Krebs on Security
MAY 30, 2023
A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. This attack involves malicious Javascript that is added to one’s browser by dragging a component from a web page to one’s browser bookmarks.
Schneier on Security
MAY 30, 2023
It’s neither hard nor expensive : Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only that an inputted image provides an acceptable approximation of an image in the fingerprint database.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MAY 30, 2023
Admins can force users to reset their respective passwords during their next Windows 11 login by making a few simple changes on a difficult-to-find configuration screen. The post Windows 11: Enforcing password resets for local group users appeared first on TechRepublic.
Bleeping Computer
MAY 30, 2023
A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play and collectively downloaded over 400 million times. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MAY 30, 2023
Learn ethical hacking and other cybersecurity skills to protect your business from potential attacks. The post Get 9 cybersecurity courses for just $46 appeared first on TechRepublic.
Bleeping Computer
MAY 30, 2023
A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
InfoWorld on Security
MAY 30, 2023
It’s late on a Friday. You get a call from your CIO that data has been removed from XYZ public cloud server, and they need it back ASAP. It gets worse. First, there is no current backup copy of the data. The backups you expected your cloud provider to perform on your behalf only include the provider’s core system backups. That means it’s functionally unusable.
Dark Reading
MAY 30, 2023
The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group.
Bleeping Computer
MAY 30, 2023
Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in. [.
CSO Magazine
MAY 30, 2023
Cybersecurity pioneer Mikko Hyppönen began his cybersecurity career 32 years ago at Finnish cybersecurity company F-Secure, two years before Tim Berners-Lee released the world's first web browser. Since then, he has defused global viruses, searched for the first virus authors in a Pakistani conflict zone, and traveled the globe advising law enforcement and governments on cybercrime.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CyberSecurity Insiders
MAY 30, 2023
By Hananel Livneh, Head of Product Marketing, Adaptive Shield Successful cyberattacks tend to hit companies with the force of an 80-foot wave. The initial damage is quickly apparent. Like ships that lose railings and experience instability, businesses are immediately faced with lost data, ransom payments, and revenue losses, depending on the nature of the attack.
eSecurity Planet
MAY 30, 2023
In March, Microsoft announced its Security Copilot service. The software giant built the technology on cutting-edge generative AI – such as large language models (LLMs) – that power applications like ChatGPT. In a blog post , Microsoft boasted that the Security Copilot was the “first security product to enable defenders to move at the speed and scale of AI.
We Live Security
MAY 30, 2023
A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys The post Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme appeared first on WeLiveSecurity
Security Boulevard
MAY 30, 2023
Intellexa mercenary spyware chains five unpatched bugs—plus ‘Alien’ technology The post ‘Predator’ — Nasty Android Spyware Revealed appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MAY 30, 2023
Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control (TCC) security checks. [.
CyberSecurity Insiders
MAY 30, 2023
Artificial Intelligence (AI) has emerged as a disruptive force across various industries, and its potential impact on healthcare is nothing short of revolutionary. With advancements in machine learning and data analytics, AI has the ability to transform healthcare delivery, improve patient outcomes, and enhance overall efficiency. This article explores the key areas where AI is making a significant impact in healthcare and discusses the benefits and challenges associated with its implementation.
Bleeping Computer
MAY 30, 2023
Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers' Email Security Gateway (ESG) appliances with custom malware and steal data. [.
CSO Magazine
MAY 30, 2023
By Microsoft Security Hybrid and multicloud adoption are par for the course for enterprise businesses, with 86% of organizations planning to increase their investment in the technology. And while cloud technology does bring inherent advantages—namely flexibility, cost-effectiveness, improved disaster recovery, increased security, better compliance, and better performance—it can also lead to increased cybersecurity risks if not managed properly.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
MAY 30, 2023
Everyone should be familiar with ransomware and its impact on businesses by now. But while you may understand the very basics of ransomware, you can’t really protect your organization until you are familiar with the entire ransomware attack life cycle from the time threat actors get into your system until you make the decision whether. The post Understanding the Progression of a Ransomware Attack appeared first on Security Boulevard.
CSO Magazine
MAY 30, 2023
Finding qualified staff to replace vacancies or build out an expanding team can be a nightmare for already overburdened CISOs, especially given there’s a pernicious and ongoing shortage of skilled cybersecurity workers in the job market. One creative alternative to frustratedly trolling job-search sites is to look inward, rather than outward — to find capable, smart people already working at a company in other areas and train them to fill roles on the cyber team.
CyberSecurity Insiders
MAY 30, 2023
Introduction Today you look at the Global/Multi-site Enterprise Security Architecture of an organization and see a myriad of concerns. Increased levels of complexity, difficulties managing multiple third parties, difficulties implementing consistent levels of security, and so on. This makes it imperative for organizations to identify opportunities to simplify, streamline, and generally improve their infrastructure wherever possible.
Dark Reading
MAY 30, 2023
A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
MAY 30, 2023
The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. [.
Security Boulevard
MAY 30, 2023
Cyber threats have steadily intensified each year since I began writing about privacy and cybersecurity for USA TODAY in 2004. Related: What China’s spy balloons portend A stark reminder of this relentless malaise: the global cyber security market is … (more…) The post Author Q&A: Former privacy officer urges leaders to prioritize security as part of cloud migration appeared first on Security Boulevard.
CyberSecurity Insiders
MAY 30, 2023
Google has released its new AI chat service dubbed Bard in over 180 countries, with 15 more to follow by the end of next month. Bard is nothing but a Google owned and a sure-shot competitor to Microsoft-owned OpenAI-developed ChatGPT service that can answer anything and everything. But there’s more to the release of the Alphabet Inc. company, and here’s some knowledge to share about it: 1.
The Hacker News
MAY 30, 2023
Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868 (CVSS score: N/A), has been actively exploited for at least seven months prior to its discovery.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
MAY 30, 2023
“file archiver in the browser” is a new phishing technique that can be exploited by phishers when victims visit a.ZIP domain. A new phishing technique called “file archiver in the browser” can be used by phishers to “emulate” a file archiver software in a web browser when a victim visits a.ZIP domain. The security researcher mr.d0x detailed the new attack technique.
Approachable Cyber Threats
MAY 30, 2023
Category Awareness, Cybersecurity Fundamentals, Physical Security Risk Level You may have thought that hackers wore black suits and rappelled off the roof to hack a company, but that only exists in Hollywood. In real life, human error remains one of the leading causes of cybersecurity breaches. Making errors is an inevitable aspect of being human. It is important that we learn from those errors and develop processes to prevent future mistakes.
Security Boulevard
MAY 30, 2023
Do you Know how to Protect Against Ransomware in 2023? Ransomware has quickly become one of the biggest cyberthreats facing any business. Over the last couple of years, this type of attack has hugely grown in profile. Yet the ransomware attacks being launched in 2023 are very different from those [.] The post Do you Know how to Protect Against Ransomware in 2023?
The Hacker News
MAY 30, 2023
Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
271 
Let's personalize your content