Krebs on Security

JUNE 6, 2023

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.

Accountability 262

Accountability Scams Cryptocurrency Advertising 262

Tech Republic Security

JUNE 6, 2023

Read the technical details about this zero-day MoveIT vulnerability, find out who is at risk, and learn how to detect and protect against this SQL injection attack. The post Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America appeared first on TechRepublic.

Risk 208

Risk Big data Software Ransomware 208

The Last Watchdog

JUNE 6, 2023

A cloud migration backlash, of sorts, is playing out. Related: Guidance for adding ZTNA to cloud platforms Many companies, indeed, are shifting to cloud-hosted IT infrastructure, and beyond that, to containerization and serverless architectures. However, a “back-migration,” as Michiel De Lepper , global enablement manager, at London-based Runecast , puts it, is also ramping up.

Cloud Migration 198

Cloud Migration Architecture Internet Internet 198

Tech Republic Security

JUNE 6, 2023

iOS 17 has been announced, and it's Apple’s best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it. The post iOS 17 cheat sheet: Release date, supported devices and more appeared first on TechRepublic.

Software 187

Software Mobile 187

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

CSO Magazine

JUNE 6, 2023

A global sensation since its initial release at the end of last year, ChatGPT 's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.

Malware 145

Malware Cybersecurity 145

Tech Republic Security

JUNE 6, 2023

In Verizon’s just-released 2023 Data Breach Investigations Report, money is king, and denial of service and social engineering still hold sway. The post Verizon 2023 DBIR: DDoS attacks dominate and pretexting lead to BEC growth appeared first on TechRepublic.

DDOS 167

DDOS Social Engineering Data breaches Engineering 167

Tech Republic Security

JUNE 6, 2023

At its Worldwide Developers conference, Apple unveiled supercomputation power on mobile and desktop devices, but the Vision Pro AR headset took center stage. The post WWDC 2023: Apple launches Vision Pro and raft of products powered by new chipsets appeared first on TechRepublic.

Mobile 148

Mobile Software 148

Naked Security

JUNE 6, 2023

Chrome 0-day patched now, Edge patch coming soon.

144

144

Tech Republic Security

JUNE 6, 2023

Google launched an open beta feature on June 5 that lets individuals and organizations log in to Workspace with public and private encrypted passkeys. The post Google launches passkeys for Workspace appeared first on TechRepublic.

Encryption 147

Encryption 147

Dark Reading

JUNE 6, 2023

Attackers could exploit a common AI experience — false recommendations — to spread malicious code via developers that use ChatGPT to create software.

Malware 136

Malware Software 136

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Bleeping Computer

JUNE 6, 2023

Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year. [.

130

130

Dark Reading

JUNE 6, 2023

Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.

Hacking 135

Hacking 135

Identity IQ

JUNE 6, 2023

Buying a Home? Here’s How Your Credit Will Affect Your Mortgage Rate IdentityIQ To buy a home , you need to apply for a mortgage. But before you do that, you should know how important your credit score is in the mortgage application process since it can significantly impact the mortgage rate you’ll be offered. In this blog, we break down the relationship between credit scores and mortgage rates to help you understand what to expect and how to prepare to buy a home.

Insurance 128

Insurance Identity Theft Risk Marketing 128

Bleeping Computer

JUNE 6, 2023

Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. [.

DDOS 128

DDOS 128

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

CSO Magazine

JUNE 6, 2023

Even though there is a growing demand for cybersecurity expertise at the highest levels of business, a significant number of public companies lack even one qualified cybersecurity expert on their board of directors, according to a study by cybersecurity research and advisory firm IANS. In addition, the study found that just a little more than one in 10 CISOs have all the key traits thought to be crucial for success on a corporate board.

CISO 118

CISO Marketing Cybersecurity 118

Bleeping Computer

JUNE 6, 2023

Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months. [.

Adware 119

Adware Mobile 119

CyberSecurity Insiders

JUNE 6, 2023

During the recent Worldwide Developers Conference (WWDC), Apple Inc. unveiled a range of new privacy and security features designed to enhance user protection. One notable feature is aimed at safeguarding children against online spying tools, while another focuses on maintaining user browsing history anonymity in the face of trackers. Additionally, iPhone users will now have the ability to access live transcripts of their voicemails, granting them the option to decide whether to answer incoming

Spyware 115

Spyware Cybersecurity 115

Dark Reading

JUNE 6, 2023

The company plans on disputing these fines once a final decision is made, but warned shareholders that it set aside the funds to pay it, nonetheless.

