Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev , a.k.a. “ Wazawaka ” and “ Boriselcin ” worked with three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies.

Ransomware 316

Ransomware Cybercrime VPN Healthcare 316

The Last Watchdog

MAY 16, 2023

Attack surface expansion translates into innumerable wide-open vectors of potential unauthorized access into company networks. Related: The role of legacy security tools Yet the heaviest volume of routine, daily cyber attacks continue to target a very familiar vector: web and mobile apps. At RSA Conference 2023 , I had the chance to meet with Paul Nicholson , senior director of product marketing and analyst relations at A10 Networks.

Mobile 214

Mobile Cloud Migration Marketing Firewall 214

Tech Republic Security

MAY 16, 2023

Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses. The post The top 6 enterprise VPN solutions to use in 2023 appeared first on TechRepublic.

VPN 187

VPN Software 187

Duo's Security Blog

MAY 16, 2023

What do Duo and the Guardians of the Galaxy have in common? They’re superheroes who save their galaxies from unexpected threats. Tech smarts and teamwork are critical to superhero-level protection, no matter what threats you’re facing. How do you protect your galaxy against cyber attacks? In Marvel Studios’ Guardians of the Galaxy Vol. 3, Groot is locked and loaded with bigger and more advanced skills, Mantis has opened up and embraced her powers to help protect her family, and Nebula has brand-

Cyber Attacks 145

Cyber Attacks Cybersecurity Engineering 145

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

MAY 16, 2023

IBM acquired the Israeli firm founded in 2021 to grow its relevance in the nascent realm of data security posture management, or DSPM. The post IBM snags Polar Security to boost cloud data practice appeared first on TechRepublic.

Big data 174

Big data Cybersecurity 174

Bleeping Computer

MAY 16, 2023

A financially motivated cybergang tracked by Mandiant as 'UNC3944' is using phishing and SIM swapping attacks to hijack Microsoft Azure admin accounts and gain access to virtual machines. [.

Phishing 142

Phishing Accountability 142

SecureList

MAY 16, 2023

Kaspersky offers various services to organizations that have been targeted by cyberattackers, such as incident response, digital forensics, and malware analysis. In our annual incident response report, we share information about the attacks that we investigated during the reporting period. Data provided in this report comes from our daily interactions with organizations seeking assistance with full-blown incident response or complementary expert services for their internal incident response team

Ransomware 140

Ransomware Encryption Security Awareness Passwords 140

Security Boulevard

MAY 16, 2023

Insecure applications come with a cost that can be measured in billions of dollars of losses. I recently spoke with Brook Schoenfield, a distinguished engineer who quietly describes himself as an “Elder AppSec Diplomat,” on the eve of the RSA Conference. Schoenfield is the quintessential walking, talking go-to resource on anything involved with application security.

Engineering 133

Engineering Cybersecurity 133

Dark Reading

MAY 16, 2023

Cyberattckers can easily exploit a command-injection bug in the popular device, but Belkin has no plans to address the security vulnerability.

132

132

Trend Micro

MAY 16, 2023

An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023.

IoT 129

IoT Mobile Internet Internet 129

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Dark Reading

MAY 16, 2023

Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems.

126

126

We Live Security

MAY 16, 2023

Why do people still download files from sketchy places and get compromised as a result?

Software 122

Software Malware 122

Bleeping Computer

MAY 16, 2023

Cybersecurity researchers and IT admins have raised concerns over Google's new ZIP and MOV Internet domains, warning that threat actors could use them for phishing attacks and malware delivery. [.

Cybersecurity 122

Cybersecurity Phishing Internet Internet 122

Security Boulevard

MAY 16, 2023

Your Tinfoil Hat is Under Your Seat: Prepare to have your face scanned at airport security. Are the privacy concerns justified? The post TSA Facial Recognition Pilot Flies Solo at U.S. Airports appeared first on Security Boulevard.

Social Engineering 111

Social Engineering Security Awareness Engineering Technology 111

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Bleeping Computer

MAY 16, 2023

A Chinese state-sponsored hacking group named "Camaro Dragon" infects residential TP-Link routers with a custom "Horse Shell" malware used to attack European foreign affairs organizations. [.

Firmware 113

Firmware Malware Hacking 113

Naked Security

MAY 16, 2023

Yes, it's a buffer overflow bug. No, it's not going get fixed.

