Krebs on Security

MAY 10, 2022

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process

Authentication 347

Authentication Engineering Internet Internet 347

Tech Republic Security

MAY 10, 2022

Security key company and local identity management firm replace passwords with security keys to strengthen cybersecurity defenses. The post As important as bulletproof vests: Yubico sends 20,000 keys to Ukrainian government and energy agencies appeared first on TechRepublic.

Government 158

Government Passwords Cybersecurity 158

Malwarebytes

MAY 10, 2022

On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor APT34. Also known as OilRig/COBALT GYPSY/IRN2/HELIX KITTEN, APT34 is an Iranian threat group that has targeted Middle Eastern countries and victims worldwide since at least 2014.

Government 145

Government DNS Telecommunications Accountability 145

Tech Republic Security

MAY 10, 2022

Credit card skimming just became much easier for cybercriminals, who can now buy ready-to-go skimming services online. Read more about this threat and how to detect it on merchant sites. The post Credit card skimming services make it easy for low-level cybercriminals to join the game appeared first on TechRepublic.

148

148

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Cisco Security

MAY 10, 2022

May is Mental Health Awareness Month, an important topic to me personally and my leadership ethos. It is a challenge that spans the globe—day-in and day-out—for many people, whether dealing with issues themselves or supporting a loved one. Feelings of stress, anxiety, and burnout are normal, which is why every person has some risk of developing a mental health disorder, regardless of demographics, socioeconomics, education, and occupation. .

Cybersecurity 145

Cybersecurity Education Internet Internet 145

Tech Republic Security

MAY 10, 2022

Security officers surveyed by ThoughtLab expect an increase in attacks over the next two years from cybercriminals and nation-states using social engineering and ransomware. The post Many security executives say they’re unprepared for the threats that lie ahead appeared first on TechRepublic.

Social Engineering 148

Social Engineering Engineering Ransomware 148

Tech Republic Security

MAY 10, 2022

A number of vulnerabilities within the printing application has led to a string of cyberattacks from all over the world. The post Hackers have carried out over 65,000 attacks through Windows’ Print Spooler exploit appeared first on TechRepublic.

148

148

Security Affairs

MAY 10, 2022

Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack. The IT giant fixed a total of 74 flaws in Microsoft Windows and Windows Components,NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Metho

Authentication 138

Authentication Hacking Software Cybersecurity 138

Tech Republic Security

MAY 10, 2022

Need a secure space to store more data? This cloud service can help. The post Get lifetime access to 2TB of cloud storage for just $49 appeared first on TechRepublic.

148

148

Naked Security

MAY 10, 2022

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice.

Cybersecurity 135

Cybersecurity Ransomware 135

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

MAY 10, 2022

The European Union condemns the cyberattacks conducted by Russia against Ukraine, which targeted the satellite KA-SAT network. The European Union accused Russia of the cyberattack that hit the satellite KA-SAT network in Ukraine, operated by Viasat, on February 24. This cyberattack caused communication outages and disruptions in Ukraine, it also impacted several EU Member States. 5,800 Enercon wind turbines in Germany were unreachable due to the spillover from this attack.

Cyber Attacks 135

Cyber Attacks Internet Internet Hacking 135

Hacker Combat

MAY 10, 2022

A cyber-attack is a malicious attack undertaken by cybercriminals against single or numerous computers, computer systems, networks, or infrastructures utilizing one or more computers. The goal is to interrupt the victim’s business operations or steal important information. Individuals, corporations, governments, and critical infrastructure are potential cyber-attack targets.

Encryption 132

Encryption Ransomware Malware Cyber Attacks 132

CSO Magazine

MAY 10, 2022

Zero-click attack definition. Zero-click attacks, unlike most cyberattacks, don't require any interaction from the users they target, such as clicking on a link, enabling macros, or launching an executable. They are sophisticated, often used in cyberespionage campaigns, and tend to leave very few traces behind—which makes them dangerous. Once a device is compromised, an attacker can choose to install surveillance software, or they can choose to enact a much more destructive strategy by encryptin

Surveillance 128

Surveillance Encryption Software 128

Bleeping Computer

MAY 10, 2022

A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable. [.].

125

125

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

CyberSecurity Insiders

MAY 10, 2022

All these days, we have seen businesses shutting down on a permanent note because of sophisticated ransomware attacks; but here’s some news that is related to an educational institution which chose to shut down as it became a victim of a massive ransomware attack. US’s Lincoln College has posted a notice on its website confirming a ‘Goodbye’ note to the business.

Ransomware 123

Ransomware Education Encryption Cyber Attacks 123

TrustArc

MAY 10, 2022

Today’s organizations need to proactively manage privacy risk before a crisis occurs. Don't wait, start thinking about risk management and data protection now.

Risk 122

Risk 122

eSecurity Planet

MAY 10, 2022

The average downtime cost businesses over $1 million per hour in 2021, which can quickly add up, considering the average downtime for ransomware attacks is 22 days. Unfortunately, many organizations don’t have business continuity solutions in place to help them avoid major spurts of downtime. Business continuity software can point out vulnerabilities in a company’s network, build plans, and keep the business running during a crisis.

