Schneier on Security
MAY 17, 2023
Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has been enabled by default for over a decade on most Windows PCs sold by companies like Dell, Lenovo, HP, Acer, and others.
The Last Watchdog
MAY 17, 2023
Could cybersecurity someday soon be implemented as a business enabler, instead of continuing to be viewed as an onerous business expense? Related: Security sea-change wrought by ‘CMMC’ This would fit nicely with the ‘ stronger together ’ theme heralded at RSA Conference 2023. WithSecure is one cybersecurity vendor that is certainly on this path.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 17, 2023
Get technical details about how the cybercriminals are targeting this vulnerability, who is impacted, and how to detect and protect against this security threat. The post PaperCut vulnerability abused by several threat actors could impact 70,000 organizations appeared first on TechRepublic.
Bleeping Computer
MAY 17, 2023
Cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CSO Magazine
MAY 17, 2023
As digital transactions with customers, employees, suppliers, and other stakeholders grow, digital trustworthiness is set to become one of the most important enterprise-wide initiatives with the biggest potential impact (both negative and positive), even though it often has the smallest budget allocation. “Organizations are focusing on security and privacy, but if your customers don’t trust you, they will go elsewhere,” says Mark Thomas president of Escoute Consulting, which specializes in compl
CyberSecurity Insiders
MAY 17, 2023
by John Spiegel, Director of Strategy, Axis Security Gartner just released the 2023 version of their “Magic Quadrant” for Secure Service Edge or SSE. Cheers are being heard from the companies who scored upper righthand and jeers being shouted for those companies who did not enjoy where they landed on Gartner’s matrix. Over the next few months, there will be a lot of noise coming from all the vendors.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MAY 17, 2023
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) have published a joint advisory to inform organizations of the latest tactics, techniques, and procedures (TTPs) and known indicators of compromise (IOCs) of the BianLian ransomware group. [.
CyberSecurity Insiders
MAY 17, 2023
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cyberattacks have become increasingly common, with organizations of all types and sizes being targeted. The consequences of a successful cyberattack can be devastating.
Bleeping Computer
MAY 17, 2023
Technology provider ScanSource has announced it has fallen victim to a ransomware attack impacting some of its systems, business operations, and customer portals. [.
CyberSecurity Insiders
MAY 17, 2023
By Aaron Sandeen, CEO and co-founder at Securin In 2023, you can divide organizations into two categories: those who have been hit by a ransomware attack and those who will be soon. Ransomware is ubiquitous, inescapable, and—despite widespread efforts to combat it—ever-escalating. It has caused the death of patients in critical condition , disrupted the Colonial Pipeline supply on the East Coast , affected daily operations of entities as diverse as the San Francisco 49ers , the Costa Rican Gover
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MAY 17, 2023
Every day, coordinated cybercriminal groups are developing more advanced skills to hack organizations’ networks. The number of ransomware attacks has increased significantly, and it’s getting easier for sophisticated cybercriminal gangs to access companies’ data. As ransomware attacks become more refined and organizations are under rising threat, the stakes are high.
CyberSecurity Insiders
MAY 17, 2023
IBM has made a smart move to address the issue of cloud data protection by acquiring Polar Security, a company specializing in automated data protection. The tech giant has officially announced that this new acquisition will assist companies in tackling problems related to shadow data and software-as-a-service application data. With the increasing adoption of cloud technology by companies, organizations are struggling to manage the influx of information from cloud apps.
We Live Security
MAY 17, 2023
Before rushing to embrace the LLM-powered “hire”, make sure your organization has safeguards in place to avoid putting its business and customer data at risk The post Meet “AI”, your new colleague: could it expose your company’s secrets?
Security Boulevard
MAY 17, 2023
The new partnership enables Snyk and GitGuardian to build, integrate and go to market together to help development and security teams scale their security programs and significantly reduce their applications' attack surface at every stage of the code-to-cloud lifecycle. The post We’re Teaming Up With Snyk to Strengthen Developer Security! appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MAY 17, 2023
Microsoft has pulled a recent Microsoft Defender update that was supposed to fix a known issue triggering persistent restart alerts and Windows Security warnings that Local Security Authority (LSA) Protection is off. [.
Security Boulevard
MAY 17, 2023
A ransomware attack does more than just hold your data hostage. It can create situations that end up crippling your organization’s ability to move forward or make good, effective decisions quickly. Even those companies that have a ransomware response plan in place may wonder whether their decision to pay—or not to pay—a ransom is the. The post How Poker Skills Help Guide Ransomware Payment Decisions appeared first on Security Boulevard.
