Anton on Security

MAY 5, 2023

Security business is booming! Reportedly 38K people showed up for RSA 2023, and 600+ vendors did too. It is very clear from observing the large booths of many vendors (including some that are doing well unexpectedly ) that “there is lots of money in cyberland.” As somebody cynically pointed out to me, a huge booth at the RSA conference doesn’t indicate that the company is doing well — it only indicates that it was doing well 6–8 months ago when they paid for the booth … This aside, it is very cl

Artificial Intelligence 130

Artificial Intelligence Threat Detection Marketing Cybersecurity 130

Tech Republic Security

MAY 5, 2023

Google, Apple, Microsoft and other tech giants, as well as the FIDO Alliance, password managers and identity management vendors are all moving to passkeys, thanks to FIDO2. The post RIP World Password Day appeared first on TechRepublic.

Passwords 151

Passwords Password Management Cybersecurity 151

CSO Magazine

MAY 5, 2023

Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior experience required, create greater opportunities for people around the world, and help fill the growing number of open

Threat Detection 139

Threat Detection Cybersecurity Risk 139

Bleeping Computer

MAY 5, 2023

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS). [.

135

135

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

MAY 5, 2023

As we continue to rely on digital technology to store and process vast amounts of data, the need for robust data center security has never been more critical. Cyber threats are constantly evolving, making the task of safeguarding the data and infrastructure housed within data centers increasingly challenging. Here, we'll explore the importance of. The post Safeguarding Data Centers Against Growing Cyber Threats appeared first on Hyperview.

Cyber threats 123

Cyber threats Technology 123

Bleeping Computer

MAY 5, 2023

A new Android malware called 'FluHorse' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions. [.

Malware 134

Malware Passwords Mobile 134

Dark Reading

MAY 5, 2023

Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.

Wireless 131

Wireless Firmware 131

Graham Cluley

MAY 5, 2023

Millions of WordPress-powered websites are using the Advanced Custom Fields and Advanced Custom Fields Pro plugins, which security researchers say have been vulnerable to cross-site scripting (XSS) attacks.

Risk 114

Risk 114

DoublePulsar

MAY 5, 2023

TechCrunch has a story today about Capita with an unsecured S3 bucket. A few people came across this last week — I saw it floating around social media and Discord amongst security researchers. Capita claim it is “information such as release notes and user guides, which are routinely published alongside software releases in line with standard industry practice.

Media 109

Media Software Engineering Cybersecurity 109

The Hacker News

MAY 5, 2023

A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down.

Malware 108

Malware 108

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CompTIA on Cybersecurity

MAY 5, 2023

You’ll want to ensure you are fully prepared before you undertake the IT certification process. Here’s our advice on how to study for the new CompTIA CySA+ (CS0-003) exam.

Cybersecurity 109

Cybersecurity 109

CSO Magazine

MAY 5, 2023

Implementing a sustainably effective security strategy is complex and challenging for even the most advanced organization. Organizations don’t operate in a vacuum. They rely on information and intelligence from others in the industry, including vendors, media reporting, government agencies, and their organizational peers. This expanded information ecosystem is a powerful benefit to organizations, extending their horizon and aiding them in meeting today's security challenges while bolstering defe

Media 107

Media Government 107

Security Boulevard

MAY 5, 2023

A threat intelligence report published by BlackBerry found that from December 2022 through February 2023, 12 cyberattacks per minute were launched against organizations using the company’s cybersecurity software and services, with 1.5 of those attacks per minute based on a new malware sample. The BlackBerry report also noted a shift in where those attacks are.

Malware 104

Malware Software Cybersecurity IoT 104

CyberSecurity Insiders

MAY 5, 2023

Joe Sullivan, the former Chief Security Officer (CSO) of Uber, has been sentenced to three years’ imprisonment and 200 hours of community service for covering up a cyber attack on the company’s servers in 2016, which led to a data breach affecting over 50 million riders and drivers. This is believed to be the first case in the history of cyber attacks where a CSO has faced criminal charges and imprisonment for covering up a data breach and obstructing a federal investigation.

CSO 103

CSO Data breaches Cyber Attacks CISO 103

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MAY 5, 2023

In recent years, organizations have increasingly moved their applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. However, this shift to the cloud has also introduced new security challenges, particularly in the realm of application security. Attackers are constantly looking for ways to exploit vulnerabilities in applications to gain.

