Krebs on Security
MARCH 15, 2023
Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability ( CVE-2023-23397 ) affects all versions of Microsoft Outlook from 2013 to the newest.
Tech Republic Security
MARCH 15, 2023
AI-generated phishing emails, including ones created by ChatGPT, present a potential new threat for security professionals, says Hoxhunt. The post Humans are still better at creating phishing emails than AI — for now appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
SecureWorld News
MARCH 15, 2023
Alright, how many of you saw a cryptocurrency ad on TV in 2022? Oh, yeah, everyone did. How many of you acted on those ads and actually purchased crypto? Probably some of you. Now the important question: how many of you got scammed in some sort of way by cryptocurrency or another type of investment? According to the U.S. Federal Bureau of Investigations (FBI), the answer is a lot of people did.
Tech Republic Security
MARCH 15, 2023
With backing from major firms, credential security company Beyond Identity has launched the Zero Trust Authentication initiative for organizations to hack-proof user credentials. The post For credentials, these are the new Seven Commandments for zero trust appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
MARCH 15, 2023
Over the weekend, cybercriminals laid the groundwork for Silicon Valley Bank-related fraud attacks that they're now starting to cash in on. Businesses are the targets and, sometimes, the enablers.
Tech Republic Security
MARCH 15, 2023
The service is rated at 8/10 stars by The VPN Lab. The post Get 3 years of rock-solid protection with Surfshark VPN for $83.99 appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
MARCH 15, 2023
PURPOSE The purpose of this policy is to provide guidelines for the appropriate disposal of information and the destruction of electronic media, which is defined as any storage device used to hold company information including, but not limited to, hard disks, magnetic tapes, compact discs, audio or videotapes, and removable storage devices such as USB.
PCI perspectives
MARCH 15, 2023
Following its annual Special Interest Group (SIG) election process, the PCI Security Standards Council has confirmed the winning SIG topic for 2023. The Council’s Participating Organizations voted to select “Scoping and Segmentation for Modern Network Architectures” as the focus for the year ahead.
Heimadal Security
MARCH 15, 2023
Software vendor SAP has released security updates to fix 19 vulnerabilities, five of which rated as critical. The patches released this month impact many products of the SAP suite, but the critical severity vulnerabilities affect SAP NetWeaver and SAP Business Objects Business Intelligence Platform (CMC). What Are the Critical Flaws Patched? CVE-2023-25616: this vulnerability affects […] The post SAP Fixes Five Critical Vulnerabilities With Newly Released Security Update appeared first on
Bleeping Computer
MARCH 15, 2023
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MARCH 15, 2023
With recent events involving Silicon Valley Bank and Signature Bank fresh in our minds, investors and financial institutions both big and small are looking to reduce exposure and risk. The post Turbulence In Banking: Navigating the Cyber Risk appeared first on Security Boulevard.
Heimadal Security
MARCH 15, 2023
Remote work has become a highly popular and common practice around the world, especially now as companies allow a significant part of their employees to remain remote. However, while this practice increases flexibility, improves productivity, and enhances work-life balance, there’s a downside to it – remote work security risks. In this new remote-working landscape created […] The post Most Common Remote Work Security Risks & Best Practices appeared first on Heimdal Security Blog.
Security Boulevard
MARCH 15, 2023
October is officially cybersecurity awareness month, originally designated back in 2004 by United States President George W. Bush and Congress to raise awareness of the growing cybersecurity threat landscape that affects businesses, the government and individuals. While basic cybersecurity knowledge is commonplace by now, it’s not enough. Cybersecurity Ventures predicts cybercrime to cost the world.
CSO Magazine
MARCH 15, 2023
Cybercriminals have started taking advantage of Silicon Valley Bank’s (SVB) downfall to carrying out scams that can steal money, and bank account information, or infect customers’ systems with malware. SVB was shut down on March 10 by the California Department of Financial Protection and Innovation, after the bank failed to raise capital to keep running.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
MARCH 15, 2023
Microsoft’s March Patch Tuesday provided fixes for a total of 83 vulnerabilities, including two actively exploited zero-days. Here’s what you need to know. What is the situation? Out of the 83 vulnerabilities, nine of them have been classified as “Critical” and allow remote code execution (RCE), denial of service (DoS) or an attacker to elevate privileges.
