Krebs on Security

MAY 9, 2023

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction.

Malware 291

Malware Software Internet Internet 291

Schneier on Security

MAY 9, 2023

Another nation-state malware , Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial control systems (ICSs).

Malware 277

Malware Cybersecurity 277

Krebs on Security

MAY 9, 2023

The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “ booter ” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters.

DDOS 286

DDOS Cybercrime Internet Internet 286

Tech Republic Security

MAY 9, 2023

Changing an Apple ID password typically isn't as simple as just entering a replacement password. Prepare more effectively for the process by remembering three key facts. The post Apple ID: 3 things to remember when changing this password appeared first on TechRepublic.

Passwords 203

Passwords Big data Mobile Cybersecurity 203

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Last Watchdog

MAY 9, 2023

One meeting I had at RSA Conference 2023 , was a briefing about a new partnership , announced this morning, between a top-rung Silicon Valley tech giant and the leading provider of digital trust. Related: Centralizing control of digital certificates I had the chance to sit down with Deepika Chauhan , DigiCert’s Chief Product Officer, and Mike Cavanagh , Oracle’s Group Vice President, ISV Cloud for North America.

Cloud Migration 195

Cloud Migration Digital transformation Engineering Software 195

Duo's Security Blog

MAY 9, 2023

Principal Product Designer Jake Ingman feels lucky that he’s been able to find a role that combines his passion for cybersecurity, design and engineering. Bringing Minnesota nice to a kinder than necessary culture that values design has allowed Ingman to infuse Duo products with empathy while defining his product design career path. If that’s the way you want to innovate, check out our open roles.

Engineering 145

Engineering Cybersecurity 145

Dark Reading

MAY 9, 2023

Operation "Medusa" disabled Turla's Snake malware with an FBI-created tool called Perseus.

Malware 134

Malware 134

Bleeping Computer

MAY 9, 2023

Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems. [.

Malware 131

Malware 131

Naked Security

MAY 9, 2023

What can you do if someone steals your keys but you can't change the lock? We explain the dilemma in plain English.

128

128

Bleeping Computer

MAY 9, 2023

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system. [.

128

128

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Dark Reading

MAY 9, 2023

The 49 CVE's in Microsoft's May security update is the lowest volume in nearly two years.

126

126

Bleeping Computer

MAY 9, 2023

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. [.

125

125

CSO Magazine

MAY 9, 2023

Global cybersecurity concerns are returning to pandemic levels as 68% of CISOs from 16 countries said they fear a cyberattack in the next 12 months, according to a ProofPoint survey. “With the disruption of the pandemic now largely behind us, the return to normal operations may imply that CISOs can breathe easier, but the opposite is true,” said Lucia Milică Stacy, Global Resident CISO of Proofpoint.

CISO 123

CISO Cybersecurity Risk 123

CyberSecurity Insiders

MAY 9, 2023

TechnologyOne, the Australia-based trading firm, has issued a statement stating that some of its systems were targeted by a cyber attack, as a result of which it halted the entire trading process, impacting millions of customers. Unconfirmed sources state that the attack is of the ransomware genre and has impacted a few of the servers related to the software maker.

Cyber Attacks 122

Cyber Attacks Media Ransomware Hacking 122

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

We Live Security

MAY 9, 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023 The post ESET APT Activity Report Q4 2022­–Q1 2023 appeared first on WeLiveSecurity

Threat Reports 121

Threat Reports 121

CyberSecurity Insiders

MAY 9, 2023

Microsoft is now an undoubted owner of the AI conversational tool ChatGPT developed by OpenAI. It was released in November last year and since then has faced backlash from a small sect of technology enthusiasts regarding privacy concerns. The Windows software producing giant has announced that it will be releasing a new version of the Chatbot ChatGPT in a few weeks that will address all the prevailing concerns regarding privacy.

