Schneier on Security
MAY 3, 2023
New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandient detected it in December 2020, but didn’t realize what they detected—and so ignored it. WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020but the scale and significance of the breach wasn’t immediately apparent.
Bleeping Computer
MAY 3, 2023
An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CyberSecurity Insiders
MAY 3, 2023
By: Craig Debban , Chief Information Security Officer, QuSecure, Inc. As you may have noticed, daily headlines around quantum computing and its impact on technologies are becoming commonplace. This is driven by the fact that quantum computers will be able to perform certain types of calculations much faster than the classical computers we all use today.
Bleeping Computer
MAY 3, 2023
The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CSO Magazine
MAY 3, 2023
As artificial intelligence and machine learning models become more firmly woven into the enterprise IT fabric and the cyberattack infrastructure, security teams will need to level up their skills to meet a whole new generation of AI-based cyber risks. Forward-looking CISOs are already being called upon to think about newly emerging risks like generative AI-enabled phishing attacks that will be more targeted than ever or adversarial AI attacks that poison learning models to skew their output.
Bleeping Computer
MAY 3, 2023
The City of Dallas, Texas, has suffered a Royal ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MAY 3, 2023
Microsoft announced today that Windows admins can now choose to be emailed when new known issues are added to the Windows release health section of the Microsoft 365 admin center. [.
Security Boulevard
MAY 3, 2023
Sectrio, the premier IoT and OT security company has launched the findings of its latest edition of its much-awaited OT and IoT threat environment landscape analysis report 2023. The latest report covers over 80,000 data points from global cyber and threat hotspots, dark web forums, messaging platforms, and online hacker congregation and collaboration forums.
We Live Security
MAY 3, 2023
It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut The post Using Discord?
CyberSecurity Insiders
MAY 3, 2023
Reports indicate that a distributed denial-of-service attack (DDoS) was launched on the IT infrastructure of the Swedish parliament, disrupting its website services to a significant extent. However, the IT teams were quick enough to digitally recover the website, which now loads slowly and is sometimes unreachable with an error. Unconfirmed sources suggest that the attack could be the work of pro-Russian hackers like Killnet and took place just before the drone attack on Moscow’s Kremlin,
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CSO Magazine
MAY 3, 2023
Researchers warn that attackers are relying more on malicious HTML files in their attacks, with malicious files now accounting for half of all HTML attachments sent via email. This rate of malicious HTML prevalence is double compared to what it was last year and doesn't appear to be the result of mass attack campaigns that send the same attachment to a large number of people.
Dark Reading
MAY 3, 2023
Chrome 117 will retire the lock icon and replace it with a "tune" icon, reflecting evolving cybersecurity standards.
CSO Magazine
MAY 3, 2023
Google has begun rolling out support for passkeys across Google Accounts on all major platforms, adding a new sign-in option that can be used alongside passwords and two-step verification. The tech giant announced passkey availability on the eve of World Password Day as it looks to introduce more secure, reliable sign-in options. The rollout comes in the wake of Google updates on bringing passkey experiences to both Chrome and Android , as well as tech industry support for a common passwordless
Security Boulevard
MAY 3, 2023
Network operations and security professionals are overwhelmed by constant updates and need more support from leadership to keep network and security devices updated and backed up. These were among the key results of a BackBox survey conducted by Wakefield Research of 250 network operations and security professionals. The survey found that while 61% of companies.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CompTIA on Cybersecurity
MAY 3, 2023
We’ve been getting a lot of questions about the new CompTIA CySA+, and we want to make sure you have the answers you need to decide whether or not it’s right for you.
Security Boulevard
MAY 3, 2023
In a sentencing memorandum filed with a San Francisco federal court on April 27, 2023, prosecutors argued that Joe Sullivan—the former CISO of Uber and a former federal computer crimes prosecutor himself (with the same office)—should serve 15 months in federal prison for his role in the ride-sharing company’s concealment of a data breach. At. The post Prosecutors Argue for 15 Months in Jail for Uber CISO appeared first on Security Boulevard.
