Krebs on Security
JANUARY 10, 2023
Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency , and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.
Joseph Steinberg
JANUARY 10, 2023
Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum in 2021, will continue serving as a member of the premier news organization’s council in 2023. In 2021, Newsweek invited Steinberg to join its community of pioneering thinkers and industry leaders, and to provide the news outlet with input related to his various areas of expertise, including cybersecurity, privacy, and artificial intelligence.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JANUARY 10, 2023
Only 25% of the organizations surveyed by Delinea were hit by ransomware attacks in 2022, but fewer companies are taking proactive steps to prevent such attacks. The post Ransomware attacks are decreasing, but companies remain vulnerable appeared first on TechRepublic.
We Live Security
JANUARY 10, 2023
ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version. The post StrongPity espionage campaign targeting Android users appeared first on WeLiveSecurity.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JANUARY 10, 2023
As APIs are increasingly used in app development, it should come as no surprise that threat actors have turned them into attack vectors. In fact, Gartner predicted that APIs would become the top attack vector in 2022, stating, “Unmanaged and unsecured APIs are easy targets for attacks, increasing vulnerability to security and privacy incidents.” Other.
Bleeping Computer
JANUARY 10, 2023
​Today is Microsoft's January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Cisco Security
JANUARY 10, 2023
I am excited to announce the release of Cisco’s annual flagship cybersecurity report, the Security Outcomes Report, Volume 3: Achieving Security Resilience. It’s about preparing, adapting, and overcoming security challenges and threats, and an organisation’s ability to respond and emerge stronger.It’s the organization’s ability to respond to the inevitable attacks and unexpected events that come our way.
Security Boulevard
JANUARY 10, 2023
With the start of a new year, LogRhythm is announcing our 2023 cybersecurity predictions! This is a tradition at LogRhythm, as each year our executives reveal cyber threats organizations across the globe may potentially face. Looking back at our 2022…. The post 2023 Cybersecurity Predictions appeared first on LogRhythm. The post 2023 Cybersecurity Predictions appeared first on Security Boulevard.
Cisco Security
JANUARY 10, 2023
As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. In my role, I regularly engage with CISOs in all kinds of sectors, representatives at industry bodies, and experts at analyst houses. This gives me an invaluable macroview not only of how the last 12 months have affected organizations and what CISOs are thinking about, but also how the upcoming year is shaping up.
Bleeping Computer
JANUARY 10, 2023
Researchers at the universities of California, Virginia, and Microsoft have devised a new poisoning attack that could trick AI-based coding assistants into suggesting dangerous code. [.].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JANUARY 10, 2023
When a client’s server goes down or is compromised in a cyberattack, managed service providers (MSPs) need an effective business continuity and disaster recovery (BCDR) solution to restore data and operations quickly, without sacrificing margin. That means industry-leading recovery technology from a vendor that is there to support you, no matter what.
eSecurity Planet
JANUARY 10, 2023
In a paper published late last month, 24 Chinese researchers suggested that RSA-2048 encryption could be broken using a quantum computer with 372 physical quantum bits. Cryptographer Bruce Schneier drew attention to the paper [PDF] last week in a blog post , noting that IBM recently announced a 433-qubit quantum computer, far exceeding the researchers’ stated requirements. “This is something to take seriously,” Schneier wrote. “It might not be correct, but it’s not
Bleeping Computer
JANUARY 10, 2023
Microsoft has released the Windows 11 KB5022303 and KB5022287 cumulative updates for versions 22H2 and 21H2 to fix security vulnerabilities and resolve bugs and performance issues. [.].
CSO Magazine
JANUARY 10, 2023
[Editor's note: This article originally appeared on the Le Monde Informatique website.] More than 10,000 beneficiaries of a local branch of the French social security agency CAF, or Family Allowance Fund, saw their data exposed for about 18 months, after a file containing personal information was sent to a service provider. The mistake, discovered by France Info — Radio France's news and investigation service — just before the year-end holidays, could hit the CAF hard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
JANUARY 10, 2023
Microsoft has published the Windows 10 KB5022282 and KB5022286 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix security vulnerabilities and resolve known bugs. [.].
