Schneier on Security
JUNE 1, 2022
Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild. Here’s the advisory , which includes a work-around until a patch is available.
The Last Watchdog
JUNE 1, 2022
In order to extract value from the Internet, data sprawl first must get reined in. This has always been the case. Related: Equipping SOCs for the long haul. What good is connecting applications, servers and networks across the public cloud if you’re unable to securely operationalize the datasets that these interconnected systems store and access? Solving data sprawl has now become a focal point of cybersecurity.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JUNE 1, 2022
The latest move will enable MFA as the default security setting even for older Azure accounts. The post Microsoft sets multi-factor authentication as default for all Azure AD customers appeared first on TechRepublic.
Malwarebytes
JUNE 1, 2022
In a short post on LinkedIn Rahul Sasi, founder and CEO of CloudSEK, explains how WhatsApp account takeovers are possible. The methods consists of several steps and it takes some social engineering skills, but it’s good to be aware of the possibility and how it works. It starts with the threat actor reaching out to a victim and convincing them to call a specific number.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Trend Micro
JUNE 1, 2022
The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives.
Cisco Security
JUNE 1, 2022
Cisco Secure Firewall stops threats faster, empowers collaboration between teams, and enables consistency across your on-premises, hybrid, and multi-cloud environments. With an included entitlement for Cisco SecureX, our XDR and orchestration platform, you’ll experience efficiency at scale and maximize your productivity. New streamlined Secure Firewall integrations make it easier to use SecureX capabilities to increase threat detection, save time and provide the rapid and deeper investigations y
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Bleeping Computer
JUNE 1, 2022
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. [.].
Security Affairs
JUNE 1, 2022
A new version of the XLoader botnet is implementing a new technique to obscure the Command and Control infrastructure. Researchers from Check Point have discovered a new version of the XLoader botnet, which implements significant enhancements, such as a new technique to obscure the Command and Control infrastructure. XLoader has been observed since 2020, it is a very cheap malware strain that is based on the popular Formbook Windows malware. .
Malwarebytes
JUNE 1, 2022
On Monday May 30, 2022, Microsoft issued CVE-2022-30190 for a zero-day remote code vulnerability, ‘Follina’, already being exploited in the wild via malicious Word documents. Q: What exactly is Follina? A: Follina is the nickname given to a new vulnerability discovered as a zero-day and identified as CVE-2022-30190. In technical terms it is a Remote Code Execution Vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT).
Bleeping Computer
JUNE 1, 2022
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. [.].
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
JUNE 1, 2022
1977 was quite the year. Led Zeppelin! Jimmy Carter! Saturday Night Fever! We can now add “a ransomware attack” to this once static list. Somerset County, New Jersey, has been hit so hard by a network assault that they’ve ended up in the direst straits imaginable , with county databases unavailable to provide information on land records and probate records, and with title searches only available for paper records that were entered before 1977.
Trend Micro
JUNE 1, 2022
Nigeria’s Economic and Financial Crimes Commission (EFCC) arrested three suspected scammers from Nigeria who were involved in global scamming campaigns via a sting operation that is part of Operation Killer Bee. Trend Micro provided information on the group and their modus operandi.
Malwarebytes
JUNE 1, 2022
German ISPs are considering the introduction of TrustPid, a new type of “supercookie” that comprises of a unique identifier which will be issued for each customer that will be able to track what that customer is doing online. The providers are trying to sell this idea by telling the public that the identifier can never be tracked back to an individual and that something needs to be done to keep the internet free.
The Hacker News
JUNE 1, 2022
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of three domains used by cybercriminals to trade stolen personal information and facilitate distributed denial-of-service (DDoS) attacks for hire. This includes weleakinfo[.]to, ipstress[.]in, and ovh-booter[.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Naked Security
JUNE 1, 2022
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.
Bleeping Computer
JUNE 1, 2022
The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and to provide DDoS attack services. [.].
Security Boulevard
JUNE 1, 2022
Organizations are absorbing a huge amount of open source component software. These tools come with unique requirements that are becoming unwieldy to resolve. Companies are asking for problems both by allowing licenses they should not and by not fulfilling the requirements of those licenses. You need automation to help manage this situation and avoid litigation.
