Krebs on Security

AUGUST 9, 2022

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to en

Authentication 311

Authentication Internet Internet Cyber threats 311

Tech Republic Security

AUGUST 9, 2022

Learn how to reset your Windows 10 password whether you use a Microsoft Account or a local account. The post How to reset your Windows 10 password when you forget it appeared first on TechRepublic.

Passwords 206

Passwords Accountability Software 206

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever.

Data privacy 145

Data privacy Encryption Data breaches Insurance 145

Tech Republic Security

AUGUST 9, 2022

Scammers pretend to be highly skilled computer professionals and establish trust with their victim in order to obtain money or installation of fraudulent software. The post Technical support scam still alive and kicking appeared first on TechRepublic.

Scams 200

Scams Software Cybersecurity 200

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

AUGUST 9, 2022

Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel , which is considered a division of the Lazarus APT Group, . North Korean nation-state actors used Maui ransomware to encrypt servers providing healthcare services, including electronic health records services, diagnostics services, imaging services, and intranet servic

Ransomware 143

Ransomware Computers and Electronics Healthcare Malware 143

Tech Republic Security

AUGUST 9, 2022

With EaseUS Partition Master, a well-designed interface helps make technical partition management tasks easy to manage. The post EaseUS Partition Master: Partition management software review appeared first on TechRepublic.

Software 148

Software 148

SecureList

AUGUST 9, 2022

On July 7, 2022, the CISA published an alert, entitled, “ North Korean State-Sponsored Cyber Actors Use Maui Ransomware To Target the Healthcare and Public Health Sector ,” related to a Stairwell report, “ Maui Ransomware.” Later, the Department of Justice announced that they had effectively clawed back $500,000 in ransom payments to the group, partly thanks to new legislation.

Ransomware 141

Ransomware Malware Healthcare Encryption 141

Javvad Malik

AUGUST 9, 2022

Twilio was recently compromised after a couple of employees handed over their credentials to an attacker. The unsuspecting employees were targeted by a Smishing attack in which they received a text message on their phone saying their passwords had expired and they needed to re-authenticate. A useful link was provided which took the employees to a spoofed page into which they entered their credentials.

Passwords 140

Passwords Authentication Security Awareness 140

The Hacker News

AUGUST 9, 2022

As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity.

139

139

Cisco Security

AUGUST 9, 2022

Introduction. During our threat hunting exercises in recent months, we’ve started to observe a distinguishing pattern of msiexec.exe usage across different endpoints. As we drilled down to individual assets, we found traces of a recently discovered malware called Raspberry Robin. The RedCanary Research Team first coined the name for this malware in their blog post, and Sekoia published a Flash Report about the activity under the name of QNAP Worm.

Accountability 139

Accountability Malware 139

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

AUGUST 9, 2022

Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch Tuesday security updates for August 2022 addressed 118 CVEs in multiple products, including.NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Recovery, Azure Sphere, Microsoft ATA Port Driver, Microsoft Bluetooth Driver, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microso

Media 134

Media Social Engineering Engineering Internet 134

Security Boulevard

AUGUST 9, 2022

Messaging apps like Discord and Telegram have become a conduit for malware, as their popularity grows among users who want to create and share programs on the platforms. These bots may facilitate automating tasks like gaming, media sharing and the moderation of channels, but they also provide cybercriminals with a platform from which to spread. The post Malware Families Love Telegram, Discord as Much as Users appeared first on Security Boulevard.

Malware 134

Malware Media Security Awareness Mobile 134

SecureBlitz

AUGUST 9, 2022

In this post, we want to take a look at the PassHulk password manager. Read on for the PassHulk review. Read more. The post PassHulk Password Manager Review appeared first on SecureBlitz Cybersecurity.

Password Management 129

Password Management Passwords Cybersecurity 129

Security Boulevard

AUGUST 9, 2022

Twilio (NYSE:TWLO) customer data has leaked—after a simple phishing attack on employees. The post Twilio Fails Simple Test — Leaks Private Data via Phishing appeared first on Security Boulevard.

Phishing 126

Phishing Social Engineering Engineering Security Awareness 126

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Bleeping Computer

AUGUST 9, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation. [.].

