Schneier on Security
MAY 31, 2023
Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon , accesses target networks and evades detection.
The Last Watchdog
MAY 31, 2023
The world of Identity and Access Management ( IAM ) is rapidly evolving. Related: Stopping IAM threats IAM began 25 years ago as a method to systematically grant human users access to company IT assets. Today, a “user” most often is a snippet of code seeking access at the cloud edge. At the RSAC Conference 2023 , I sat down with Venkat Raghavan , founder and CEO of start-up Stack Identity.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 31, 2023
Best practices for securing your Mac against potential hacks and security vulnerabilities include enabling the firewall, using strong passwords and encryption, and enabling Lockdown Mode. The post 8 best practices for securing your Mac from hackers in 2023 appeared first on TechRepublic.
Bleeping Computer
MAY 31, 2023
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MAY 31, 2023
Researchers at Akamai’s Security Intelligence unit find a botnet specimen that reveals how successful DDoS, spam and other cyberattacks can be done with little finesse, knowledge or savvy. The post Threatening botnets can be created with little code experience, Akamai finds appeared first on TechRepublic.
Bleeping Computer
MAY 31, 2023
Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MAY 31, 2023
Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years. [.
Tech Republic Security
MAY 31, 2023
Cloud computing brings many business benefits, but it’s essential to know how to protect your data and operations. The post Learn how to protect your company from cyberattacks for just $46 appeared first on TechRepublic.
Security Boulevard
MAY 31, 2023
Cybersecurity is full of acronyms. So many, in fact, that I would be hard-pressed to find someone who knows what they all stand for or clearly explain the subtle differences between many of them. Let’s not forget to mention the cybersecurity industry is still evolving at a quick pace, meaning new lingo, technology and acronyms. The post Attack Surface Management Vs.
Bleeping Computer
MAY 31, 2023
A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" on the Russian-speaking forum RAMP (short for Russian Anonymous Marketplace). [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Graham Cluley
MAY 31, 2023
RaidForums, the notorious hacking and data leak forum seized and shut down by the authorities back in April 2022, is - perhaps surprisingly - at the centre of another cybersecurity breach.
Bleeping Computer
MAY 31, 2023
Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. [.
Dark Reading
MAY 31, 2023
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
Bleeping Computer
MAY 31, 2023
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab, a popular Python library used by numerous projects to generate PDF files from HTML input. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
MAY 31, 2023
This blog was jointly written with Alejandro Prada and Ofer Caspi. Executive summary SeroXen is a new Remote Access Trojan (RAT) that showed up in late 2022 and is becoming more popular in 2023. Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a monthly license or $60 for a lifetime bundle, making it accessible.
Security Boulevard
MAY 31, 2023
As the pace of application development accelerates, IT and security teams are losing faith in old application security (AppSec) tools. Legacy tools can’t keep up and are stuck in a perpetual game of catch-up, according to a Backslash survey of 300 CISOs, AppSec managers and engineers. The impact is far-reaching, with most organizations seeing widespread.
CyberSecurity Insiders
MAY 31, 2023
A cyber-attack has made the staff of Idaho Falls Community Hospitals to divert emergency ambulances elsewhere as it is struggling to mitigate the risks associated with the incident. Although the 88-bed hospital is taking good care of the inhouse patients and staffers, it is unable to share the same care to the new patients, as its digital infrastructure is crippling and its data systems are down to render any update.
Security Boulevard
MAY 31, 2023
External attack surface management (EASM) has become a vital strategy for improving cybersecurity, particularly amid recession fears that have stressed the business landscape across several sectors for many months. The task is now more challenging: According to a report by cyberinsurance provider Beazley, network attacks rose in the first quarter of 2023.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Naked Security
MAY 31, 2023
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.
CyberSecurity Insiders
MAY 31, 2023
According to experts from Digital Watchdog RDI, solar panels are now vulnerable to cyber attacks, with hackers targeting the vulnerabilities in the inverters that store energy for powering smartphones, laptops, and small electrical gadgets. This conclusion was reached after a comprehensive assessment of inverters from eight different manufacturers, revealing that none of them met even the basic security standards.
CSO Magazine
MAY 31, 2023
Researchers warn that the UEFI firmware in many motherboards made by PC hardware manufacturer Gigabyte injects executable code inside the Windows kernel in an unsafe way that can be abused by attackers to compromise systems. Sophisticated APT groups are abusing similar implementations in the wild. "While our ongoing investigation has not confirmed exploitation by a specific threat actor, an active widespread backdoor that is difficult to remove poses a supply chain risk for organizations with Gi
Malwarebytes
MAY 31, 2023
A series of security errors and mishaps has cost personal loan provider OneMain $4.25m in penalties, issued by the New York State department of financial services. The fines, coming at the end of a detailed investigation into how security practices at the company were determined to be below-par, serve as a timely warning to other organisations. OneMain experienced “at least” three security incidents over three years, from 2018 to 2020.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
CSO Magazine
MAY 31, 2023
Improperly deactivated and unmaintained Salesforce sites are vulnerable to threat actors who can gain access to sensitive business data and personally identifiable information (PII) by simply changing the host header. That’s according to new research from Varonis Threat Labs, which explores the threats posed by Salesforce “ghost sites” that are no longer needed, set aside, but not deactivated.
Security Boulevard
MAY 31, 2023
Synopsys named a winner in the Application Security Organization category for a 2023 Fortress Cyber Security Award. The post Synopsys named in 2023 Fortress Cyber Security Awards appeared first on Security Boulevard.
Malwarebytes
MAY 31, 2023
On May 18, 2023, Apple published security content for macOS Ventura 13.4 , macOS Monterey 12.6.6 , and macOS Big Sur 11.7.7 that addressed a logic issue in libxpc. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE we are going to discuss is listed as CVE-2023-32369 , which allows an app to modify protected parts of the macOS file system.
Security Boulevard
MAY 31, 2023
The post 4 Low-Code Security Automation Benefits For Your SecOps appeared first on Low-Code Security Automation & SOAR Platform | Swimlane. The post 4 Low-Code Security Automation Benefits For Your SecOps appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
MAY 31, 2023
The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam. [.
The Hacker News
MAY 31, 2023
Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue.
Security Boulevard
MAY 31, 2023
In early 2023, CISA launched their Ransomware Vulnerability Awareness Pilot (RVWP). It’s designed to warn critical infrastructure (CI) entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors. The plan is to identify affected systems that may be prevalent in CI networks, then notify operators about potential risk of exploitation.
Malwarebytes
MAY 31, 2023
The Idaho Falls Community Hospital fell victim to a cyberattack on Monday May 29, 2023. As a result, the hospital had to divert ambulances to other nearby hospitals and close some of its clinics. The hospital is keeping the public updated through its website and Facebook page. “Our commitment to our patients’ well-being continues to remain our top priority.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
197 
Let's personalize your content