Security Awareness 103

Security Awareness Cybersecurity 103

CSO Magazine

MAY 5, 2023

Microsoft has patched three new vulnerabilities in the Azure API Management service which includes two Server-Side Request Forgery (SSRF) vulnerabilities and a file upload path traversal on an internal Azure workload, according to cybersecurity firm Ermetic. The vulnerabilities were achieved through url formatting bypasses and an unrestricted file upload functionality in the API Management developer portal, Ermetic said.

Cybersecurity 101

Cybersecurity 101

Security Boulevard

MAY 5, 2023

Technology is something of a double-edged sword. The use of AI technology by cybercriminals can leave businesses more vulnerable to legitimate-seeming scams and cyberattacks; at the same time, AI can help defend against those attacks. Compliance standards are put in place to protect not just businesses but also their consumers and investors. These days, companies.

Scams 102

Scams Technology Security Awareness Risk 102

Bleeping Computer

MAY 5, 2023

Canadian diversified software company Constellation Software confirmed on Thursday that some of its systems were breached by threat actors who also stole personal information and business data. [.

Software 99

Software Ransomware 99

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 5, 2023

Learn about the day-to-day life of a QA engineer and the different techniques and processes used by the QA engineering team at GitGuardian to ensure high-quality products. The post Quality Assurance Engineering at GitGuardian appeared first on Security Boulevard.

Engineering 98

Engineering 98

Security Affairs

MAY 5, 2023

Fortinet has addressed a couple of high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy. Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy. The CVE-2023-27999 flaw (CVSS score 7.6) is a command injection issue in the external resource module. “An improper neutralization of special elements used in an OS command vulnerability

VPN 94

VPN Authentication Hacking Cybersecurity 94

Security Boulevard

MAY 5, 2023

Barracuda Networks has published a report detailing how cybercriminals are now embedding malware within an HTML file that historically was created to deliver a malicious payload via a link to an external site. That shift in approach makes it more difficult for some classes of security scanner to detect malware embedded in an email. Barracuda. The post Barracuda Networks Reports Shift in HTML Malware Tactics appeared first on Security Boulevard.

Malware 98

Malware Social Engineering Engineering Phishing 98

The Hacker News

MAY 5, 2023

PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.

Hacking 97

Hacking Accountability Software 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Malwarebytes

MAY 5, 2023

On Monday, Apple released its first batch of Rapid Security Response (RSR) patches, iOS 16.4.1 (a) , iPadOS 16.4.1 (a) , and macOS 13.3.1 (a) , for iPhone and iPad, and macOS devices, respectively. RSR is a new type of software patch delivered between Apple's regular, scheduled software updates. Previously, Apple security fixes came bundled along with features and improvements, but RSRs only carry security fixes.

Spyware 95

Spyware Software Ransomware Risk 95

The Hacker News

MAY 5, 2023

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites.

94

94

Bleeping Computer

MAY 5, 2023

Android security updates released this month patch a high-severity vulnerability exploited as a zero-day to install commercial spyware on compromised devices. [.

Spyware 95

Spyware 95

We Live Security

MAY 5, 2023

The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers The post APTs target MSP access to customer networks – Week in security with Tony Anscombe appeared first on WeLiveSecurity

89

89

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

MAY 5, 2023

Kimsuky, a North Korean hacking group, has been observed employing a new version of its reconnaissance malware called “ReconShark” in a cyberespionage campaign with global reach. According to security analysts, the threat actor has broadened the range of targets it is now attacking, including government agencies, research institutions, universities, and think tanks in the United […] The post ReconShark – Kimsuky’s Newest Recon Tool appeared first on Heimdal Security Blog.

Government 89

Government Malware Hacking Cybersecurity 89

Malwarebytes

MAY 5, 2023

A Finnish newspaper is making clever use of popular video game titles to promote press freedom and bypass Russian media restrictions regarding the invasion of Ukraine. The plan: Hide a secret room underneath a map, which players can stumble upon and see facts, figures, and photographs of what’s been going on. The map is a custom built design intended to be used in the game Counter-Strike: Global Offensive , playable via the Steam platform.

Media 88

Media Accountability Ransomware 88

CSO Magazine

MAY 5, 2023

Microsoft recently patched three vulnerabilities in its Azure API Management service , two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal Azure assets. The proof-of-concept exploits serve to highlight common errors that developers could make when trying to implement blacklist-based restrictions for their own APIs and services.

Risk 86

Risk IoT Mobile 86

WIRED Threat Level

MAY 5, 2023

Leaked documents reveal that the American College of Pediatricians viewed “mainstream medicine” and “nominal Christians” as its opposition.

Hacking 98

Hacking 98

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.