Krebs on Security

MAY 9, 2023

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction.

Malware 213

Malware Software Internet Internet 213

Schneier on Security

MAY 9, 2023

Another nation-state malware , Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial control systems (ICSs).

Malware 210

Malware Cybersecurity 210

Krebs on Security

MAY 9, 2023

The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “ booter ” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters.

DDOS 212

DDOS Cybercrime Internet Internet 212

The Last Watchdog

MAY 9, 2023

One meeting I had at RSA Conference 2023 , was a briefing about a new partnership , announced this morning, between a top-rung Silicon Valley tech giant and the leading provider of digital trust. Related: Centralizing control of digital certificates I had the chance to sit down with Deepika Chauhan , DigiCert’s Chief Product Officer, and Mike Cavanagh , Oracle’s Group Vice President, ISV Cloud for North America.

Cloud Migration 196

Cloud Migration Digital transformation Engineering Retail 196

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 9, 2023

Changing an Apple ID password typically isn't as simple as just entering a replacement password. Prepare more effectively for the process by remembering three key facts. The post Apple ID: 3 things to remember when changing this password appeared first on TechRepublic.

Passwords 169

Passwords Big data Mobile Cybersecurity 169

Duo's Security Blog

MAY 9, 2023

Principal Product Designer Jake Ingman feels lucky that he’s been able to find a role that combines his passion for cybersecurity, design and engineering. Bringing Minnesota nice to a kinder than necessary culture that values design has allowed Ingman to infuse Duo products with empathy while defining his product design career path. If that’s the way you want to innovate, check out our open roles.

Engineering 144

Engineering Cybersecurity 144

Bleeping Computer

MAY 9, 2023

Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems. [.

Malware 138

Malware 138

CSO Magazine

MAY 9, 2023

Global cybersecurity concerns are returning to pandemic levels as 68% of CISOs from 16 countries said they fear a cyberattack in the next 12 months, according to a ProofPoint survey. “With the disruption of the pandemic now largely behind us, the return to normal operations may imply that CISOs can breathe easier, but the opposite is true,” said Lucia Milică Stacy, Global Resident CISO of Proofpoint.

CISO 123

CISO Cybersecurity Risk 123

Bleeping Computer

MAY 9, 2023

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system. [.

132

132

CyberSecurity Insiders

MAY 9, 2023

TechnologyOne, the Australia-based trading firm, has issued a statement stating that some of its systems were targeted by a cyber attack, as a result of which it halted the entire trading process, impacting millions of customers. Unconfirmed sources state that the attack is of the ransomware genre and has impacted a few of the servers related to the software maker.

Cyber Attacks 122

Cyber Attacks Media Cybersecurity Ransomware 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

MAY 9, 2023

Cybersecurity and intelligence agencies from all Five Eyes member nations took down the infrastructure used by the Snake cyber-espionage malware operated by Russia's Federal Security Service (FSB). [.

Malware 128

Malware Cybersecurity 128

CyberSecurity Insiders

MAY 9, 2023

Microsoft is now an undoubted owner of the AI conversational tool ChatGPT developed by OpenAI. It was released in November last year and since then has faced backlash from a small sect of technology enthusiasts regarding privacy concerns. The Windows software producing giant has announced that it will be releasing a new version of the Chatbot ChatGPT in a few weeks that will address all the prevailing concerns regarding privacy.

Technology 122

Technology Software Cybersecurity Artificial Intelligence 122

We Live Security

MAY 9, 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023 The post ESET APT Activity Report Q4 2022­–Q1 2023 appeared first on WeLiveSecurity

Threat Reports 120

Threat Reports 120

Bleeping Computer

MAY 9, 2023

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. [.

134

134

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MAY 9, 2023

In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. According to one report, 82% of data breaches involved the human element, from social attacks to misuse of technologies. These errors are not always entirely preventable, as some level of human error is inevitable, but proper training in cybersecurity awareness can greatly.

Cybersecurity 116

Cybersecurity Data breaches Education Technology 116

Bleeping Computer

MAY 9, 2023

Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data. [.

Data breaches 109

Data breaches 109

Security Boulevard

MAY 9, 2023

Protecting the software supply chain is now a major organizational priority. Two weapons in the arsenal to help protect against data breaches and digital attacks are software supply chain security and software composition analysis (SCA). Here’s a look at Software Supply Chain Security vs SCA. The world today runs on software and ensuring it is reliable.

Software 109

Software Data breaches Risk 109

CSO Magazine

MAY 9, 2023

About 52% of chief information and security officers (CISOs) in the US and UK organizations are unable to fully secure their company secrets, according to a report by code security platform GitGuardian. The report pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.

CISO 108

CISO Risk Cybersecurity 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MAY 9, 2023

A new malware botnet named 'AndoryuBot' is targeting a critical-severity flaw in the Ruckus Wireless Admin panel to infect unpatched Wi-Fi access points for use in DDoS attacks. [.

DDOS 103

DDOS Malware Wireless 103

We Live Security

MAY 9, 2023

As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital The post How the war in Ukraine has been a catalyst in private‑public collaborations appeared first on WeLiveSecurity

103

103

Bleeping Computer

MAY 9, 2023

Microsoft has released the Windows 10 KB5026361 and KB5026362 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix problems and add new features to the operating system. [.

Software 105

Software 105

Security Boulevard

MAY 9, 2023

One meeting I had at RSA Conference 2023 , was a briefing about a new partnership , announced this morning, between a top-rung Silicon Valley tech giant and the leading provider of digital trust. Related: Centralizing control of digital certificates … (more…) The post MY TAKE: DigiCert and Oracle partner to extend digital trust and scalable infrastructure globally appeared first on Security Boulevard.

Security Awareness 103

Security Awareness 103

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

MAY 9, 2023

Today is Microsoft's May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws. [.

125

125

Naked Security

MAY 9, 2023

What can you do if someone steals your keys but you can't change the lock? We explain the dilemma in plain English.

128

128

Bleeping Computer

MAY 9, 2023

The National Police of Spain have arrested two hackers, 15 members of a criminal organization, and another 23 people involved in illegal financial operations in Madrid and Seville for alleged bank scams. [.

Phishing 101

Phishing Scams Banking 101

Security Boulevard

MAY 9, 2023

On May 4, 2023, U.S. District Judge William Orrick sentenced former Uber CISO and former DOJ cybercrime prosecutor Joe Sullivan to three years of probation and 200 hours of community service for his role in concealing a massive data breach at Uber from the public and from the FTC. While the court rejected the government’s. The post A CISO Employment Contract May Mean the Difference Between Success and Jail appeared first on Security Boulevard.

CISO 98

CISO Data breaches Cybercrime Cybersecurity 98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

MAY 9, 2023

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months.

99

99

Malwarebytes

MAY 9, 2023

It’s that time of the month again: We're looking at May's Patch Tuesday roundup. Microsoft has released its monthly update, and while the total number of patched vulnerabilities is relatively low at 38, among them are three zero-day vulnerabilities. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

Malware 98

Malware Software Ransomware Cybersecurity 98

Security Affairs

MAY 9, 2023

A DDoS botnet dubbed AndoryuBot has been observed exploiting an RCE, tracked as CVE-2023-25717, in Ruckus access points. FortiGuard Labs researchers have recently observed a spike in attacks attempting to exploit the Ruckus Wireless Admin remote code execution vulnerability tracked as CVE-2023-25717. The activity is associated with a known DDoS botnet tracked as AndoryuBot that first appeared in February 2023.

DDOS 97

DDOS Wireless Architecture Advertising 97

The Hacker News

MAY 9, 2023

The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022.

Government 97

Government 97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.