Workshop on Security and Human Behavior , hosted by Ross Anderson and Alice Hutchings at the University of Cambridge. After two years of having this conference remotely on Zoom, it’s nice to be back together in person. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, Alice Hutchings, and myself.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MAY 31, 2022
If you're looking for an encrypted chat service for nearly any platform, Jack Wallen believes Speek! might be just what you need. The post Speek! is a new encrypted chat service that uses Tor to offer secure communication appeared first on TechRepublic.
Security Affairs
MAY 31, 2022
Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. Cyber Research Labs observed a rise in ransomware attacks in the second quarter of 2022, some of them with a severe impact on the victims, such as the attack that hit the Costa Rican government that caused a nationwide crisis.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MAY 31, 2022
Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely. [.].
Tech Republic Security
MAY 31, 2022
Academic partners of identified American colleges and universities are being warned that their credentials are being sold or sometimes even provided for free on criminal marketplaces and forums. Read more about how to protect yourself from this threat. The post Compromised academic credentials available on cybercriminal platforms appeared first on TechRepublic.
CyberSecurity Insiders
MAY 31, 2022
Italy has placed all its Critical Infrastructure on high alert as it is facing a cyber threat from the Pro-Russian hacking group Killnet. Information is out that the group of cybercriminals has already hit the infrastructure with digital assaults that have been neutralized by Italy’s Computer Security Incident Response Team(CSIRT). However, the intensity of the attacks is increasing because of sophistication and so CSIRT has asked all public and private entities to increase vigil over their digi
CSO Magazine
MAY 31, 2022
Security-savvy organizations understand that it's best to assume that their systems are breached. It's one reason why zero-trust architectures get so much attention nowadays, and it's why more enterprises have threat hunters who go on the lookout for attackers that are already active on their networks. This practice has grown popular because threats have become so pervasive, and traditional intrusion detection/prevention systems dispatch too many false positives.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Appknox
MAY 31, 2022
Cyberattacks on e-commerce sites are always a frequent phenomenon. Every e-commerce retailer wants to improve the consumer experience, but if they're not careful, their efforts could transform their business website into a playground for cybercriminals. Without a doubt, they are gold mines of personal and financial information for threat actors. And as a result, companies worldwide are losing billions to e-commerce fraud (more than 20$ billion in 2021).
CSO Magazine
MAY 31, 2022
Last week the U.S. federal government introduced a proposed five-step 5G Security Evaluation Process Investigation. “[It] was developed to address gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies," Eric Goldstein, executive assistant director for the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said.
Tech Republic Security
MAY 31, 2022
The medical internet of things (IoT) market is expected to reach $158 billion in valuation in 2022, up from its 2017 value of $41 billion. As healthcare facilities continue to add IoT devices, this article discusses the necessity of Wi-Fi 6 for providing contextual health data to improve patient outcomes in modern healthcare facilities. The post Using Wi-Fi 6 to Power Hyper-Aware Healthcare Facilities appeared first on TechRepublic.
CyberSecurity Insiders
MAY 31, 2022
Amazon will soon follow in the footsteps of Walmart and will implement a door step delivery through drones. Provided they are within the vicinity of store and their geographical interface is conducive for drone deliver ecosystem. Walmart, on the other hand, has made an official announcement that it is going to expand its drone delivery services to over 34 sites in the United States reaching 4 million households.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Heimadal Security
MAY 31, 2022
Many people think that because of how it handles user permissions, Linux is built to be safer than Windows. That’s starting to change as more and more Linux systems make things easier by recognizing file extensions, so users now depend on the security of every application. What Happened? You may already be aware that Linux […]. The post Malware Targeting Linux Becoming More Prevalent appeared first on Heimdal Security Blog.
CyberSecurity Insiders
MAY 31, 2022
If you thought Windows 11 operating system machines were safe from Ransomware, then you better think twice before concluding. As information is out that those spreading Magniber Ransomware are after Windows 11 Machines and have targeted around a hundred by now. According to a research conducted by 360 Total Security, Magniber ransomware attacks have increased significantly since May 25th of this year.
