The Last Watchdog

MAY 30, 2022

It’s no secret that cybersecurity roles are in high demand. Today there are more than 500,000 open cybersecurity roles in the U.S., leaving organizations vulnerable to cyber threats. Related: Deploying employees as threat sensors. Meanwhile, 200,000 well-trained and technically skilled military service members are discharged each year. These individuals have many transferable skills that would make cybersecurity a prosperous civilian career.

Cybersecurity 261

Cybersecurity InfoSec Education Cyber threats 261

Bleeping Computer

MAY 30, 2022

Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. [.].

145

145

Security Affairs

MAY 30, 2022

A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell code.

Cybersecurity 145

Cybersecurity Hacking Information Security Malware 145

Bleeping Computer

MAY 30, 2022

The Computer Security Incident Response Team in Italy issued an urgent alert yesterday to raise awareness about the high risk of cyberattacks against national bodies and organizations on Monday. [.].

DDOS 142

DDOS Risk 142

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

MAY 30, 2022

Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’ accounts through phone calls. The fraudulent scheme is simple, threat actors make a phone call to the victims to trick them into making a call at a phone number starting either with 405 or 67.

Scams 144

Scams Accountability Mobile Hacking 144

CSO Magazine

MAY 30, 2022

Linux is a coveted target. It is the host operating system for numerous application backends and servers and powers a wide variety of internet of things (IoT) devices. Still, not enough is done to protect the machines running it. "Linux malware has been massively overlooked," says Giovanni Vigna, senior director of threat intelligence at VMware. "Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources o

Malware 138

Malware IoT Internet Internet 138

Bleeping Computer

MAY 30, 2022

Vodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider (ISP) level. [.].

Mobile 140

Mobile Advertising Internet Internet 140

Graham Cluley

MAY 30, 2022

The world is waiting for a patch from Microsoft, after a zero-day vulnerability in Microsoft Office was found to be being exploited in boobytrapped Word documents to remotely execute code on victims' PCs.

Malware 136

Malware 136

Security Boulevard

MAY 30, 2022

It’s time for the annual Verizon Data Breach Investigation Report (DBIR), a compendium of cybersecurity and malware trends that offers some of the best analyses in our field. It examines more than 5,000 data breaches collected from 80 partners from around the world. If you'd like to explore the report from previous years, we’ve also written up summaries of the 2021 and 2020 reports.

Data breaches 135

Data breaches Malware Cybersecurity Network Security 135

Security Affairs

MAY 30, 2022

Interpol arrested three Nigerian men in Lagos, who are suspected of using the Agent Tesla RAT to reroute financial transactions and steal sensitive data. Interpol arrested 3 Nigerian men in Lagos, as part of an international operation codenamed Killer Bee. The three men are suspected of using the Agent Tesla RAT to reroute financial transactions and steal confidential details from corporate organizations.

Cybercrime 133

Cybercrime Malware Hacking Cybersecurity 133

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

MAY 30, 2022

Intuit released a warning about a phishing email being sent to its customers. The phishing emails tell recipients that their account has been put on hold, and try to trick users into “validating their account” to release it again. Intuit. Intuit Inc. is an American business software company that specializes in financial software. Intuit’s products include the tax preparation application TurboTax, personal finance app Mint, the small business accounting program QuickBooks, the credit monito

Phishing 133

Phishing Accountability Small Business Malware 133

CSO Magazine

MAY 30, 2022

Costa Rica’s newly-elected president has declared a national state of emergency , as its ongoing crisis costs the nation an estimated USD $38 million a day. Perhaps in a different time, we would assumed the country had been struck by a devasting natural disaster or was struggling with some internal conflict—but times have changed. Costa Rica has been struck not by an earthquake or a bomb or a strike, but by a new national crisis: cybercrime.

Cybercrime 128

Cybercrime Ransomware Government Internet 128

We Live Security

MAY 30, 2022

Falsehoods about the war in Ukraine come in all shapes and sizes – here are a few examples of what’s in the fake news. The post Keeping it real: Don’t fall for lies about the war appeared first on WeLiveSecurity.

129

129

Bleeping Computer

MAY 30, 2022

Interpol has announced the arrest of three Nigerian men in Lagos, who are suspected of using remote access trojans (RATs) to reroute financial transactions and steal account credentials. [.].

