Krebs on Security

MAY 10, 2022

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process

Authentication 269

Authentication Engineering Internet Internet 269

Tech Republic Security

MAY 10, 2022

Credit card skimming just became much easier for cybercriminals, who can now buy ready-to-go skimming services online. Read more about this threat and how to detect it on merchant sites. The post Credit card skimming services make it easy for low-level cybercriminals to join the game appeared first on TechRepublic.

142

142

Malwarebytes

MAY 10, 2022

On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor APT34. Also known as OilRig/COBALT GYPSY/IRN2/HELIX KITTEN, APT34 is an Iranian threat group that has targeted Middle Eastern countries and victims worldwide since at least 2014.

Government 143

Government DNS Telecommunications Accountability 143

Tech Republic Security

MAY 10, 2022

Security key company and local identity management firm replace passwords with security keys to strengthen cybersecurity defenses. The post As important as bulletproof vests: Yubico sends 20,000 keys to Ukrainian government and energy agencies appeared first on TechRepublic.

Government 139

Government Passwords Cybersecurity 139

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

MAY 10, 2022

Are you having a doubt that your smartphone has been hacked or is being used by remote hackers for malevolent scams? If so, then watch out for these abnormal behavioral signs to know whether the device has been hacked. When apps are taking longer time to open than usual, it can be a sign that the device has been hacked. However, if the phone is crashing randomly, it can also mean that the device is lacking security updates.

Hacking 139

Hacking Malware Mobile Scams 139

Tech Republic Security

MAY 10, 2022

Security officers surveyed by ThoughtLab expect an increase in attacks over the next two years from cybercriminals and nation-states using social engineering and ransomware. The post Many security executives say they’re unprepared for the threats that lie ahead appeared first on TechRepublic.

Social Engineering 138

Social Engineering Engineering Ransomware 138

Tech Republic Security

MAY 10, 2022

A number of vulnerabilities within the printing application has led to a string of cyberattacks from all over the world. The post Hackers have carried out over 65,000 attacks through Windows’ Print Spooler exploit appeared first on TechRepublic.

137

137

Bleeping Computer

MAY 10, 2022

A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable. [.].

134

134

Tech Republic Security

MAY 10, 2022

Need a secure space to store more data? This cloud service can help. The post Get lifetime access to 2TB of cloud storage for just $49 appeared first on TechRepublic.

131

131

CyberSecurity Insiders

MAY 10, 2022

All these days, we have seen businesses shutting down on a permanent note because of sophisticated ransomware attacks; but here’s some news that is related to an educational institution which chose to shut down as it became a victim of a massive ransomware attack. US’s Lincoln College has posted a notice on its website confirming a ‘Goodbye’ note to the business.

Ransomware 123

Ransomware Education Encryption Cyber Attacks 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Quick Heal Antivirus

MAY 10, 2022

On December 9, 2021, Apache revealed a severe Remote code execution vulnerability CVE-2021-44228 named “Log4Shell” in Apache Java-based. The post Critical Zero-Day “Log4Shell” Vulnerability “CVE-2021-44228” Exploited in the Wild appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Malware 118

Malware Cybersecurity 118

CyberSecurity Insiders

MAY 10, 2022

A group of hackers have launched a cyber scam by posing as the chief executive officer of National Cyber Security Centre, Lindy Cameron. The cyber fraud was smartly drafted in such a way that it is difficult to make out whether it is genuine or malicious. Going deep into the details, some hackers are seen sending emails to innocent victims claiming to be associates of Lindy Cameron and urging the victim to send bank details, as funds from their bank accounts were stolen by hackers and the law en

Scams 118

Scams Banking Education Accountability 118

TrustArc

MAY 10, 2022

Today’s organizations need to proactively manage privacy risk before a crisis occurs. Don't wait, start thinking about risk management and data protection now.

Risk 122

Risk 122

Security Affairs

MAY 10, 2022

Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack. The IT giant fixed a total of 74 flaws in Microsoft Windows and Windows Components,NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Metho

Authentication 115

Authentication Hacking Software Cybersecurity 115

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Cisco Security

MAY 10, 2022

May is Mental Health Awareness Month, an important topic to me personally and my leadership ethos. It is a challenge that spans the globe—day-in and day-out—for many people, whether dealing with issues themselves or supporting a loved one. Feelings of stress, anxiety, and burnout are normal, which is why every person has some risk of developing a mental health disorder, regardless of demographics, socioeconomics, education, and occupation. .

Cybersecurity 112

Cybersecurity Education Internet Internet 112

CyberSecurity Insiders

MAY 10, 2022

An army of hackers in sympathy with Ukrainian civilians hacked the Russian TV and posted a message saying ‘ No to War’. The hack came in the early hours of Monday when most Television Channels were preparing to air the celebrations for the annual Victory Day Military Parade held at Red Square by Vladimir Putin. After a few minutes of the cyber attack, the message containing text saying ‘No to War’ was removed and a new message stating ‘ the blood of thousands of Ukrainians and hundreds of their

Hacking 109

Hacking Cyber Attacks Mobile Government 109

Naked Security

MAY 10, 2022

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice.

