Wed.Mar 08, 2023

article thumbnail

BlackLotus Malware Hijacks Windows Secure Boot Process

Schneier on Security

Researchers have discovered malware that “can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.” Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface —the low-level and complex chain of firmware responsible for booting up virtually every modern computer.

Malware 229
article thumbnail

GUEST ESSAY: Five stages to attain API security — and mitigate attack surface exposures

The Last Watchdog

APIs (Application Programming Interfaces) play a critical role in digital transformation by enabling communication and data exchange between different systems and applications. Related: It’s all about attack surface management APIs help digital transformation by enabling faster and more efficient business processes, improving customer experience, and providing new ways to interact with your business.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Lockbit Ransomware Dominant Even as Overall Attack Rates Fall

Security Boulevard

With victims from 23 countries, Lockbit continues to be the most prolific ransomware group in the early months of 2023, even as an 11% decrease in ransomware victims was reported in January. These were among the findings from GuidePoint Security’s monthly ransomware threat report, which found the total number of attacks by Lockbit was more. The post Lockbit Ransomware Dominant Even as Overall Attack Rates Fall appeared first on Security Boulevard.

article thumbnail

Fortinet warns of new critical unauthenticated RCE vulnerability

Bleeping Computer

Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests. [.

126
126
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Solving Cybersecurity Staff Churn

Security Boulevard

Staff churn is a huge issue for the cybersecurity industry. Frustrations are building among security teams as they face increasing cyberattacks, scrutiny from stakeholders and data overwhelm. This is made worse when paired with the cybersecurity skills shortage of around 3.5 million unfilled positions worldwide. In this environment, it’s vital organizations find ways to retain.

article thumbnail

DuckDuckGo launches AI-powered search query answering tool

Bleeping Computer

Privacy-focused search engine DuckDuckGo has launched the first beta version of DuckAssist, an AI-assisted feature that writes accurate summaries to answer users' search queries. [.

More Trending

article thumbnail

Hard-coded secrets up 67% as secrets sprawl threatens software supply chain

CSO Magazine

The number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022. That’s according to GitGuardian’s State of Secrets Sprawl 2023 report. It found that hard-coded secrets and accelerating secrets sprawl (storing secrets in many different places) are threatening the security of software supply chains.

Software 113
article thumbnail

3 Reasons Women Should Reskill to Work in Cybersecurity

Security Boulevard

As women, from a young age, being technically savvy or being interested in math, science or business wasn’t celebrated. You were ‘cool’ and ‘popular’ if you had great hair or nice jeans, not if you wanted to code software. If the tech industry could go back in time, would it celebrate more complex subjects like. The post 3 Reasons Women Should Reskill to Work in Cybersecurity appeared first on Security Boulevard.

article thumbnail

How to Get on the Dark Web: A Step-by-Step Guide

Heimadal Security

Dark web, deep web, clear web – just words or more? Well, in seeing just how many of you are interested in hearing all about the dark wonders of the internet, I’ve decided to make this small dark web guide. So, if you want to learn all about Tor Onion, Silk Road, secret, hush-hush Governmental […] The post How to Get on the Dark Web: A Step-by-Step Guide appeared first on Heimdal Security Blog.

Internet 111
article thumbnail

Business Email Compromise: 3 Steps to Reduce Risk

Security Boulevard

Email has been a popular delivery of malware and risk for decades.The first phishing schemes took place in the 1990s, and phishing techniques have only become more sophisticated in the decades since. It’s particularly popular among criminals now; since 2019, the use of phishing scams has increased by 300%. The reason for the increase? Despite […] The post Business Email Compromise: 3 Steps to Reduce Risk appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.

Risk 114
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Influence Techniques in Everyday Life: Sales

Security Through Education

People in many different professions use social engineering as a tool in everyday life. In the case of sales, social engineering plays a significant role in persuading potential customers to buy a product or service. This is done using a social engineering technique known as Influence Tactics. These tactics build trust, establish a connection, and provide value, to the customer or client.

article thumbnail

Cloud trends 2023: Cost management surpasses security as top priority

InfoWorld on Security

As cloud usage grew over the past decade, one trend among cloud users remained constant: Security held steady as the top challenge for users. That focus is shifting. For the first time, since Flexera began its annual survey of cloud decision-makers, security was not the top challenge reported by respondents. As revealed in the Flexera 2023 State of the Cloud Report , released on March 8, 2023, 82% of respondents from across all organizations indicated that their top cloud challenge is managing c

105
105
article thumbnail

Don’t Settle for Less: Why You Need a Pureplay Cybersecurity Vendor

Security Boulevard

So you’ve made your case successfully and you’re now shopping for a SIEM. Aside from looking at what the software itself can do for you, we also advise purchasing committees to think about what kind of a company you’ll be… The post Don’t Settle for Less: Why You Need a Pureplay Cybersecurity Vendor appeared first on LogRhythm. The post Don’t Settle for Less: Why You Need a Pureplay Cybersecurity Vendor appeared first on Security Boulevard.

article thumbnail

How CISOs can do more with less in turbulent economic times

CSO Magazine

CISO Nicole Darden Ford has become accustomed to doing more with less since the COVID-19 pandemic suddenly upended her company’s workforce. “I got off a plane from India and saw all these people with masks at the airport in Washington, DC, and I wondered what was going on. I went straight to the office where my CEO and CIO explained our new reality: We were going into quarantine and we had less than a week to come up with a way for people to work remotely.