109

109

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

CyberSecurity Insiders

JUNE 6, 2023

According to a report published by Japanese news resource Nikkei, it has been revealed that the North Korean government is actively engaging in cyber attacks on the digital infrastructure of its adversaries. This information is not entirely new, as many are already aware of the country’s involvement in such activities. However, what sets this report apart is the claim that North Korea earns a significant portion of its annual income from cryptocurrency heists conducted through cyber attack

Data breaches 107

Data breaches Cyber Attacks VPN Cryptocurrency 107

We Live Security

JUNE 6, 2023

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future The post 7 tips for spotting a fake mobile app appeared first on WeLiveSecurity

Mobile 106

Mobile 106

CSO Magazine

JUNE 6, 2023

Despite years of modernization initiatives, CISOs are still contending with an old-school problem: shadow IT, technology that operates within an enterprise but is not officially sanctioned — or on the radar of — the IT department. Unvetted software, services, and equipment can be nightmare fuel for a security team, potentially introducing a lurking host of vulnerabilities, entry points for bad actors, and malware.

Risk 105

Risk CISO Technology Malware 105

Security Boulevard

JUNE 6, 2023

To pay or not to pay? That is the question leadership and security teams ask whenever they deal with a ransomware attack. The recommendation from the FBI is to not pay, stating on its website that “paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to. The post The FBI Could Help Retrieve Your Data After a Ransomware Attack appeared first on Security Boulevard.

Ransomware 105

Ransomware Risk Government Malware 105

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

JUNE 6, 2023

An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. "PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption," according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023.

Malware 102

Malware Encryption 102

Security Boulevard

JUNE 6, 2023

Introduction Open-source tools and packages are an essential part of the modern software development ecosystem. They are widely used by developers to speed up the development process and reduce the amount of work required to build complex systems. However, this convenience comes at a cost. Open-source packages can be compromised by attackers to deliver malicious […] The post Cyber Attack Due to Malicious Open-source Package appeared first on Kratikal Blogs.

Cyber Attacks 104

Cyber Attacks Software Hacking 104

The Hacker News

JUNE 6, 2023

Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergence continue to accelerate. Water treatment facilities, energy providers, factories, and chemical plants — the infrastructure that undergirds our daily lives could all be at risk.

Digital transformation 101

Digital transformation Risk 101

IT Security Guru

JUNE 6, 2023

With data from its SecurityCoach product, KnowBe4 has revealed the top 10 risky behaviours that employees have engaged in on their work devices. SecurityCoach helps IT/security professionals to develop a strong security culture by enabling real-time security coaching of their users in response to risky security behaviour. Leveraging an organisation’s existing security stack, IT/security professionals can configure their real-time coaching campaigns to immediately deliver a SecurityTip to their u

Social Engineering 99

Social Engineering Data breaches Backups Firewall 99

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

JUNE 6, 2023

Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023.

Engineering 101

Engineering 101

Security Affairs

JUNE 6, 2023

Threat actors have stolen more than $35 million from the decentralized cryptocurrency wallet platform Atomic Wallet. Atomic Wallet is a multi-currency cryptocurrency wallet that allows users to securely store, manage, and exchange various digital assets in a single application. It is designed to provide a user-friendly interface and a comprehensive set of features for managing cryptocurrencies.

Cryptocurrency 98

Cryptocurrency Hacking Accountability Information Security 98

The Hacker News

JUNE 6, 2023

Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular apps to redirect users to serve unwanted ads to users as part of a campaign ongoing since October 2022. "The campaign is designed to aggressively push adware to Android devices with the purpose to drive revenue," Bitdefender said in a technical report shared with The Hacker News.

Adware 100

Adware 100

Security Affairs

JUNE 6, 2023

Google released security updates to address a high-severity zero-day flaw in the Chrome web browser that it actively exploited in the wild. Google released security updates to address a high-severity vulnerability, tracked as CVE-2023-3079, in its Chrome web browser. The vulnerability is a type confusion issue that resides in the V8 JavaScript engine.

Engineering 98

Engineering Hacking Information Security 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!