Thu.Mar 16, 2023

article thumbnail

Why We Need To Talk About DigitALL

Jane Frankland

Last week, on March 8, many of us celebrated International Women’s Day (IWD). As many people know, it’s an important day which is used as a focal point in the women’s rights movement, bringing attention to issues such as gender equality, reproductive rights, and violence and abuse against women. All people are encouraged to participate, and in some countries people even celebrate it as a national holiday.

Education 130
article thumbnail

Scams Lost US $10 BILLION in 2022 — Crypto Fraud Grows Fast

Security Boulevard

Ben is disappointed: FBI reports huge rise in cryptocurrency investment scams. Why am I not surprised? The post Scams Lost US $10 BILLION in 2022 — Crypto Fraud Grows Fast appeared first on Security Boulevard.

Scams 140
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Biden administration may eye CSPs to improve security, but the real caveat emptor? Secure thyself

Tech Republic Security

While the administration may look to strengthen security against cyberattackers for cloud providers, like Amazon, Microsoft and Google, experts say the onus is on the customer. The post The Biden administration may eye CSPs to improve security, but the real caveat emptor? Secure thyself appeared first on TechRepublic.

article thumbnail

Microsoft shares script to fix WinRE BitLocker bypass flaw

Bleeping Computer

Microsoft has released a script to make it easier to patch a BitLocker bypass security vulnerability in the Windows Recovery Environment (WinRE). [.

132
132
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Electronic communication policy

Tech Republic Security

This policy from TechRepublic Premium provides guidelines for the appropriate use of electronic communications. It covers topics such as privacy, confidentiality and security; ensures electronic communications resources are used for appropriate purposes; informs employees regarding the applicability of laws and company policies to electronic communications; and prevents disruptions to and misuse of company electronic communications.

117
117
article thumbnail

SECURITY ALERT: Actively Exploited Microsoft Outlook Vulnerability Imperils Microsoft 365 Apps

Heimadal Security

The cyber-research community raises concerns over an unpatched vulnerability that puts the Microsoft 365 suite at risk. Earmarked CVE-2023-23397, the vulnerability allows an unauthenticated threat actor to obtain the user’s credentials by passing along a crafted email package. Research suggests that the bug, which was formally attributed to a Microsoft Outlook component, has a high […] The post SECURITY ALERT: Actively Exploited Microsoft Outlook Vulnerability Imperils Microsoft 365 Apps a

Risk 109

More Trending

article thumbnail

Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets

Bleeping Computer

Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars. [.

Mobile 113
article thumbnail

Why red team exercises for AI should be on a CISO's radar

CSO Magazine

AI and machine learning (ML) capabilities present a huge opportunity for digital transformation but open yet another threat surface that CISOs and risk professionals will have to keep tabs on. Accordingly, CISOs will need to direct their teams to conduct red team exercises against AI models and AI-enabled applications — just as security teams do with any traditional application, platform, or IT system.

CISO 106
article thumbnail

Microsoft support 'cracks' Windows for customer after activation fails

Bleeping Computer

In an unexpected twist, a Microsoft support engineer resorted to running an unofficial 'crack' on a customer's Windows PC after a genuine copy of the operating system failed to activate normally. It seems, this isn't the first time either that a Microsoft support professional has employed such workarounds. [.

article thumbnail

Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips

The Hacker News

Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction.

99
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft unveils AI-powered Microsoft 365 Copilot assistant

Bleeping Computer

Microsoft has announced a new assistant powered by artificial intelligence to help boost productivity across Microsoft 365 apps, currently being tested by select commercial customers. [.

article thumbnail

How to Protect Your Company in a ChatGPT World

Security Boulevard

With the potential to be as game-changing as the internet, smartphones and cloud computing, the emergence of generative AI tools like ChatGPT and GitHub CoPilot will undoubtedly open up new possibilities and challenges for companies. The swift and sweeping advancement of AI has raised the stakes for those looking to leverage this technology responsibly while.

article thumbnail

BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion

Dark Reading

The ransomware group has already claimed 116 victim organizations so far on its site, and it continues to mature as a thriving cybercriminal business, researchers said.

article thumbnail

SASE 101: Understanding the Fundamentals of Secure Access Service Edge

Heimadal Security

In today’s digital age, businesses are increasingly moving their operations to the cloud. However, with this shift comes numerous security risks that can compromise sensitive data and confidential information. That’s where Secure Access Service Edge (SASE) comes in: a cutting-edge technology that promises to revolutionize cybersecurity by providing secure access to any application, anytime and […] The post SASE 101: Understanding the Fundamentals of Secure Access Service Edge a

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

The Top Cybersecurity Grants for Education and How To Apply for Them

Security Boulevard

Cyber safety challenges — and the often-pricey tools designed to overcome them — are a fact of life. Sure, the cheapest cybersecurity solution is to just give up using every piece of technology that poses any sort of risk — but that would leave your school with chalkboards and paper spreadsheets. Suffice it to say […] The post The Top Cybersecurity Grants for Education and How To Apply for Them appeared first on ManagedMethods.

