Krebs on Security

JULY 11, 2023

Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.

Software 199

Software Malware Antivirus Ransomware 199

The Last Watchdog

JULY 11, 2023

When it comes to alternative asset trading, protecting investor data is of critical importance. Related: Preserving the privacy of the elderly As more traders and investors engage in these investment avenues, it is crucial to adopt robust security measures to safeguard sensitive and regulated information. Here are seven tips to protect investor data in alternative asset trading.

Penetration Testing 189

Penetration Testing Antivirus Threat Detection Encryption 189

Schneier on Security

JULY 11, 2023

The Washington Post has an article about popular printing services, and whether or not they read your documents and mine the data when you use them for printing: Ideally, printing services should avoid storing the content of your files, or at least delete daily. Print services should also communicate clearly upfront what information they’re collecting and why.

142

142

The Last Watchdog

JULY 11, 2023

Boston, July 7, 2023 — CybSafe, the human risk management platform, has today announced CEO Oz Alashe MBE has been named as a SecurityInfoWatch.com , Security Business and Security Technology Executive magazines’ 2023 Security Industry Innovator Award winner. CybSafe’s human-centric, behavioral approach to cyber security and risk mitigation has positioned Alashe and his team as security leaders to watch through 2023 and into 2024.

Cyber Risk 178

Cyber Risk Cyber threats Risk Technology 178

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

We Live Security

JULY 11, 2023

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The post ESET Threat Report H1 2023 appeared first on WeLiveSecurity

Threat Reports 135

Threat Reports Threat Detection 135

Tech Republic Security

JULY 11, 2023

This guide covers everything you need to know about zero-day security exploits, which are secret vulnerabilities used by hackers to infiltrate PCs, networks, mobile phones and IoT devices. The post Zero-Day Exploits: A Cheat Sheet for Professionals appeared first on TechRepublic.

IoT 113

IoT Mobile 113

Tech Republic Security

JULY 11, 2023

Learn how a malicious driver exploits a loophole in the Windows operating system to run at kernel level.

Cybersecurity 136

Cybersecurity 136

Bleeping Computer

JULY 11, 2023

Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities. [.

111

111

Security Boulevard

JULY 11, 2023

The annual Verizon Data Breach Investigations Report (DBIR) is an essential resource used by enterprise security leaders to understand the latest trends in cybersecurity and learn lessons on improving organizational defenses. Let’s review some of the key highlights and see how Votiro Cloud can address and mitigate many of the most pressing security issues resulting.

Data breaches 104

Data breaches Cybersecurity 104

Bleeping Computer

JULY 11, 2023

Microsoft announced today that it would change the name of its Azure Active Directory (Azure AD) enterprise identity service to Microsoft Entra ID by the end of the year. [.

111

111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JULY 11, 2023

Our thanks to BSides Knoxville for publishing their presenter’s outstanding BSides Knoxville 2023 content on the organizations’ YouTube channel. Permalink The post BSides Knoxville 2023 – Jared Winn – Best Practices Crosswalks appeared first on Security Boulevard.

CISO 104

CISO Education Risk InfoSec 104

Bleeping Computer

JULY 11, 2023

Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents. [.

110

110

Security Boulevard

JULY 11, 2023

Software licensing is a critical aspect of every software purchase decision. The license stipulates the terms and conditions for using the software and outlines the rights and responsibilities of both the software publisher and the user. Two popular models in the world of software licensing are the subscription license and the perpetual license. This.

Software 98

Software 98

Bleeping Computer

JULY 11, 2023

Microsoft has begun the forced rollout of its Windows 11 22H2 'Moment 3' update, which introduces several new features and improvements to the operating system [.

Software 105

Software 105

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JULY 11, 2023

Choosing the right tools for your business is crucial for delivering a seamless customer experience and driving growth. It can mean the difference between faulty, inefficient operations and a well-oiled machine that delivers rising revenue. But identifying a worthwhile tool before purchasing it isn’t always easy. There have never been more options than there are […] The post Owning the customer experience from start to finish: Results, revenue, and ROI appeared first on Sift Blog.

98

98

Bleeping Computer

JULY 11, 2023

Microsoft blocked code signing certificates predominantly used by Chinese hackers and developers to sign and load malicious kernel mode drivers on breached systems by exploiting a Windows policy loophole. [.