Cybersecurity 135

Cybersecurity Ransomware 135

CSO Magazine

MAY 10, 2022

In late February, the National Institute of Standards and Technology (NIST) issued a request for information (RFI) to evaluate and enhance its Cybersecurity Framework, or CSF, first produced in 2014 and last updated in 2018. Many developments in the swiftly changing cybersecurity field prompted NIST to revisit its complex and well-received template designed to help organizations best manage cybersecurity risk.

Cybersecurity 107

Cybersecurity Risk Technology 107

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The State of Security

MAY 10, 2022

Compliance is a key part of any organisation and in business terms, it is about ensuring companies of all sizes and their employees comply with existing national and international laws. In the UK the Companies Act 2006 is the main legislation that forms the primary source of company law and businesses of all sizes must ensure […]… Read More.

101

101

CSO Magazine

MAY 10, 2022

Extended Detection and Response, or XDR , is a hot topic in the cybersecurity world. Enterprises are adopting it for its ability to mitigate security-alert fatigue, modernize security efforts, and adapt to the evolving threat landscape. Here, we’ll look at how XDR can maximize the efficiency of existing cybersecurity products while reducing TCO. XDR can also help transform the perception of cybersecurity on the whole.

Cybersecurity 106

Cybersecurity 106

eSecurity Planet

MAY 10, 2022

Hackers have found a way to infect Windows Event Logs with fileless malware , security researchers have found. Kaspersky researchers on May 4 revealed “a new stash for fileless malware.” During a “very targeted” campaign, hackers used Windows Event Logs to inject shellcode payloads and operate stealthily. This new approach is highly sophisticated yet could still become popular, as it seems quite efficient for injecting malicious DLL and evading detection.

Malware 100

Malware Architecture Encryption Antivirus 100

Bleeping Computer

MAY 10, 2022

The NCSC (National Cyber Security Centre) in the UK reports having served 33 million alerts to organizations signed up for its "Early Warning" service. Additionally, the government agency has dealt with a record number of online scams in 2021, removing more than 2.7 million from the internet. [.].

Scams 99

Scams Cybersecurity Internet Internet 99

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

MAY 10, 2022

Detecting, defending against and responding to cyberattacks has always been a challenging job. The widespread shift to the cloud combined with increasingly hybrid work environments has further complicated it. Fortunately, detection and response solutions continually evolve to address dynamic cybersecurity needs. That said, it’s easy to be confused by the plethora of acronyms in the….

Cybersecurity 98

Cybersecurity 98

Bleeping Computer

MAY 10, 2022

Microsoft has addressed an actively exploited Windows LSA spoofing zero-day that unauthenticated attackers can exploit remotely to force domain controllers to authenticate them via the Windows NT LAN Manager (NTLM) security protocol. [.].

Authentication 99

Authentication 99

The Hacker News

MAY 10, 2022

TL;DR: Adopt a modern, test-driven methodology for securing your organization with Detection-as-Code. Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up.

Threat Detection 98

Threat Detection 98

Security Boulevard

MAY 10, 2022

Last week, a highly confidential draft opinion in the Dobbs abortion rights case was leaked to reporters at Politico. Many have called for the leaker to be identified and prosecuted. However, a case from last term—from the U.S. Supreme Court—may make prosecution difficult, if not impossible. Most computer crimes are actually crimes aimed at compromising.

Risk 98

Risk Government Cybersecurity 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The State of Security

MAY 10, 2022

Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th. CVE-2022-26925 In-The-Wild & Disclosed CVEs Based on Microsoft’s limited documentation, this appears to be a resurgence and/or improved version of PetitPotam. This month’s security guidance links to both […]… Read More.

98

98

Security Boulevard

MAY 10, 2022

OVERVIEW Quantum Ransomware is a variant that was first discovered in August 2021, linked to the Quantum Locker operation and is observed as a rebrand of the MountLocker, AstroLocker, and XingLocker operations. Most recently, a newly released DFIR Report was released on April 25,2022 to present technical details that their security researchers analyzed about the […].

Ransomware 98

Ransomware 98

CSO Magazine

MAY 10, 2022

Microsoft announced Monday that it's getting into the managed security services business. The company's Microsoft Security Experts program includes three new managed services. Microsoft Defender Experts for Hunting is for its customers who have robust security operations centers but would like Microsoft to hunt for threats in data from endpoints, Office 365, cloud applications, and identity sources.

98

98

Bleeping Computer

MAY 10, 2022

The United Kingdom's National Cyber Security Centre (NCSC) today released a new email security check service to help organizations easily identify vulnerabilities that could allow attackers to spoof emails or can lead to email privacy breaches. [.].

Risk 98

Risk Cybersecurity 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.