Krebs on Security
MARCH 14, 2023
Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.
Schneier on Security
MARCH 14, 2023
From Brian Krebs : A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and lo
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 14, 2023
The Premium Ethical Hacking Certification Bundle features eight courses that introduce students to the fundamentals and prepare them to earn important credentials from CompTIA. The post Learn the basics of cybersecurity with this $60 web-based training package appeared first on TechRepublic.
Schneier on Security
MARCH 14, 2023
This is a current list of where and when I am scheduled to speak: I’m speaking on “ How to Reclaim Power in the Digital World ” at EPFL in Lausanne, Switzerland, on Thursday, March 16, 2023, at 5:30 PM CET. I’ll be discussing my new book A Hacker’s Mind: How the Powerful Bend Society’s Rules at Harvard Science Center in Cambridge, Massachusetts, USA, on Friday, March 31, 2023 at 6:00 PM EDT.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 14, 2023
A possible Chinese attack campaign on compromised unpatched SonicWall SMA edge devices stayed undetected since 2021 and could persist even through firmware updates. The post Attack campaign on edge appliance: undetected since 2021 and resists firmware update appeared first on TechRepublic.
We Live Security
MARCH 14, 2023
ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the group The post The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia appeared first on WeLiveSecurity
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
MARCH 14, 2023
During every quarter last year, between 10% and 16% of organizations had DNS traffic originating on their networks towards command-and-control (C2) servers associated with known botnets and various other malware threats, according to a report from cloud and content delivery network provider Akamai. More than a quarter of that traffic went to servers belonging to initial access brokers, attackers who sell access into corporate networks to other cybercriminals, the report stated.
Dark Reading
MARCH 14, 2023
One researcher thinks trust is broken in AD. Microsoft disagrees that there's a security vulnerability. But enterprise IT environments should be aware of an authentication gap either way.
Security Boulevard
MARCH 14, 2023
A new report from the Bipartisan Policy Center ( BPC ) lays out — in stark terms – the prominent cybersecurity risks of the moment. Related: Pres. Biden’s impact on cybersecurity. The BPC’s Top Risks in Cybersecurity 2023 analysis … (more…) The post SHARED INTEL Q&A: Bi-partisan report calls a for a self-sacrificing approach to cybersecurity appeared first on Security Boulevard.
The Hacker News
MARCH 14, 2023
Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Identity IQ
MARCH 14, 2023
IDIQ Wins Prestigious Gold Stevie® Award for Customer Service Department of The Year IdentityIQ —IDIQ Customer Care Department Has Been Recognized as Best in the Industry for Consumer Products and Services — Temecula, California, March 14, 2023 – IDIQ ® , an industry leader in identity theft protection and credit monitoring, has earned the prestigious Gold Stevie® Award as the Customer Service Department of the Year.
Malwarebytes
MARCH 14, 2023
Microsoft, and other vendors, have released their monthly updates. In total Microsoft has fixed a total of 101 vulnerabilities for several titles (including Edge), with two of them being actively exploited zero-days. On top of that, Adobe has fixed an actively exploited vulnerability in ColdFusion. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws.
Bleeping Computer
MARCH 14, 2023
It's Microsoft's March 2023 Patch Tuesday, and the new Windows 10 KB5023696 and KB5023697 cumulative updates are now available for versions 22H2, version 21H2, version 21H1, and 1809 to fix problems in the operating system. [.
The Hacker News
MARCH 14, 2023
An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MARCH 14, 2023
Microsoft has released the Windows 11 KB5023706 and KB5023698 cumulative updates for versions 22H2 and 21H2 to fix security vulnerabilities and bugs in the operating system. [.
Security Boulevard
MARCH 14, 2023
Just a week after the White House unveiled its long-anticipated National Cybersecurity Strategy, a pair of incidents—a breach at DC Health Link that may have exposed the personal data of members of Congress and a warning that hackers were exploiting old vulnerabilities in VMware—underscored the importance of shoring up cybersecurity defenses and demonstrated that no.
Bleeping Computer
MARCH 14, 2023
Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. [.
The Hacker News
MARCH 14, 2023
A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range," Palo Alto Networks Unit 42 researchers said.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Graham Cluley
MARCH 14, 2023
Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! Attacks targeting the software supply chain are on the rise and splashed across the news. SolarWinds raised awareness about the risk. More recent events, like the Federal Civilian Executive Branch (FCEB) agency breach, … Continue reading "Software supply chain attacks are on the rise — are you at risk?
Bleeping Computer
MARCH 14, 2023
Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags. [.
Heimadal Security
MARCH 14, 2023
On Sunday, a cryptocurrency flash loan attack on the lending platform Euler Finance resulted in the theft of $197 million in various digital assets by threat actors. The theft involved multiple tokens including $135.8 million in stETH, $33.85 million in USDC, $18.5 million in WBTC, and $8.75 million in DAI. The ETH wallet used to […] The post $197 Million in Cryptocurrency Stolen in Euler Finance Attack appeared first on Heimdal Security Blog.
CSO Magazine
MARCH 14, 2023
Ring, a home security and smart home company owned by Amazon, has reportedly suffered a ransomware attack by Russia-linked ALPHV group, according to a tweet by VX-Underground. The ALPHV ransomware group, also known as BlackCat, has posted the company’s logo on its website along with a message that reads, “There’s always an option to let us leak your data.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Graham Cluley
MARCH 14, 2023
The latest annual FBI report on the state of cybercrime has shown a massive increase in the amount of money stolen through investment scams. Read more in my article on the Hot for Security blog.
Bleeping Computer
MARCH 14, 2023
Today is Microsoft's March 2023 Patch Tuesday, and security updates fix two actively exploited zero-day vulnerabilities and a total of 83 flaws. [.
Graham Cluley
MARCH 14, 2023
A Ukrainian video game developer has revealed that a hacker has leaked development material stolen from the company's systems, and is threatening to release tens of gigabytes more if their unorthodox ransom demands are not met.
Bleeping Computer
MARCH 14, 2023
The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it's becoming an excellent opportunity. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Heimadal Security
MARCH 14, 2023
The Dark Pink APT has been linked to a new wave of attacks using the KamiKakaBot malware against government and military entities in Southeast Asian countries. In January, Group-IB published an in-depth study of Dark Pink, also known as Saaiwc, detailing the group’s use of custom tools like TelePowerBot and KamiKakaBot to execute arbitrary commands […] The post KamikakaBot Malware Used to Attack Southeast Asian Government Agencies appeared first on Heimdal Security Blog.
CSO Magazine
MARCH 14, 2023
Although some cybersecurity researchers say that ransomware attacks are on the downswing as cybercriminals face declining payments, a spate of recent ransomware attacks makes it feel like the scourge is continuing at the same, or even an elevated, pace. Nowhere is this more apparent than in the higher education sector, with at least eight colleges and universities in North America reporting ransomware attacks since December 2022.
Bleeping Computer
MARCH 14, 2023
Cybersecurity company Rubrik has confirmed that its data was stolen using a zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. [.
Dark Reading
MARCH 14, 2023
Organizations will likely have until the end of 2024 to gain visibility and control over their keys and certificates.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
236 
Let's personalize your content