Cybersecurity 126

Cybersecurity Healthcare 126

Security Boulevard

AUGUST 9, 2022

Defending from Both Directions Over the past decade, the cyber landscape has evolved rapidly. But as Mike Wilson points out for Forbes, with every positive change or technological advancement comes several layers of cyber threat, as criminals continue to seek out weaknesses wherever they can. Each year the Verizon DBIR provides an overall update on current threat trends and provides insight into who.

Ransomware 126

Ransomware Cyber threats Technology 126

Bleeping Computer

AUGUST 9, 2022

Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks. [.].

126

126

The Hacker News

AUGUST 9, 2022

TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none. Let's explain why. Introduction False positives have made a somewhat unexpected appearance in our lives in recent years.

125

125

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

AUGUST 9, 2022

China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public institutions in Afghanistan and East Europe. The attackers breached dozens of enterprises and in some cases compromised their IT infrastructure, taking over systems used to manage security solutions. “All the victims identified are associ

Encryption 125

Encryption Antivirus Malware Hacking 125

CSO Magazine

AUGUST 9, 2022

The job of the CISO can be tough with its share of challenges, difficulties and complications. A CISO’s trials and tribulations include responsibility for protecting a business’s most valuable asset (its data) from an evolving cyberthreat landscape, traversing complex and strict regulatory requirements, balancing security with critical business needs, and juggling a security skills and talent shortage.

CISO 124

CISO 124

Digital Shadows

AUGUST 9, 2022

The tense relationship between the People’s Republic of China (PRC) and Taiwan was further exacerbated by the US House of. The post Tensions between the PRC and Taiwan: What’s happening? first appeared on Digital Shadows.

122

122

Bleeping Computer

AUGUST 9, 2022

Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to fully block attacks. [.].

120

120

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

SecureBlitz

AUGUST 9, 2022

Read on for the VuzeVPN review. VuzeVPN is a relatively new VPN service growing in popularity, much like its sister. Read more. The post Unbiased And Honest VuzeVPN Review 2022 appeared first on SecureBlitz Cybersecurity.

VPN 119

VPN Cybersecurity 119

IT Security Guru

AUGUST 9, 2022

A data breach is any person’s nightmare. It can affect you mentally and financially, and an 100% unhackable device or account necessitates taking precautionary measures. . Hackers target small and medium businesses as they don’t have the resources to pay for cybersecurity tools and network upgrades to protect their data against the latest cybercriminals’ tricks as large corporations do.

Data breaches 117

Data breaches Passwords Accountability Antivirus 117

SecureBlitz

AUGUST 9, 2022

In this post, I will answer the question – what is a common indicator of a phishing attempt? Phishing is. Read more. The post What Is A Common Indicator Of A Phishing Attempt? appeared first on SecureBlitz Cybersecurity.

Phishing 119

Phishing Cybersecurity 119

Bleeping Computer

AUGUST 9, 2022

Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack very similar to the one that led to Twilio's network being breached last week. [.].

Phishing 116

Phishing 116

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

AUGUST 9, 2022

If you have followed Contrast's progress over the years, you will recognize us as a leading provider of Interactive Application Security Testing (IAST)/ Runtime Application Self-Protection (RASP) (and recently Static Analysis Security Testing [SAST!]) provider. Contrast has been working on security instrumentation for nearly a decade now, and during my time here I've had countless conversations with people about how and where these technologies can be used to help accelerate DevSecOps.

Technology 115

Technology 115

The Hacker News

AUGUST 9, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.

Software 114

Software Cybersecurity 114

Security Boulevard

AUGUST 9, 2022

Cybersecurity experts Colin Henderson and Ray Espinoza share their take on the automation-driven power of machines versus the nuanced capabilities of humans in the security space. While automation is king in detection and reporting, it’s tough to replace humans’ capacity for layered analysis and follow-up. Consider your organization’s unique environment and vulnerabilities to determine the right mix of manpower and machine power to apply to your data security.

Artificial Intelligence 115

Artificial Intelligence Cybersecurity Accountability Technology 115

Bleeping Computer

AUGUST 9, 2022

Offensive Security has released ?Kali Linux 2022.3, the third version of 2022, with virtual machine improvements, Linux Kernel 5.18.5, new tools to play with, and improved ARM support. [.].

113

113

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!