Bleeping Computer
MARCH 15, 2023
Mozilla has announced the integration of Firefox Relay, an email protection system that helps users evade trackers and spammers, directly into the Firefox browser. [.
Security Boulevard
MARCH 15, 2023
In the 1973 baseball melodrama Bang the Drum Slowly, the players, intent on scamming some rubes, play a card game called “TEGWAR.” It stands, as you later learn, for ‘The Exciting Game Without Any Rules.’ Three recent unrelated events in the news this week illustrate how U.S. data privacy rules are, to a great extent, The post Privacy Challenges Illustrated by Recent Cases appeared first on Security Boulevard.
Bleeping Computer
MARCH 15, 2023
Last year, a U.S. federal agency's Microsoft Internet Information Services (IIS) web server was hacked by exploiting a critical.NET deserialization vulnerability in the Progress Telerik UI for ASP.NET AJAX component. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
MARCH 15, 2023
With ransomware attacks, social engineering, and data breaches at an all-time high, terms like “cybersecurity” and “cyber insurance” are being thrown around in conversation more than ever before. But what, in practice, do they mean – and how are the two intertwined? The post The Comprehensive Value of Investing in Both Cybersecurity and Cyber Insurance appeared first on Security Boulevard.
CSO Magazine
MARCH 15, 2023
Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with zero-trust-level certainty, according to Beyond Trust.
Security Boulevard
MARCH 15, 2023
Palo Alto Networks today revealed it is using artificial intelligence to automate the management of its secure access service edge (SASE) platform. In addition, the company is adding a Prisma command center infused with machine learning algorithms to monitor the software-defined wide area networks (SD-WANs) that the company’s SASE platform employs. Palo Alto Networks is.
SecureList
MARCH 15, 2023
Download the full version of the report (PDF) Hundreds of deals are struck on the dark web every day: cybercriminals buy and sell data, provide illegal services to one another, hire other individuals to work as “employees” with their groups, and so on. Large sums of money are often on the table. To protect themselves from significant losses, cybercriminals use regulatory mechanisms, such as escrow services (aka middlemen, intermediaries, or guarantors ), and arbitration.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
MARCH 15, 2023
Dell Technologies today announced an alliance with CrowdStrike as part of a larger initiative to expand the cybersecurity services it provides. Under the terms of the alliance with CrowdStrike, Dell has agreed to resell the CrowdStrike Falcon platform to customers. In addition, Dell is adding a Managed Detection and Response Pro Plus service that provides.
Heimadal Security
MARCH 15, 2023
Rubrik, the cybersecurity giant, confirmed a data breach. The incident was caused by a large-scale attack using a zero-day vulnerability in the Fortra GoAnywhere platform. GoAnywhere is a secure data transfer business solution for encrypted files. The announcement comes after the Clop ransomware published a sample of the stolen data. Organizations use Rubrik cloud data […] The post Security Organization Rubrik Affected by the GoAnywhere Zero-day Attacks appeared first on Heimdal Security B
The Hacker News
MARCH 15, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 (CVSS score: 8.6), which could be exploited by a threat actor to achieve arbitrary code execution.
Malwarebytes
MARCH 15, 2023
The Amsterdam court has ruled that Facebook illegally processed user data in a case started by the Dutch Data Privacy Stichting (DPS), a foundation that acts on behalf of victims of privacy violations in the Netherlands. According to the ruling , Facebook used personal data for advertising purposes in the period April 1, 2010, to January 1, 2020, when this was not allowed.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
DoublePulsar
MARCH 15, 2023
Yesterday Microsoft dropped a patch for a vulnerability found by @hexnomad.
The Hacker News
MARCH 15, 2023
A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022.
Graham Cluley
MARCH 15, 2023
The twisted tale of the two Teslas, and a deepfake sandwich. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Bleeping Computer
MARCH 15, 2023
LockBit ransomware has claimed a cyber attack on Essendant, a wholesale distributer of office products after a "significant" and ongoing outage knocked the company's operations offline. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
223 
Let's personalize your content