CyberSecurity Insiders
JANUARY 10, 2023
The discussion of cyber security has grown beyond the IT department and now includes the entire C-suite as well as the Board. As the number of attacks has increased and the stakes grow regarding penalties and reputation, it has become a top issue for businesses of all sizes. Increased vulnerability is causing headaches and expenses due to numerous societal shifts – whether it’s the proliferation of the internet of things (IoT) in every aspect of business and society, or the widespread adoption
Naked Security
JANUARY 10, 2023
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.
The Hacker News
JANUARY 10, 2023
A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
JANUARY 10, 2023
A report published today by secure access service edge (SASE) platform provider Netskope identified more than 400 distinct cloud applications that delivered malware in 2022. The report found that 30% of all cloud malware downloads in 2022 originated from the Microsoft OneDrive service. Ray Canzanese, threat research director for Netskope said rather than building command-and-control.
Quick Heal Antivirus
JANUARY 10, 2023
Quick Heal products are fully compatible with Microsoft’s latest feature update - Windows 10 2022. Quick Heal has ensured that your cyber security solution is up to speed and fully compatible with this feature update. Find out how you can enjoy a secure digital experience even with the latest OS update. The post Quick Heal Supports Windows 10 Version 22H2 appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
Security Boulevard
JANUARY 10, 2023
A man-made or natural disaster can happen at any time, potentially putting your business in jeopardy. This is why it is imperative to ensure that your digital assets are backed up and safe so they can be recovered should a major event occur. This is made easier by migrating to a cloud-based solution, allowing you. The post 7 Key Benefits of a Cloud Disaster Recovery Strategy appeared first on Security Boulevard.
Bleeping Computer
JANUARY 10, 2023
A massive campaign using over 1,300 domains to impersonate the official AnyDesk site is underway, all redirecting to a Dropbox folder recently pushing the Vidar information-stealing malware. [.].
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SecureBlitz
JANUARY 10, 2023
We have seen lots of news about blockchain, NFT, and Metaverse over the past few years. These technologies took the tech world almost immediately, burning new opportunities for all groups of people. While blockchain has long been here and NFTs are popular as well, Metaverse is a new trend in the tech world. However, Metaverse […]. The post Why NFTs & Blockchain Are Important In Metaverse?
Malwarebytes
JANUARY 10, 2023
After a tip from a Telegram user who frequented identity theft channels, Brian Krebs tested and confirmed that anyone who knew your name, address, social security number (SSN), and birthday could view your full credit report at Experian. Skipping security questions. The method to get access did not require any hacking talents at all. It was a simple matter of replacing a part of the URL, which then allowed anyone with bad intentions to skip security questions.
Security Affairs
JANUARY 10, 2023
Zoom addressed four “high” severity vulnerabilities impacting its popular videoconferencing software Zoom Rooms. Zoom addressed four “high” severity vulnerabilities impacting its videoconferencing platform Zoom Rooms. Below are the details for the bugs addressed by the company: CVE-2022-36930 (CVSS Score 8.2) – Local Privilege Escalation in Rooms for Windows Installers.
Bleeping Computer
JANUARY 10, 2023
Microsoft has addressed a known issue causing Blue Screen of Death (BSOD) crashes with 0xc000021a errors after installing the Windows 10 KB5021233 cumulative update released during the December Patch Tuesday. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Naked Security
JANUARY 10, 2023
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1.
Malwarebytes
JANUARY 10, 2023
Researchers at the University of Waterloo in Ontario have further researched a loophole in the WiFi protocol that was dubbed “polite WiFi” Last year the researchers published a study in which they showed someone could use this loophole to triangulate the location of any WiFi enabled device. Now, they've followed up that study to say that someone could also drain the batteries of such device.
The Hacker News
JANUARY 10, 2023
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with one of the vulnerabilities also listed as publicly known at the time of release.
CyberSecurity Insiders
JANUARY 10, 2023
Surveillance is prevailing at its peak in China as it keeps a track of every move made by its populace in its provinces. But can you believe that the Xi Jinping-led nation also monitors senior politicians of Britain through a sim card? Yes, what you have read is right! As politicians leading UK Parliament have slammed Beijing as a systemic threat to UK’s National Security.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
226 
Let's personalize your content