106

106

Bleeping Computer

MAY 16, 2023

Apple's App Store team prevented more than $2 billion in transactions tagged as potentially fraudulent and blocked almost 1.7 million app submissions for privacy, security, and content policy violations in 2022. [.

106

106

Graham Cluley

MAY 16, 2023

Twitter's new "encrypted DM" feature is a costly (and weaker) alternative to proper end-to-end encrypted messages.

Encryption 103

Encryption 103

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

MAY 16, 2023

Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.

IoT 103

IoT 103

WIRED Threat Level

MAY 16, 2023

The Meta-owned app offers end-to-end encryption of texts, images, and more by default—but its settings aren't as private as they could be.

Encryption 101

Encryption 101

Bleeping Computer

MAY 16, 2023

Microsoft is investigating major speed issues affecting L2TP/IPsec VPN connections after installing recent Windows 11 updates. [.

VPN 99

VPN 99

Security Affairs

MAY 16, 2023

Experts found multiple vulnerabilities in Teltonika industrial cellular routers that could expose OT networks to cyber attacks. A joint analysis conducted by industrial cybersecurity firms Claroty and O torio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks. Teltonika Networks is a leading manufacturer of networking solutions, widely adopted in industrial environments, including gateways, LTE routers, and modems.

Hacking 98

Hacking Internet Internet Manufacturing 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Heimadal Security

MAY 16, 2023

PharMerica, the second largest provider of institutional pharmacy services in the United States, confirmed that it suffered a data breach that exposed the personal information of 5,815,591 people. The company started sending notices to the impacted individuals on the 12th of May, and it seems that the incident occurred in March 2023. On March 14, […] The post PharMerica Cyber Incident Exposes 5.8 M People’s Data appeared first on Heimdal Security Blog.

Data breaches 98

Data breaches Cybersecurity 98

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. Since January 2023, Check Point Research monitored a series of targeted attacks aimed at European foreign affairs entities that have been linked to the China-linked cyberespionage group Mustang Panda (aka Camaro Dragon, RedDelta or “Bronze President).

Firmware 98

Firmware Encryption Government Malware 98

Identity IQ

MAY 16, 2023

The Growing Threat of Google Voice Scams IdentityIQ Imagine this: You’re eagerly selling an antique dresser on Facebook Marketplace and a prospective buyer communicates interest in it. However, they express concern that you may be trying to scam them. In an effort to establish your credibility as a legitimate seller, they request you confirm your identity with a verification code.

Scams 98

Scams Identity Theft Accountability Authentication 98

Security Affairs

MAY 16, 2023

Ukraine’s President Zelensky and the country’s Council of National Security introduced new sanctions against individuals and businesses. Ukraine’s President Volodymyr Zelensky and the country’s Council of National Security introduced new sanctions against 351 Russian individuals and 241 business entities. The list of sanctioned entities comprises IT companies operating within the Russian Federation, notably Gazpromneft IT Solutions, RT-Invest Transport Systems, InnoTech, Softline Trade, Zericode

Government 98

Government Hacking Cybersecurity Information Security 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

MAY 16, 2023

Healthcare cybersecurity regulations, like HIPAA compliance and the. The post HIPAA Compliant Cloud Services for Healthcare appeared first on EasyDMARC. The post HIPAA Compliant Cloud Services for Healthcare appeared first on Security Boulevard.

Healthcare 98

Healthcare Cybersecurity 98

Security Affairs

MAY 16, 2023

French electronics manufacturer Lacroix Group shut down three plants after a cyber attack, experts believe it was the victim of a ransomware attack. The French electronics manufacturer Lacroix Group shut down three facilities in France, Germany, and Tunisia in response to a cyber attack. The group designs and manufactures electronic equipment for its customers in multiple sectors, including the automotive, aerospace, industrial, and health sectors.

Manufacturing 98

Manufacturing Ransomware Cyber Attacks Backups 98

The Hacker News

MAY 16, 2023

A Russian national has been charged and indicted by the U.S. Department of Justice (DoJ) for launching ransomware attacks against "thousands of victims" in the country and across the world.

Ransomware 98

Ransomware 98

Security Affairs

MAY 16, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added seven new flaws to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog : CVE-2023-25717 – Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component.

Wireless 98

Wireless DDOS Cybersecurity Hacking 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!