Schneier on Security

JUNE 15, 2022

This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.

Artificial Intelligence 233

Artificial Intelligence Authentication Software Malware 233

Krebs on Security

JUNE 15, 2022

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.

Architecture 224

Architecture Internet Internet Software 224

Jane Frankland

JUNE 15, 2022

Judge: Jane Frankland, you have been picked up by the male police (one acting alone)) and stand here accused of potentially spreading FUD. On the 8 June you posted on LinkedIn highlighting data gaps and inconsistencies with regards to reporting for women in cyber, specifically methodologies. How do you plead? Jane: Not guilty, your honour. Judge: Please explain yourself.

Education 130

Education Cybersecurity Information Security CISO 130

Tech Republic Security

JUNE 15, 2022

Panchan is going after telecom and education providers using novel and unique methods to thwart defenses and escalate privileges. The post New botnet and cryptominer Panchan attacking Linux servers appeared first on TechRepublic.

Education 148

Education 148

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

JUNE 15, 2022

According to a study conducted by Blake, Cassels Graydon LLP, most of the cyber attacks that were targeted on Canadian companies were of ransomware genre and alarmingly there was an increase in frequency and complexity of attacks. Coming to ransomware payments, there was a 25% increase in such attacks exceeding USD $1 million on average. From now on, Canadian businesses will be required to report any kind of digital assaults within 72 hours under a new law introduced early this week.

Cyber Attacks 138

Cyber Attacks Ransomware Encryption Malware 138

Heimadal Security

JUNE 15, 2022

Last month, security specialists found adware and info-stealing malware on the Google Play Store, with at least five threats still obtainable and with more than 2 million downloads. Adware infections showing unsolicited ads degrade the user experience, use up the battery, generate heat, and can even lead to fraudulent transactions. This software typically attempts to […].

Adware 135

Adware Malware Software Cybersecurity 135

InfoWorld on Security

JUNE 15, 2022

Security is a significant concern for Kubernetes and container-based development, according to Red Hat’s State of Kubernetes Security report for 2022. In fact, 93% of survey respondents experienced at least one security incident in their Kubernetes and container environments in the past 12 months, sometimes leading to the loss of customers or revenue.

115

115

Identity IQ

JUNE 15, 2022

How to Help Protect Your Identity Offline. IdentityIQ. The media often covers data breaches and cyberattacks that expose the personal data of large groups of people, leaving them vulnerable to identity theft and other forms of fraud. One of the best ways to help protect yourself from digital threats like these is to safeguard your data online. But your personal data isn’t just vulnerable on the internet; it can be offline too.

Identity Theft 112

Identity Theft Banking Insurance Data breaches 112

Security Boulevard

JUNE 15, 2022

Earlier this year, cybercriminals infiltrated authentication provider Okta’s systems. Okta is used by thousands of organizations around the world to manage access to their networks and applications. The threat actor gang, known as Lapsus$, gained access to the laptop of one of Okta’s third-party support engineers for five days, potentially affecting a small number of.

Engineering 109

Engineering Authentication Cybersecurity Network Security 109

Threatpost

JUNE 15, 2022

The dangers to SMBs and businesses of all sizes from cyberattacks are well known. But what’s driving these attacks, and what do cybersecurity stakeholders need to do that they’re not already doing?

Cybersecurity 107

Cybersecurity 107

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

JUNE 15, 2022

[ This article was originally published here by Indusface.com ]. Many of the businesses that already have revenue-generating web applications are starting an API-first program. Now, old monolith apps are being broken into microservices developed in elastic and flexible service-mesh architecture. The common question most organizations grapple with is – how to enhance application security designed for web apps to APIs and API security?

Firewall 106

Firewall DDOS Authentication Threat Detection 106

CSO Magazine

JUNE 15, 2022

Smart infrastructure vendor Nebulon today announced that its latest offerings provide newly hardened backups for configuration and snapshots, in an effort to add a new tool to the antiransomware arsenal for Linux systems. The idea, according to Nebulon, is to protect against the problem of misconfigured servers and dated server configurations in Linux systems.

Ransomware 104

Ransomware Backups 104

Bleeping Computer

JUNE 15, 2022

An international law enforcement operation, codenamed 'First Light 2022,' has seized 50 million dollars and arrested thousands of people involved in social engineering scams worldwide. [.].

Social Engineering 99

Social Engineering Engineering Scams 99

Dark Reading

JUNE 15, 2022

Academic researchers are developing projects to apply AI to detect and stop cyberattacks and keep critical infrastructure secure, thanks to grants from C3.ai Digital Transformation Institute.