article thumbnail

CISA Warns of Adobe ColdFusion Vulnerability Exploited in the Wild

Heimadal Security

On March 15, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The said vulnerability impacts Adobe ColdFusion and is actively exploited by threat actors. Details on the Vulnerability The flaw in question is CVE-2023-26360, with a CVSS score of 8.6. The vulnerability can be […] The post CISA Warns of Adobe ColdFusion Vulnerability Exploited in the Wild appeared first on Heimdal Security Blog.

article thumbnail

When and how to report a breach to the SEC

CSO Magazine

New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security incidents. Under the proposal, the SEC would implement three new rules that public companies will need to follow: A requirement that companies report any cybersecurity event within four business days of determining that it was a ma

Risk 94
article thumbnail

Hackers shifting cybercrime focus towards smart phones and tablets

CyberSecurity Insiders

All these days, we have seen cyber criminals infiltrating networks and taking down computers. But after the spread of the Covid-19 pandemic, the focus of hackers has shifted more towards the smart phones with more phishing and social engineering attacks recorded in a 2nd quarter of 2022. Embedding malicious links in social media, emails, apps and SMS is making hackers target tech savvy individuals, thus taking this crime industry to a multi-billion-dollar business.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

Naked Security

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English. just like old times, with Duck and Chet!

article thumbnail

For Sale: Data Supposedly Coming from the US Marshals Service Hack

Heimadal Security

Threat actors are selling what they pretend to be data stolen from U.S. Marshals Service (USMS) servers in an incident that happened earlier this year. The post appeared on March 15 on a Russian-speaking hacking forum and advertises hundreds of gigabytes of information. USMS is part of the Justice Department and offers assistance to the […] The post For Sale: Data Supposedly Coming from the US Marshals Service Hack appeared first on Heimdal Security Blog.

Hacking 89
article thumbnail

CISA adds Adobe ColdFusion bug to Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added an actively exploited vulnerability in Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Adobe ColdFusion, tracked as CVE-2023-26360 (CVSS score: 8.6), to its Known Exploited Vulnerabilities Catalog. This week Adobe released security updates for ColdFusion versions 2021 and 2018 to resolve the critical flaw CVE-2023-26360 that was exploited in very limited attacks.

Hacking 93
article thumbnail

Australia’s Latitude Financial Hit by Cyberattack, Exposing 328K Client Data

Heimadal Security

On Thursday, Latitude Group Holdings, an Australian company that handles digital payments and loans, revealed that a hacker had obtained the personal information of around 328,000 clients from two service providers by using staff login credentials. Around 103,000 identification documents were stolen from the first service provider, with over 97% of them being copies of […] The post Australia’s Latitude Financial Hit by Cyberattack, Exposing 328K Client Data appeared first on Heimdal Securi

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Polish intelligence dismantled a network of Russian spies

Security Affairs

Polish intelligence dismantled a cell of Russian spies that gathered info on military equipment deliveries to Ukraine via the EU member. Polish counter-intelligence has dismantled a cell of Russian spies that gathered information on the provisioning of military equipment to Ukraine via the EU member. “The ABW counter-intelligence agency has arrested nine people suspected of working for the Russian secret service,” Poland’s Interior Minister Mariusz Kaminski told reporters.

Media 93
article thumbnail

Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection

The Hacker News

Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver commercial adversary simulation software.

Malware 89
article thumbnail

Baseband RCE flaws in Samsung’s Exynos chipsets expose devices to remote hack

Security Affairs

Google’s Project Zero hackers found multiple flaws in Samsung ’s Exynos chipsets that expose devices to remote hack with no user interaction. White hat hackers at Google’s Project Zero unit discovered multiple vulnerabilities Samsung ’s Exynos chipsets that can be exploited by remote attackers to compromise phones without user interaction. The researchers discovered a total of eighteen vulnerabilities, the four most severe of these flaws (CVE-2023-24033 and three other vulnerabilities that

Hacking 92
article thumbnail

Ethics in AI: The Missing Code

Security Boulevard

As part of its push toward artificial intelligence, Microsoft laid off more than 10,000 employees and spent billions on acquiring AI tech. Among those laid off were the seven-member team in their Office of Responsible AI. While the software company indicated that they remain “committed to developing AI products and experiences safely and responsibly,” that.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

What's Wrong with Manufacturing?

The Hacker News

In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this.

article thumbnail

Convincing Twitter 'quote tweet' phone scam targets bank customers

Bleeping Computer

A convincing Twitter scam is targeting bank customers by abusing the quote-tweets feature, as observed by BleepingComputer. The scam preys on customers tweeting to their banks—such as to raise a complaints. But these customers instead receive a reply from the scammer, via a quote-tweet, urging them to call the scammer's "helpline." [.

Scams 97
article thumbnail

Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration

The Hacker News

The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aimed at containerized environments to ultimately steal proprietary data and software.

article thumbnail

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

Microsoft’s Patch Tuesday for March 2023 includes patches for more than 70 vulnerabilities, including zero-day flaws in Outlook and in Windows SmartScreen. According to Crowdstrike researchers , 40 percent of the patched vulnerabilities are remote code execution flaws, down from 48 percent last month; 31 percent are elevation of privilege flaws, up from almost 16 percent last month; and 22 percent are information disclosure flaws, up from 10 percent last month.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.