Bleeping Computer
JUNE 1, 2022
A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina.' [.].
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
CSO Magazine
JUNE 1, 2022
If you have a traditional domain, it’s time to audit your Active Directory. In fact, it’s probably way past time. You probably have accounts that have been unchanged for years and might not have reviewed settings or registry entries. Attackers know that these domains have legacy settings that allow them to take greater control and use techniques to gain domain rights.
Security Boulevard
JUNE 1, 2022
In this article, we’ll be going over the 1.1 revision of The Secure Software Development Framework that was published earlier this year. The post Key Highlights From the New NIST SSDF appeared first on Security Boulevard.
Digital Guardian
JUNE 1, 2022
Learn about the CIA Triad and why it can be a helpful model to guide policies for information security within an organization.
Malwarebytes
JUNE 1, 2022
More and more Americans have been falling victim to phone scams since 2019. According to the latest report from Truecaller ( Google Docs upload of the entire report, separate blog here ), a known spam blocker and caller ID app, 68.4 million Americans were victimized in the last 12 months, a substantial increase from the 59.4 million victims tallied up in 2021.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
CSO Magazine
JUNE 1, 2022
What is a logic bomb? A logic bomb is a piece of code left lying in wait on a computer that will execute under certain specified conditions and take actions the owner of that computer would consider malicious. The actual code that does the dirty work, sometimes referred to as slag code, might be a standalone application or hidden within a larger program.
We Live Security
JUNE 1, 2022
A 14-year-old shares his thoughts about technology and the potential privacy and security implications of the internet. The post Talking to children about the internet: A kid’s perspective appeared first on WeLiveSecurity.
Security Boulevard
JUNE 1, 2022
Phishing has been a prominent cyber threat for decades, stealing the spotlight as the most prevalent attack vector for years, but the latest breed of attacks is more sophisticated and complicated to protect against than ever before. Attackers are always looking for new techniques to bypass security measures and remain undetected by victims. In the past year, Browser-in-the Browser (BITB) attacks have emerged as a very effective technique for evading detection and convincing users to hand over cr
Security Affairs
JUNE 1, 2022
A China-linked APT group is actively exploiting the recently disclosed Follina zero-day flaw in Microsoft Office in attacks in the wild. China-linked APT group TA413 has been observed exploiting the recently disclosed Follina zero-day flaw (tracked as CVE-2022-30190 and rated CVSS score 7.8) in Microsoft Office in attacks in the wild. This week, the cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
JUNE 1, 2022
The phenomenon known as the Great Resignation is showing no signs of slowing. Nearly 48 million people in the U.S. quit their jobs last year with another 4.3 million this past January alone. This creates obvious labor shortage challenges, but what’s less obvious are the critical risks it brings to workforce cybersecurity, specifically when it. The post SaaS Security in the Great Resignation appeared first on Security Boulevard.
Malwarebytes
JUNE 1, 2022
If you’re an SMB, chances are that you’re already well-aware of the fact that cyber threats can wreak havoc on your business. Everything from rootkits to ransomware threaten not just financial losses, but also significant network downtime and reputational damage as well. Couple this with the fact that many cyberthreats are web-based, and you might be stuck wondering how best to secure your business online.
Heimadal Security
JUNE 1, 2022
In June 2014, Operation Tovar, run by the U.S. Justice Department in collaboration with the FBI, Europol and some important names in the private sector, like Heimdal, Symantec, Trend Micro and McAfee, took down a large network controlled by hackers in Russia and Ukraine. They were using the Gameover platform to spread and infect systems […]. The post All About CTB Locker Ransomware appeared first on Heimdal Security Blog.
Identity IQ
JUNE 1, 2022
4 Tips to Help Avoid Identity Theft During the Homebuying Process. IdentityIQ. When you apply for a mortgage loan to buy a home, you have to share a lot of personal information with your mortgage broker and lender. You may need to provide sensitive information such as your name, address, Social Security number, pay stubs, bank statements, information about your investment and retirement accounts, copies of your tax returns, etc.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
299 
Let's personalize your content