Malware 121

Malware Accountability 121

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Malwarebytes

MAY 30, 2022

Several researchers have come across a novel attack that circumvents Microsoft’s Protected View and anti-malware detection. The attack vector uses the Word remote template feature to retrieve an HTML file from a remote webserver. It goes on to use the ms-msdt protocol URI scheme to load some code, and then execute some PowerShell. All of the above methods are features, but if we tell you that put together this allows an attacker to remotely run code on your system by tricking you into clic

Penetration Testing 120

Penetration Testing Accountability Malware 120

Naked Security

MAY 30, 2022

Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean.

Scams 137

Scams 137

Heimadal Security

MAY 30, 2022

Probably one of the most notorious terms in cyber security, a Trojan is a type of malware that acts according to the Greek legend: it camouflages itself as a legitimate file or program to trick unsuspecting users into installing it on their PCs. Upon doing this, users will unknowingly give unauthorized, remote access to the […]. The post As Malware Dissemination Drops, Mobile Trojan Detections Grow. appeared first on Heimdal Security Blog.

Mobile 115

Mobile Malware Cybersecurity 115

Naked Security

MAY 30, 2022

News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!

137

137

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 30, 2022

It’s no secret that cybersecurity roles are in high demand. Today there are more than 500,000 open cybersecurity roles in the U.S., leaving organizations vulnerable to cyber threats. Related: Deploying employees as threat sensors. Meanwhile, 200,000 well-trained and technically skilled … (more…). The post GUEST ESSAY: A Memorial Day call to upskill more veterans for in-demand cybersecurity roles appeared first on Security Boulevard.

Cybersecurity 115

Cybersecurity Cyber threats Security Awareness 115

Security Affairs

MAY 30, 2022

Researchers discovered a new ransomware family called GoodWill that asks victims to donate the ransom for social causes. CloudSEK ’s Threat Intelligence Research team has disclosed a new ransomware strain called GoodWill, that demands victims the payment of a ransom through donations for social causes and financially helping people in need. “The ransomware group propagates very unusual demands in exchange for the decryption key.

Ransomware 114

Ransomware Media Hacking Cybersecurity 114

The Hacker News

MAY 30, 2022

A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). "The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week.

Malware 113

Malware 113

Dark Reading

MAY 30, 2022

To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft.

Malware 112

Malware 112

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

MAY 30, 2022

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document ("05-2022-0438.doc") that was uploaded to VirusTotal from an IP address in Belarus.

Cybersecurity 108

Cybersecurity 108

Security Boulevard

MAY 30, 2022

Cybercriminals are using an increasing number of attacks to exploit web apps and steal valuable data. This article teaches about the ten most common types of cyber threats. The post Top 10 Cyber Threats in 2022 appeared first on Security Boulevard.

Cyber threats 104

Cyber threats 104

The Hacker News

MAY 30, 2022

Interpol on Monday announced the arrest of three suspected global scammers in Nigeria for using remote access trojans (RATs) such as Agent Tesla to facilitate malware-enabled cyber fraud.

Malware 104

Malware 104

Malwarebytes

MAY 30, 2022

Last week on Malwarebytes Labs: Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers Chicago students lose data to ransomware attackers Hunting down your data with Whitney Merrill: Lock and Code S03E11 Unknown APT group has targeted Russia repeatedly since Ukraine invasion Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware General Motors suffers credential stuffing attack Instagram verification services: what are the dangers?

DNS 101

DNS Spyware Ransomware Marketing 101

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

MAY 30, 2022

It's no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company's work processes. An innocuous process much like clicking on an attachment was in the earlier days of email, people don't think twice when connecting an app they need with their Google workspace or M365 environment, etc.

100

100

Malwarebytes

MAY 30, 2022

The BBC has revealed details of how a food bank in the UK was conned out of about $63,000 (£50,000) by scammers who used two separate attacks to fleece their victims. A food bank is a way for people to ensure they don’t starve. They are a backstop during times of economic uncertainty, and have been hugely important during the pandemic. An attack on a food bank is an attack on the most vulnerable that’s likely to have a significant impact on a community, and which could have a terribl

Banking 100

Banking Scams Accountability Phishing 100

Heimadal Security

MAY 30, 2022

NCC Group security experts said that the Clop ransomware gang has returned following the shutting down of their entire operation for four months between November and February. CL0P had an explosive and unexpected return to the forefront of the ransomware threat landscape, jumping from the least active threat actor in March to the fourth most […].

Ransomware 99

Ransomware Cybersecurity 99

The Hacker News

MAY 30, 2022

Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190, is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system.

100

100

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.