Technology 122

Technology Software Cybersecurity Artificial Intelligence 122

Bleeping Computer

MAY 9, 2023

Today is Microsoft's May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws. [.

119

119

CyberSecurity Insiders

MAY 9, 2023

In today’s digital age, managing passwords has become increasingly complex. With the average internet user having more than 100 passwords to remember, it’s no wonder that people often resort to using weak passwords that are easy to remember or reuse the same passwords across multiple accounts. This can put personal and sensitive information at risk of being stolen by hackers.

Password Management 120

Password Management Passwords Authentication Accountability 120

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Boulevard

MAY 9, 2023

In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. According to one report, 82% of data breaches involved the human element, from social attacks to misuse of technologies. These errors are not always entirely preventable, as some level of human error is inevitable, but proper training in cybersecurity awareness can greatly.

Cybersecurity 119

Cybersecurity Data breaches Education Technology 119

Bleeping Computer

MAY 9, 2023

Cybersecurity and intelligence agencies from all Five Eyes member nations took down the infrastructure used by the Snake cyber-espionage malware operated by Russia's Federal Security Service (FSB). [.

Malware 118

Malware Cybersecurity 118

Security Boulevard

MAY 9, 2023

Protecting the software supply chain is now a major organizational priority. Two weapons in the arsenal to help protect against data breaches and digital attacks are software supply chain security and software composition analysis (SCA). Here’s a look at Software Supply Chain Security vs SCA. The world today runs on software and ensuring it is reliable.

Software 111

Software Data breaches Risk 111

eSecurity Planet

MAY 9, 2023

Passkeys have the potential to replace passwords for logging in to websites and applications. Instead of using “Password123!” you could be using your fingerprint, face recognition key, screen lock pin, or even an iris recognition to access your accounts passwordless. Passkeys are a lot easier to manage and are resistant to phishing , harvesting and other credential attacks, which is why it’s making its way into the mainstream as a more secure and convenient authentication method.

Authentication 110

Authentication Passwords Accountability Password Management 110

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

CSO Magazine

MAY 9, 2023

About 52% of chief information and security officers (CISOs) in the US and UK organizations are unable to fully secure their company secrets, according to a report by code security platform GitGuardian. The report pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.

CISO 108

CISO Risk Cybersecurity 108

We Live Security

MAY 9, 2023

As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital The post How the war in Ukraine has been a catalyst in private‑public collaborations appeared first on WeLiveSecurity

106

106

Heimadal Security

MAY 9, 2023

NextGen Healthcare, a U.S.-based provider of electronic health record software, notified its clients that threat actors breached its systems and stole the personal data of more than 1 million patients. The company reported a data breach to the Maine attorney general’s office, confirming that hackers gained access to the personal information of 1.05 million patients, […] The post Alert: NextGen Data Breach Puts 1 Million User Identities at Risk appeared first on Heimdal Security Blog.

Data breaches 105

Data breaches Risk Healthcare Software 105

Security Boulevard

MAY 9, 2023

One meeting I had at RSA Conference 2023 , was a briefing about a new partnership , announced this morning, between a top-rung Silicon Valley tech giant and the leading provider of digital trust. Related: Centralizing control of digital certificates … (more…) The post MY TAKE: DigiCert and Oracle partner to extend digital trust and scalable infrastructure globally appeared first on Security Boulevard.

Security Awareness 104

Security Awareness 104

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

MAY 9, 2023

The ransomware gang has also started using the BatLoader dropper and SEO poisoning for initial access.

Ransomware 103

Ransomware 103

Bleeping Computer

MAY 9, 2023

Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data. [.

Data breaches 101

Data breaches 101

The Hacker News

MAY 9, 2023

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months.

101

101

WIRED Threat Level

MAY 9, 2023

For a decade, a group called Big Pipes has worked behind the scenes with the FBI to target the worst cybercriminal “booter” services plaguing the internet.

Internet 99

Internet Internet Hacking 99

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!