Sat.May 06, 2023 - Fri.May 12, 2023

article thumbnail

FBI Disables Russian Malware

Schneier on Security

Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.” The headline says that the FBI “sabotaged” the malware, which seems to be wrong.

Malware 332
article thumbnail

Microsoft Patch Tuesday, May 2023 Edition

Krebs on Security

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction.

Malware 291
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cloud, Workforce, Cyber and AI: NASCIO Midyear 2023

Lohrman on Security

The National Association of State Chief Information Officers held their 2023 Midyear Conference in National Harbor, Md., this past week. Here are some top takeaways from the program and state leadership conversations.

270
270
article thumbnail

GUEST ESSAY: How to close the skills gap by dipping into hidden pools of cybersecurity talent

The Last Watchdog

There is no doubt there is a constant and growing concern amongst CEO’s, and particularly CISO’s, concerning the hiring of the cybersecurity talent their organizations require to safeguard against cyberattacks. According to Cybersecurity Ventures, by 2025 there will exist a gap of over 3.5 million unfilled cybersecurity positions. Moreover, of the current worldwide workforce, surveys conducted by PwC have shown that there is only a 38 percent ‘availability of key skills ’, considering the new an

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Ted Chiang on the Risks of AI

Schneier on Security

Ted Chiang has an excellent essay in the New Yorker : “Will A.I. Become the New McKinsey?” The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different meanings of the term “A.I.” If you think of A.I. as a broad set of technologies being marketed to companies to help them cut their costs, the question becomes: how do we keep those technologies fro

Risk 330
article thumbnail

Feds Take Down 13 More DDoS-for-Hire Services

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “ booter ” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters.

DDOS 285

LifeWorks

More Trending

article thumbnail

RSAC Fireside Chat: Keeping persistent email threats at bay requires deeper, cloud-layer vigilance

The Last Watchdog

Email remains by far the no.1 business communications tool. Meanwhile, weaponized email continues to pose a clear and present threat to all businesses. Related: The need for timely training At RSA Conference 2023 , I learned all about a new category of email security — referred to as integrated cloud email security ( ICES ) – that is helping companies more effectively keep email threats in check.

article thumbnail

AI Hacking Village at DEF CON This Year

Schneier on Security

At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will rely on an evaluation platform developed by Scale AI, a California company that produces training for AI applications. Participants will be given laptops to use to attack the models. Any bugs discovered will be disclosed using industry-standard responsible disclosure practices.

Hacking 289
article thumbnail

Making Products That Are Kinder Than Necessary: A Product Designer’s Career Path

Duo's Security Blog

Principal Product Designer Jake Ingman feels lucky that he’s been able to find a role that combines his passion for cybersecurity, design and engineering. Bringing Minnesota nice to a kinder than necessary culture that values design has allowed Ingman to infuse Duo products with empathy while defining his product design career path. If that’s the way you want to innovate, check out our open roles.

article thumbnail

Google offers certificate in cybersecurity, no dorm room required 

Tech Republic Security

Google adds a Cybersecurity Certificate to its Career Certificates program, which offers paths to such enterprise tech fields as data analytics, IT support and business intelligence. The post Google offers certificate in cybersecurity, no dorm room required appeared first on TechRepublic.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

MY TAKE: DigiCert and Oracle partner to extend digital trust and scalable infrastructure globally

The Last Watchdog

One meeting I had at RSA Conference 2023 , was a briefing about a new partnership , announced this morning, between a top-rung Silicon Valley tech giant and the leading provider of digital trust. Related: Centralizing control of digital certificates I had the chance to sit down with Deepika Chauhan , DigiCert’s Chief Product Officer, and Mike Cavanagh , Oracle’s Group Vice President, ISV Cloud for North America.

article thumbnail

PIPEDREAM Malware against Industrial Control Systems

Schneier on Security

Another nation-state malware , Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial control systems (ICSs).