CyberSecurity Insiders
MAY 17, 2023
Scientists from Russia, working for Don State Technical University, have developed a new medium of communication through the technology of Quantum Teleportation. The researchers argue that the invention will play a vital role in protecting information from being stolen by hackers. Olga Safaryan, a professor at the Information Systems Cybersecurity Department, explained the theory with a small example.
CSO Magazine
MAY 17, 2023
With organizations increasingly adopting cloud-based services and applications, especially collaboration tools, attackers have pivoted their attacks as well. Microsoft services consistently rank at the top of statistics when it comes to malicious sign-in attempts, and Microsoft Teams is one application that recently seems to have attracted attackers' interest.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
CyberSecurity Insiders
MAY 17, 2023
The pervasive influence of Artificial Intelligence (AI) is propelling a remarkable wave of transformation across diverse sectors. As AI technologies become increasingly integrated, industries are witnessing unprecedented changes that enhance productivity, streamline operations, and optimize decision-making processes. The growing adoption of AI-driven solutions is catalyzing a profound shift across multiple sectors, ushering in a new era of work and driving innovation.
CSO Magazine
MAY 17, 2023
Financially motivated threat actor UNC3944 is using phishing and SIM swapping attacks to take over Microsoft Azure admin accounts and gain access to virtual machines (VM), according to cybersecurity firm Mandiant. Using access to virtual machines the attackers employed malicious use of the Serial Console on Azure Virtual Machines to install third-party remote management software within client environments, Mandiant said in a blog.
CyberSecurity Insiders
MAY 17, 2023
OpenAI CEO Sam Altman has expressed his concerns to the Senate that the use of AI without any limitations is a big cause for concern regarding the integrity of election processing to be held in November 2024. ChatGPT is turning into a significant area of concern as it evolves, said Sam in a briefing to the congressional committee inquiring about the boundless use of technology in related fields.
Malwarebytes
MAY 17, 2023
KeePass is a free open source password manager , which helps you to manage your passwords and stores them in encrypted form. In fact, KeePass encrypts the whole database, i.e. not only your passwords, but also your user names, URLs, notes, etc. That encrypted database can only be opened with the master password. You absolutely do not want an attacker to get hold of your master password, since that is basically the key to your kingdom—aka “all your passwords are belong to us.” H
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
MAY 17, 2023
Having the right processes in place before an attack happens helps organizations minimize damage and quickly restore normal operations. Learn 7 steps to achieve cyber resilience. The post 7 Steps to Establish a Resilient Data Protection Strategy appeared first on Security Boulevard.
Malwarebytes
MAY 17, 2023
An app designed to restrict screen time and add a “kids' mode” for children on smart devices has been found to have a broad range of security issues. The app, “Parental Control - Kids Place” is an Android app which is incredibly popular, sporting 5M+ downloads on its Google Play page. In terms of what the app does with user’s data, Play’s Data Safety page has this to say: No data shared with third parties Precise location, name and email, installed apps and ot
Security Boulevard
MAY 17, 2023
Could cybersecurity someday soon be implemented as a business enabler, instead of continuing to be viewed as an onerous business expense? Related: Security sea-change wrought by ‘CMMC’ This would fit nicely with the ‘ stronger together ’ theme heralded at … (more…) The post RSAC Fireside Chat: Achieving ‘outcome-based security’ by blending cybersecurity, business goals appeared first on Security Boulevard.
Dark Reading
MAY 17, 2023
Pending new SEC rules reinforce how integral cybersecurity is to modern business operations, and will help close the gap between security teams and those making policy decisions.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
MAY 17, 2023
This article was originally published in FIERCE Education on 5.9.23 by Charlie Sander, CEO at ManagedMethods. Education is particularly susceptible to cyber security events when compared to other industries Professors are on the front lines of detecting cybersecurity risks. It’s a common misconception that cybersecurity responsibility lies at the foot of the technology department’s door, […] The post In the News | Cyber Risks for Higher Ed and Strategies To Mitigate Them appeared first on M
The Hacker News
MAY 17, 2023
Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition.
Security Boulevard
MAY 17, 2023
IBM this week acquired Polar Security to add a data security posture management platform to its cybersecurity portfolio. Kevin Skapinetz, vice president of strategy and product management for IBM Security, said the acquisition give IBM an agentless approach to securing data stored in cloud applications. Investing in securing endpoints and network perimeters isn’t going to.
CSO Magazine
MAY 17, 2023
Over three-quarters (77%) of organizations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyberthreats in the last three years, according to new research from cybersecurity services firm Bridewell. The Cyber Security in CNI: 2023 report surveyed 525 cybersecurity decision makers in the US in the transport and aviation, utilities, finance, government, and communications sectors.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
240 
Let's personalize your content