Digital transformation 98

Digital transformation Cybersecurity 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JUNE 15, 2022

The threat actor known as 'Blue Mockingbird' has been observed by analysts targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. [.].

99

99

Dark Reading

JUNE 15, 2022

The Japanese-language Panchan botnet has been discovered stealing SSH keys from Linux servers across Asia, Europe, and North America, with a focus on telecom and education providers.

Education 98

Education 98

Bleeping Computer

JUNE 15, 2022

Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords. [.].

Passwords 98

Passwords 98

Dark Reading

JUNE 15, 2022

Work across the organization and take practical steps to ease user stress — prioritize user productivity by offering the right tools to avoid shadow IT and cultivate a transparent security culture. Remember the security team, too, and automate as many processes as possible.

Information Security 98

Information Security 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

JUNE 15, 2022

The June 2022 Patch Tuesday may go down in history as the day that Follina got patched, but there was a host of other important updates. And not just from Microsoft. Many other software vendors follow the pattern of monthly updates set by the people in Redmond. Microsoft. Microsoft released updates to deal with 60 security vulnerabilities. Undoubtedly the most prominent one is the one that goes by the name of Follina.

Software 98

Software Internet Internet 98

Security Boulevard

JUNE 15, 2022

The majority of ransomware attacks now include some form of extortion attempt. What is ransomware extortion and how can you defend against it? The post Why Ransomware Extortion is a Threat appeared first on Security Boulevard.

Ransomware 98

Ransomware 98

Malwarebytes

JUNE 15, 2022

Cookies are in the news as Mozilla rolls out significant privacy changes for Firefox. The idea is to dramatically lessen the risk of privacy-invading tracking across websites without your knowledge. Tracking cookies have been a hot topic in recent months, as advertisers try switching to other methods of tracking. Will this make a noticeable difference to people’s everyday browsing experience?

Advertising 98

Advertising Internet Internet Mobile 98

Bleeping Computer

JUNE 15, 2022

Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations. [.].

Authentication 98

Authentication 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JUNE 15, 2022

In every system, there is at least one limiting factor, as outlined in the methodology known as “ the Theory of Constraints.” Software development pipelines are no exception. When we look holistically at the various domains of development, it is clear that every step is interlinked, which means the constraints of each department are also shared. The post CI Observability Makes Change Management Work appeared first on Security Boulevard.

Software 98

Software 98

SecureBlitz

JUNE 15, 2022

Quality assurance in its broadest form can be defined as the set of actions that companies take to be able. Read more. The post Quality Assurance: Definition And Explanation appeared first on SecureBlitz Cybersecurity.

Cybersecurity 106

Cybersecurity 106

Security Boulevard

JUNE 15, 2022

The Metaverse is an emerging reality, albeit a virtual one. With it comes new versions of social media phishing attacks and scams. How can you protect your brand in this new world? We can help. The post Phishing in the Metaverse: The New Reality of Brand Protection appeared first on Security Boulevard.

Phishing 98

Phishing Scams Media 98

Bleeping Computer

JUNE 15, 2022

Zimbra and SonarSource proceeded to the coordinated disclosure of a high-severity vulnerability that allows unauthenticated attackers to steal cleartext credentials from Zimbra without any user interaction. [.].

98

98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Boulevard

JUNE 15, 2022

Gender is a complex and frequently misunderstood topic. To some, this may not seem like something that you need to think about at work. For others, this deeply impacts their lives, including their experiences in the workplace and how they interact with their colleagues. I am going to break down why everyone should grasp the nuanced and complicated concept that is gender, and how it impacts your interactions with your peers, especially your transgender colleagues.

98

98

Heimadal Security

JUNE 15, 2022

ALPHV BlackCat is a RaaS, therefore the ALPHV BlackCat operators recruit affiliates to perform corporate breaches and encrypt devices. ALPHV ransomware executable is written in Rust, a programming language that, while not often used by malware creators, is gaining popularity because of its high efficiency and memory safety. Ransomware-as-a-Service is an illicit ‘parent-affiliate(s)’ business infrastructure, in which […].

Ransomware 100

Ransomware Encryption Malware Cybersecurity 100

Security Boulevard

JUNE 15, 2022

A cloud-based directory service is a great way to manage user identities in your organization. With a cloud directory, you can easily connect users with the resources they need and keep your IT environment secure. This article will discuss some of the benefits of using a cloud directory over an Active Directory, and we’ll show [.]. Read More. The post The benefits of using a Cloud Directory over Active Directory appeared first on LogonBox.

98

98

The Hacker News

JUNE 15, 2022

A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "harvests SSH keys to perform lateral movement.".

Education 97

Education Malware 97

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.