Security Affairs
MAY 31, 2022
Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina, in the Microsoft Office productivity suite. Microsoft has released workarounds for a recently discovered zero-day vulnerability, dubbed Follina and tracked as CVE-2022-30190 (CVSS score 7.8), in the Microsoft Office productivity suite. “On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.” reads the adviso
Digital Shadows
MAY 31, 2022
In a few previous blogs, we’ve covered how threat actors discuss prison on Russian-language cybercriminal platforms. We’ve touched on high-profile. The post Russian prison culture and slang on cybercriminal forums: Can you cram on the hairdryer? first appeared on Digital Shadows.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
MAY 31, 2022
Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability (known as 'Follina') to execute malicious code remotely on Windows systems. [.].
Dark Reading
MAY 31, 2022
"Follina" vulnerability in Microsoft Support Diagnostic Tool (MSDT) affects all currently supported Windows versions and can be triggered via specially crafted Office documents.
Bleeping Computer
MAY 31, 2022
Although most organizations are not required by law to comply with NIST standards, it is usually in an organization's best interest to follow NIST's cybersecurity standards. This is especially true for NIST's password guidelines. [.].
Malwarebytes
MAY 31, 2022
“Beam me up Scotty” will always remain my first association with teleportation. And as it stands now, we are still a long way from teleporting matter, but the teleportation of information has recently made a huge step forward. Researchers in Delft say they have succeeded in teleporting quantum information across a rudimentary network. This teleportation technology will not enable us to send information to any “out of this world” destinations, but it could allow us to send information to parts of
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
MAY 31, 2022
In April of 2013, CNN introduced the world to Shodan, a search engine for internet-connected devices, by publishing an article titled, Shodan: The scariest search engine on the Internet. CNN described how Shodan was used to find vulnerabilities: “… control systems for a water park, a gas station, a hotel wine cooler, and a crematorium. The post Shodan: Still the Scariest Search Engine on the Internet?
Bleeping Computer
MAY 31, 2022
Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation. [.].
The Hacker News
MAY 31, 2022
An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems.
Security Boulevard
MAY 31, 2022
Overview On Friday, May 27th, 2022, @nao_sec announced on Twitter that they had discovered a novel attack technique utilized in a malicious document (maldoc) submitted from a Belarus IP address to VirusTotal. The new technique uses Microsoft’s Microsoft Support Diagnostic Tool (MSDT) to retrieve and execute malicious code from a remote URL. Microsoft is currently… Continue reading Follina Zero-day Exploit Permits Attackers Complete Takeover of Victim Systems Through Malicious Microsoft Office Do
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureBlitz
MAY 31, 2022
This post will show you different platforms you can use to sell online. If you are thinking about selling items. Read more. The post Different Platforms You Can Use to Sell Online appeared first on SecureBlitz Cybersecurity.
Security Boulevard
MAY 31, 2022
Across a health system’s digital terrain, the most vulnerable assets are connected medical devices. If those devices become compromised, the infiltration could impact a patient’s privacy, health and safety. Moreover, it could shut down care delivery for days, weeks or longer, with long-lasting financial and reputational impacts. According to Deloitte, an estimated 70% of medical […].
The State of Security
MAY 31, 2022
Cloud adoption continues to soar. More than two-thirds of small to mid-sized businesses intend to increase their use of cloud technologies over the next few years. While the cloud comes with many security benefits, it also carries unique concerns. As the cloud becomes increasingly central to business operations, cloud security should be a priority. Businesses […]… Read More.
Security Boulevard
MAY 31, 2022
This article was originally written for, and publish in, Threatpost. It’s been roughly three months since Russia first launched its unprovoked invasion of Ukraine. Since then, the world has borne witness to unspeakable tragedy. While damaged and destroyed property can and will be rebuilt; the death and despair incurred by Ukrainians will leave a lasting […].
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
259 
Let's personalize your content