Krebs on Security
JUNE 15, 2022
Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.
Schneier on Security
JUNE 15, 2022
This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JUNE 15, 2022
Panchan is going after telecom and education providers using novel and unique methods to thwart defenses and escalate privileges. The post New botnet and cryptominer Panchan attacking Linux servers appeared first on TechRepublic.
Heimadal Security
JUNE 15, 2022
Last month, security specialists found adware and info-stealing malware on the Google Play Store, with at least five threats still obtainable and with more than 2 million downloads. Adware infections showing unsolicited ads degrade the user experience, use up the battery, generate heat, and can even lead to fraudulent transactions. This software typically attempts to […].
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
CyberSecurity Insiders
JUNE 15, 2022
According to a study conducted by Blake, Cassels Graydon LLP, most of the cyber attacks that were targeted on Canadian companies were of ransomware genre and alarmingly there was an increase in frequency and complexity of attacks. Coming to ransomware payments, there was a 25% increase in such attacks exceeding USD $1 million on average. From now on, Canadian businesses will be required to report any kind of digital assaults within 72 hours under a new law introduced early this week.
TrustArc
JUNE 15, 2022
A guide to the GDPR General Data Protection Regulation and the UK Data Protection Act from TrustArc, the leader in privacy management software such as PrivacyCentral.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
SecureList
JUNE 15, 2022
Division of labor. Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an attack, but also for the data and services necessary to organize one (e.g., to perform specific steps of a multiphase attack).
Heimadal Security
JUNE 15, 2022
ALPHV BlackCat is a RaaS, therefore the ALPHV BlackCat operators recruit affiliates to perform corporate breaches and encrypt devices. ALPHV ransomware executable is written in Rust, a programming language that, while not often used by malware creators, is gaining popularity because of its high efficiency and memory safety. Ransomware-as-a-Service is an illicit ‘parent-affiliate(s)’ business infrastructure, in which […].
Cisco Security
JUNE 15, 2022
There are some very tough questions I’ve come across in my time. How does one walk into Mordor, if not simply? Why isn’t there a special name for the tops of your feet? (Credit to Lily Tomlin for that one.). For a security leader, the toughest questions are often around security buy-in: How do you achieve active support across the organization for building resilience?
CyberSecurity Insiders
JUNE 15, 2022
By Gunnar Peterson, CISO, Forter. Earlier this year, cybercriminals infiltrated Okta’s systems, an authentication company thousands of organizations around the world use to manage access to their networks and applications. The threat actor gang, known as Lapsus$, gained access to the laptop of one of Okta’s third-party support engineers for five days, potentially affecting a small number of the company’s customers.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
SecureBlitz
JUNE 15, 2022
Quality assurance in its broadest form can be defined as the set of actions that companies take to be able. Read more. The post Quality Assurance: Definition And Explanation appeared first on SecureBlitz Cybersecurity.
Identity IQ
JUNE 15, 2022
How to Help Protect Your Identity Offline. IdentityIQ. The media often covers data breaches and cyberattacks that expose the personal data of large groups of people, leaving them vulnerable to identity theft and other forms of fraud. One of the best ways to help protect yourself from digital threats like these is to safeguard your data online. But your personal data isn’t just vulnerable on the internet; it can be offline too.
InfoWorld on Security
JUNE 15, 2022
Security is a significant concern for Kubernetes and container-based development, according to Red Hat’s State of Kubernetes Security report for 2022. In fact, 93% of survey respondents experienced at least one security incident in their Kubernetes and container environments in the past 12 months, sometimes leading to the loss of customers or revenue.
Security Boulevard
JUNE 15, 2022
Earlier this year, cybercriminals infiltrated authentication provider Okta’s systems. Okta is used by thousands of organizations around the world to manage access to their networks and applications. The threat actor gang, known as Lapsus$, gained access to the laptop of one of Okta’s third-party support engineers for five days, potentially affecting a small number of.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Digital Guardian
JUNE 15, 2022
Learn about VPNs, why organizations are using them so much more, and what IT leaders can do to help ensure their security.
Threatpost
JUNE 15, 2022
The dangers to SMBs and businesses of all sizes from cyberattacks are well known. But what’s driving these attacks, and what do cybersecurity stakeholders need to do that they’re not already doing?
CyberSecurity Insiders
JUNE 15, 2022
[ This article was originally published here by Indusface.com ]. Many of the businesses that already have revenue-generating web applications are starting an API-first program. Now, old monolith apps are being broken into microservices developed in elastic and flexible service-mesh architecture. The common question most organizations grapple with is – how to enhance application security designed for web apps to APIs and API security?
Threatpost
JUNE 15, 2022
Upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cybercriminals to scam the tourists.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CSO Magazine
JUNE 15, 2022
Smart infrastructure vendor Nebulon today announced that its latest offerings provide newly hardened backups for configuration and snapshots, in an effort to add a new tool to the antiransomware arsenal for Linux systems. The idea, according to Nebulon, is to protect against the problem of misconfigured servers and dated server configurations in Linux systems.
Malwarebytes
JUNE 15, 2022
At least 69,000 people have been impacted by a data breach at Kaiser Permanente, a long-running managed healthcare consortium. The latest in a long-running series of healthcare attacks, the road to stolen data began on April 5 this year with an email compromise. The direct path to data. A “substitute breach notice” posted June 3 revealed details of the attack.
Bleeping Computer
JUNE 15, 2022
An international law enforcement operation, codenamed 'First Light 2022,' has seized 50 million dollars and arrested thousands of people involved in social engineering scams worldwide. [.].
The Hacker News
JUNE 15, 2022
A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
JUNE 15, 2022
In occupied Ukraine, people’s internet is being routed to Russia—and subjected to its powerful censorship and surveillance machine.
Bleeping Computer
JUNE 15, 2022
The threat actor known as 'Blue Mockingbird' has been observed by analysts targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. [.].
Trend Micro
JUNE 15, 2022
Learn about the state of OT Security in 2022 by reading the key insights found through surveying more than 900 ICS business and security leaders in the US, Germany and Japan.
Dark Reading
JUNE 15, 2022
Citrix ADM vulnerabilities could lead to admin password reset and disruption of ADM license service, company warns.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
JUNE 15, 2022
Microsoft confirmed today that a future Windows update will permanently disable the Internet Explorer web browser on users' systems. [.].
Dark Reading
JUNE 15, 2022
Academic researchers are developing projects to apply AI to detect and stop cyberattacks and keep critical infrastructure secure, thanks to grants from C3.ai Digital Transformation Institute.
Security Affairs
JUNE 15, 2022
Researchers discovered a new Golang-based peer-to-peer (P2P) botnet, dubbed Panchan, targeting Linux servers in the education sector since March 2022. Akamai security researchers discovered a new Golang-based P2P Botnet, tracked as Panchan, that is targeting Linux servers that has been active since March 2022. Panchan uses basic SSH dictionary attack to implement wormable behavior, it also harvests SSH keys and uses them for lateral movement.
Dark Reading
JUNE 15, 2022
Username and password combinations offered for sale on the Dark Web by criminals has increased 65% since 2020.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
297 
Let's personalize your content