CISO 102
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Risk management policy

Tech Republic Security

SUMMARY Risk management involves the practice of addressing and handling threats to the organization in the form of cybersecurity attacks and compromised or lost data. The process of establishing appropriate risk management guidelines is critical to ensure company operations and reputation do not suffer adverse impacts. It’s not an easy process, achieving a sound risk.

Risk 87
article thumbnail

The state of stalkerware in 2022

SecureList

The state of stalkerware in 2022 (PDF) Main findings of 2022 The State of Stalkerware is an annual report by Kaspersky which contributes to a better understanding of how many people in the world are affected by digital stalking. Stalkerware is a commercially available software that can be discretely installed on smartphone devices, enabling perpetrators to monitor an individual’s private life without their knowledge.

Mobile 98
article thumbnail

AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security

Dark Reading

Researchers warn that polymorphic malware created with ChatGPT and other LLMs will force a reinvention of security automation.

Malware 119
article thumbnail

Microsoft testing File Explorer access keys, new VPN status icon

Bleeping Computer

Microsoft has released a new Windows 11 preview build with new features such as File Explorer access keys, a new VPN status indicator, and a new way to copy two-factor authentication (2FA) codes from text messages. [.

VPN 98
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Update Android now! Two critical vulnerabilities patched

Malwarebytes

The March security updates for Android include fixes for two critical remote code execution (RCE) vulnerabilities impacting Android systems running versions 11, 12, 12L, and 13. Users should update as soon as they can. The March 2023 Android Security Bulletin contains the details of the security vulnerabilities affecting Android devices. Security patch levels of 2023-03-05 or later address all of these issues.

article thumbnail

Understanding the Integration Between KMS and Secrets Manager on AWS

Security Boulevard

Key Management Service (KMS), and Secrets Manager are easy to mix, not only because of the similarity in names but also because one might get confused over the purpose of each one. At a high level, KMS is a service that allows users to manage cryptographic keys for encryption, decryption, signing, and additional operations. We recommend that you read our technical blog on KMS to dive more deeply into the service and its features.

article thumbnail

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

The Hacker News

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams.

98
article thumbnail

Palo Alto Networks Adds Identity Module to Integrated SOC Platform

Security Boulevard

Palo Alto Networks this week revealed it added a threat detection and response module to its Cortex extended security intelligence and automation management (XSIAM) platform that uses machine learning algorithms to surface anomalous activity based on identity and user behavior. Gonen Fink, senior vice president for Cortex Products at Palo Alto Networks, said the module.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

A critical flaw affects Fortinet FortiOS and FortiProxy, patch it now!

Security Affairs

Fortinet addressed a critical heap buffer underflow vulnerability affecting FortiOS and FortiProxy, which can lead to arbitrary code execution. Fortinet addressed a critical buffer underwrite (‘buffer underflow’) vulnerability, tracked as CVE-2023-25610 (CVSS v3 9.3), that resides in the administrative interface in FortiOS and FortiProxy.

InfoSec 98
article thumbnail

HPE Acquires Axis Security to Gain SSE Platform

Security Boulevard

Hewlett-Packard Enterprise (HPE) has announced its intent to acquire Axis Security, a provider of a secure service edge (SSE) platform. The acquisition is part of HPE’s effort to extend the integrated software-defined wide area network (SD-WAN) and network firewall offering that HPE makes available via its Aruba business unit. The Axis Security SSE platform enables.

article thumbnail

PIM vs PAM vs IAM: What’s The Difference?

Heimadal Security

Identity management has become an essential aspect of cybersecurity as businesses struggle to protect their sensitive data from cyber threats. To shed some light on this topic, in this article, we’ll help demystify the key differences between PIM (Privileged Identity Management), PAM (Privileged Access Management), and IAM (Identity and Access Management), explain how these terms […] The post PIM vs PAM vs IAM: What’s The Difference?

article thumbnail

Bitwarden flaw can let hackers steal passwords using iframes

Bleeping Computer

Bitwarden's credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people's credentials and send them to an attacker. [.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

Remote access policy

Tech Republic Security

PURPOSE This policy outlines guidelines and processes for requesting, obtaining, using and terminating remote access to organization networks, systems and data. It applies to scenarios where employees connect remotely to in-house data centers as well as offsite facilities, such as cloud providers. From the policy: DETERMINING ELIGIBLE USERS Only users with a demonstrable business need.

82
article thumbnail

A New Emotet Campaign Is Ongoing After a Three-month Break

Heimadal Security

A new Emotet campaign started infecting devices all over the world on Tuesday, 7 March 2023. After a three-month break, the botnet sends malicious spam emails again. Emotet malware reaches targets through emails with malicious attachments. When the user opens the Microsoft Word or Excel document, macros are enabled. This way, Emotet DLL loads into […] The post A New Emotet Campaign Is Ongoing After a Three-month Break appeared first on Heimdal Security Blog.

Malware 92
article thumbnail

CISA adds three new bugs to Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added actively exploited flaws in Teclib GLPI, Apache Spark, and Zoho ManageEngine ADSelfService Plus to its Known Exploited Vulnerabilities Catalog. US CISA added the following actively exploited flaws to its Known Exploited Vulnerabilities Catalog : CVE-2022-35914 (CVSS score: 9.8) – Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) – Apache Spark Command Injection Vulnerability CVE-2022-28810 (CVSS score: 6.8) – Zoho ManageEngine AD

DDOS 96
article thumbnail

Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity

The Hacker News

The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year.

Hacking 100
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.