Software 120

Software Risk Backups Artificial Intelligence 120

Quick Heal Antivirus

MAY 10, 2022

On December 9, 2021, Apache revealed a severe Remote code execution vulnerability CVE-2021-44228 named “Log4Shell” in Apache Java-based. The post Critical Zero-Day “Log4Shell” Vulnerability “CVE-2021-44228” Exploited in the Wild appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Malware 119

Malware Cybersecurity 119

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

CyberSecurity Insiders

MAY 10, 2022

A group of hackers have launched a cyber scam by posing as the chief executive officer of National Cyber Security Centre, Lindy Cameron. The cyber fraud was smartly drafted in such a way that it is difficult to make out whether it is genuine or malicious. Going deep into the details, some hackers are seen sending emails to innocent victims claiming to be associates of Lindy Cameron and urging the victim to send bank details, as funds from their bank accounts were stolen by hackers and the law en

Scams 118

Scams Banking Accountability Education 118

eSecurity Planet

MAY 10, 2022

Hackers have found a way to infect Windows Event Logs with fileless malware , security researchers have found. Kaspersky researchers on May 4 revealed “a new stash for fileless malware.” During a “very targeted” campaign, hackers used Windows Event Logs to inject shellcode payloads and operate stealthily. This new approach is highly sophisticated yet could still become popular, as it seems quite efficient for injecting malicious DLL and evading detection.

Malware 117

Malware Architecture Encryption Antivirus 117

Heimadal Security

MAY 10, 2022

Hackers have begun deploying malicious payloads by means of a critical vulnerability identified as CVE-2022-1388, which has an impact on numerous versions of all F5 BIG-IP modules. F5 issued patches for the BIG-IP iControl REST authentication component security problem (9.8 severity level) last week. Exploiting the mentioned vulnerability, an unauthenticated threat actor would be able […].

Authentication 111

Authentication Cybersecurity 111

CyberSecurity Insiders

MAY 10, 2022

An army of hackers in sympathy with Ukrainian civilians hacked the Russian TV and posted a message saying ‘ No to War’. The hack came in the early hours of Monday when most Television Channels were preparing to air the celebrations for the annual Victory Day Military Parade held at Red Square by Vladimir Putin. After a few minutes of the cyber attack, the message containing text saying ‘No to War’ was removed and a new message stating ‘ the blood of thousands of Ukrainians and hundreds of their

Hacking 109

Hacking Cyber Attacks Mobile Government 109

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

CSO Magazine

MAY 10, 2022

In late February, the National Institute of Standards and Technology (NIST) issued a request for information (RFI) to evaluate and enhance its Cybersecurity Framework, or CSF, first produced in 2014 and last updated in 2018. Many developments in the swiftly changing cybersecurity field prompted NIST to revisit its complex and well-received template designed to help organizations best manage cybersecurity risk.

Cybersecurity 107

Cybersecurity Risk Technology 107

Heimadal Security

MAY 10, 2022

An effective type of trojan malware that provides full backdoor access to Windows systems can be purchased for almost nothing on underground forums. It also appears that the backdoor malware, dubbed DCRat, is being created and maintained by a single individual. The trojan was first discovered in 2018, but it has been redesigned and relaunched […].

Malware 105

Malware Cybersecurity 105

CSO Magazine

MAY 10, 2022

Extended Detection and Response, or XDR , is a hot topic in the cybersecurity world. Enterprises are adopting it for its ability to mitigate security-alert fatigue, modernize security efforts, and adapt to the evolving threat landscape. Here, we’ll look at how XDR can maximize the efficiency of existing cybersecurity products while reducing TCO. XDR can also help transform the perception of cybersecurity on the whole.

Cybersecurity 106

Cybersecurity 106

Heimadal Security

MAY 10, 2022

Lincoln College has a 19th-century history. Prior to Lincoln, Illinois, several locations were considered for the institution, but in December 1864, Lincoln was selected. The Lincoln campus has a student body of over 1,000 people. Students come from over 25 different states in the United States, as well as from numerous other countries. Australia, China, […].

Ransomware 105

Ransomware Cybersecurity 105

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

MAY 10, 2022

Hacktivists yesterday defaced the Russian TV with pro-Ukraine messages and took down the RuTube video streaming site. Hacktivists and white hat hackers continue to support Ukraine against the Russian invasion, in a recent attack, they defaced Russian TV with anti-war messages and took down the RuTube video streaming site. The attack took place during Russia’s Victory Day, Russians attempting to view the parade were displayed Pro-Ukraine messages due to a cyber attack that impacted the Russ

Hacking 104

Hacking Cyber Attacks Media Cybersecurity 104

Heimadal Security

MAY 10, 2022

As part of Patch Tuesday May, Microsoft has pledged to release improvements for both Azure Synapse Pipeline and Azure Data Factory. This announcement came shortly after Microsoft disclosed CVE-2022-29972, a vulnerability affecting a Magnitude Simba Amazon Redshift ODBC driver. Microsoft’s currently working alongside a third party to remedy the aforementioned vulnerability and to develop infrastructure […].

105

105

Security Affairs

MAY 10, 2022

Microsoft disclosed a now-fixed vulnerability in Azure Synapse and Azure Data Factory that could have allowed remote code execution. Microsoft announced to have addressed a critical remote code execution flaw, tracked as CVE-2022-29972 and named SynLapse , affecting Azure Synapse and Azure Data Factory. The vulnerability was discovered by researchers from Orca Security and resides in a third-party driver used in the above solution. “The vulnerability was specific to the third-party Open Da

Passwords 102

Passwords Hacking Cybersecurity Information Security 102

The State of Security

MAY 10, 2022

Compliance is a key part of any organisation and in business terms, it is about ensuring companies of all sizes and their employees comply with existing national and international laws. In the UK the Companies Act 2006 is the main legislation that forms the primary source of company law and businesses of all sizes must ensure […]… Read More.

101

101

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!