105

105

Security Boulevard

JULY 11, 2023

Return of the ICMAD: Critical Vulnerabilities Affecting ICM over HTTP/2 ltabo Tue, 07/11/2023 - 18:09 On July 11th, 2023, following a continued monthly cadence of security patches, SAP released patches for two new vulnerabilities (CVE-2023-33987 and CVE-2023-35871), which affect one of the most critical components of SAP applications: the SAP Internet Communications Manager also known as ICM.

Authentication 98

Authentication Internet Internet Risk 98

Bleeping Computer

JULY 11, 2023

HCA Healthcare disclosed a data breach impacting an estimated 11 million patients who received care at one of its hospitals and clinics after a threat actor posted samples of stolen data on a hacking forum. [.

Healthcare 100

Healthcare Data breaches Hacking 100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JULY 11, 2023

In today’s interconnected digital world, vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain. While these two terms may appear synonymous at first glance, you should know their fundamental differences. They are two distinct yet closely related aspects of cybersecurity.

Software 98

Software Malware Cybersecurity Firewall 98

Malwarebytes

JULY 11, 2023

It’s that time of the month again. For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities. Nine of the vulnerabilities are rated as critical and four of them are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency (CISA) has already added these four vulnerabilities to the catalog of known to be exploited vulnerabilities.

Cybersecurity 94

Cybersecurity Accountability Software Risk 94

Security Boulevard

JULY 11, 2023

AppSec integrations can help keep development secure at the speed your business requires. The post AppSec integrations enable a more secure SDLC appeared first on Security Boulevard.

Software 98

Software 98

The Hacker News

JULY 11, 2023

Microsoft on Tuesday released updates to address a total of 132 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild. Of the 132 vulnerabilities, nine are rated Critical, 122 are rated Important in severity, and one has been assigned a severity rating of "None.

Software 93

Software 93

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JULY 11, 2023

Reducing complexity and providing insight into software risk, consolidation is the wave of the application security testing future. The post Consolidation: The wave of the (AST) future appeared first on Security Boulevard.

Software 98

Software Risk 98

Digital Guardian

JULY 11, 2023

Most companies understand the importance of data protection but don't always know how to implement an effective data loss prevention program. Here's a quick primer.

95

95

Security Boulevard

JULY 11, 2023

On March 3, Google announced a proposal to reduce public TLS certificate lifespans from the current 398 days to just 90 days. The post Shorter Lifespans, Wider Risk Gaps: Preparing for the Shift to 90-Day TLS Certificates appeared first on Keyfactor. The post Shorter Lifespans, Wider Risk Gaps: Preparing for the Shift to 90-Day TLS Certificates appeared first on Security Boulevard.

Risk 97

Risk 97

Tech Republic Security

JULY 11, 2023

It’s essential that cybersecurity professionals understand the risks associated with brute force attacks. Read this guide from TechRepublic Premium to find out what you need to know about this classic form of cybersecurity attack, how safe you may (or may not) be and how to defend your systems against brute force attacks.

Risk 78

Risk Cybersecurity 78

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JULY 11, 2023

PCI DSS stands for Payment Card Industry Data. The post DMARC is Becoming Mandatory for PCI DSS Compliance appeared first on EasyDMARC. The post DMARC is Becoming Mandatory for PCI DSS Compliance appeared first on Security Boulevard.

Security Awareness 92

Security Awareness 92

Bleeping Computer

JULY 11, 2023

Apple confirmed today that emergency security updates released on Monday to address a zero-day bug exploited in attacks break browsing on some websites, and new ones will be released soon to address this known issue. [.

94

94

Security Boulevard

JULY 11, 2023

via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink The post Randall Munroe’s XKCD ‘Down’ appeared first on Security Boulevard.

97

97

Malwarebytes

JULY 11, 2023

Like all social media platforms, Facebook constantly has to deal with fake accounts, scams and malware. We have written about scams targeting consumers that redirect to fake Microsoft alert pages , but there are also threats targeting businesses that use Facebook to promote their products and services. In the past few weeks, there's been a resurgence in sponsored posts and accounts that impersonate Meta/Facebook's own Ads Manager.

Accountability 87

Accountability Scams Malware Advertising 87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.