The Hacker News
MAY 3, 2023
Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. Passkeys, backed by the FIDO Alliance, are a more secure way to sign in to apps and websites without having to use a traditional password.
Security Boulevard
MAY 3, 2023
In a previous article, 9 Device Fingerprinting Solutions for Developers , I outlined a set of open source and commercial solutions for device fingerprinting. What I didn't dig into in that article is how the fingerprints are actually used in preventing fraud. One misconception is that a fingerprint alone The post 7 Fraud Prevention Rules Using Device Fingerprinting appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
MAY 3, 2023
The company has removed three APTs and six potentially criminal networks from its platforms who leveraged elaborate campaigns of fake personas and profiles to lure and compromise users.
Security Boulevard
MAY 3, 2023
Phishing scams pose a significant risk to companies and can lead to great loss in the form of stolen account credentials, fraudulent payments and corporate data breaches, among others. According to IBM’s Security X-Force Threat Intelligence Index, phishing remains the most common way for cybercriminals to gain access to a company’s network and data.
Security Through Education
MAY 3, 2023
Possibly one of the most concerning, yet common, phrases you could hear a leader say is, “if it ain’t broke don’t fix it.” On the surface this thinking makes sense, if something already works then why mess with it. But, if we go below surface level, what we are really seeing is change resistance. The problem here is that the cybersecurity landscape is dynamic and ever-changing, meaning that the nature of a potential threat will inevitably fluctuate and evolve over time.
Malwarebytes
MAY 3, 2023
Last week, OpenAI announced it had given ChatGPT users the option to turn off their chat history. ChatGPT is a "generative AI", a machine learning algorithm that can understand language and generate written responses. Users can interact with it by asking questions, and the conversations users have with it are in turn stored by OpenAI so they can be used to train its machine learning models.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
MAY 3, 2023
Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. The hackers attempt to trick victims into installing malicious apps and browser extensions on their devices.
CyberSecurity Insiders
MAY 3, 2023
Geoffrey Hinton, who is known to the world as Godfather of AI has made an official an-nouncement that he will quit his position at Google for the betterment of humans from the de-velopments of the technology. Mr. Hinton released a video to the world, where he is seen tell-ing to the world that he has taken the decision to blow the whistle against the technology.
Security Affairs
MAY 3, 2023
Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Passwords are essential to protect services and data online, but when obtained by threat actors they can pose a risk to the users.
Bleeping Computer
MAY 3, 2023
Orqa, a maker of First Person View (FPV) drone racing goggles, claims that a contractor introduced code into its devices' firmware that acted as a time bomb designed to brick them. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
MAY 3, 2023
Apple and Google have teamed up to work on a draft industry-wide specification that's designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags.
Security Boulevard
MAY 3, 2023
The wp-config.php file is one of WordPress’ most important files. It contains the configuration information required to make WordPress work. As the name suggests, it is written in PHP - the language upon which WordPress is built. The post What is the wp-config.php file? appeared first on WP White Security. The post What is the wp-config.php file? appeared first on Security Boulevard.
Heimadal Security
MAY 3, 2023
Heimdal® has recently discovered what can very well be the debut of a massive phishing campaign unfolding in the Nordics. According to a tip sent to us by an anonymous reader, the APT’s choice in phishing is an email in which the victim is informed about the status of an unclaimed postal package. Further analysis […] The post SECURITY ALERT: Danish Customers Targeted by Active PostNord DK Phishing Campaign appeared first on Heimdal Security Blog.
Security Affairs
MAY 3, 2023
Vulnerabilities in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to trigger a DoS condition on BGP peers. Forescout Vedere Labs researchers discovered multiple vulnerabilities in the software implementation of the Border Gateway Protocol (BGP). The issues reside in the BGP message parsing in version 8.4 of FRRouting implementation, a leading open-source implementation of the protocol.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
204 
Let's personalize your content