Malware 273
article thumbnail

YouTube tests blocking videos unless you disable ad blockers

Bleeping Computer

YouTube is running an experiment asking some users to disable their ad blockers or pay for a premium subscription, or they will not be allowed to watch videos. [.

article thumbnail

Apple ID: 3 things to remember when changing this password

Tech Republic Security

Changing an Apple ID password typically isn't as simple as just entering a replacement password. Prepare more effectively for the process by remembering three key facts. The post Apple ID: 3 things to remember when changing this password appeared first on TechRepublic.

Passwords 203
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Knives Out for TikTok as Journo Reveals her Spy Story

Security Boulevard

Clock Ticking for U.S. Ban: FT’s Cristina Criddle claims ByteDance spied on her—because she wrote damaging stories about TikTok. The post Knives Out for TikTok as Journo Reveals her Spy Story appeared first on Security Boulevard.

article thumbnail

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

The Hacker News

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.

article thumbnail

Discord discloses data breach after support agent got hacked

Bleeping Computer

Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised. [.

article thumbnail

How to remove specific cookies from Microsoft Edge

Tech Republic Security

A corrupted cookie could block access to a site. You could delete all Microsoft Edge cookies to solve the problem, but that isn't necessary. The post How to remove specific cookies from Microsoft Edge appeared first on TechRepublic.

Software 183
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How Compliance Automation Can Transform Your Next Audit

CyberSecurity Insiders

Automation transforms the audit experience. What was once a burden to bear becomes a competitive advantage that lets your company maximize every opportunity. Streamlining the audit process is not the only benefit compliance automation. From higher productivity to stronger security posture, automation improves your compliance program. Learn more about the benefits of compliance automation and then schedule a demo to see how you can streamline your audit processes.

Risk 139
article thumbnail

New ransomware trends in 2023

SecureList

Ransomware keeps making headlines. In a quest for profits, attackers target all types of organizations, from healthcare and educational institutions to service providers and industrial enterprises, affecting almost every aspect of our lives. In 2022, Kaspersky solutions detected over 74.2M attempted ransomware attacks which was 20% more than in 2021 (61.7M).

article thumbnail

WordPress Elementor plugin bug let attackers hijack accounts on 1M sites

Bleeping Computer

One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain administrator rights on the site. [.

article thumbnail

How to secure your Mac’s data via Full Disk Access settings

Tech Republic Security

Learn one of the most effective ways to secure your Mac’s data within seconds. The post How to secure your Mac’s data via Full Disk Access settings appeared first on TechRepublic.

Software 179
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years

Dark Reading

While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.

Firmware 138
article thumbnail

Small- and medium-sized businesses: don’t give up on cybersecurity

CSO Magazine

In today’s increasingly hostile environment, every enterprise, be they big or small, should be concerned about cybersecurity and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world. Yet time and again, we see small- and medium-sized businesses (SMBs) left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt.

article thumbnail

Microsoft enforces number matching to fight MFA fatigue attacks

Bleeping Computer

Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication (MFA) fatigue attacks. [.

article thumbnail

Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance

The Hacker News

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

FBI Disarms Russian FSB 'Snake' Malware Network

Dark Reading

Operation "Medusa" disabled Turla's Snake malware with an FBI-created tool called Perseus.

Malware 134
article thumbnail

Make them pay: Hackers devise new tactics to ensure ransomware payment

CSO Magazine

Ransomware remains one of the biggest cyber threats that organizations and governments continue to face. However, hackers are engineering new ways to extract ransom from their victims as organizations take a conscious call to decline ransom payment demands. With the fall of the most notorious ransomware gang Conti in May 2022, it was assumed that ransomware attacks would see a major decline.

article thumbnail

Multinational tech firm ABB hit by Black Basta ransomware attack

Bleeping Computer

Swiss multinational company ABB, a leading electrification and automation technology provider, has suffered a Black Basta ransomware attack, reportedly impacting business operations. [.

article thumbnail

Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?

Naked Security

When blocking buggy bootup modules, you have to be really careful not to lock your keys inside the car.

131
131
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!