Sat.May 06, 2023 - Fri.May 12, 2023

article thumbnail

FBI Disables Russian Malware

Schneier on Security

Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.” The headline says that the FBI “sabotaged” the malware, which seems to be wrong.

Malware 261
article thumbnail

Microsoft Patch Tuesday, May 2023 Edition

Krebs on Security

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction.

Malware 224
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How cyberstalkers could access your iPhone using the Windows Phone Link app

Tech Republic Security

Someone who gains physical access to an iPhone or Android phone could use the Phone Link app to spy on the user’s text messages, phone calls and notifications, says Certo. The post How cyberstalkers could access your iPhone using the Windows Phone Link app appeared first on TechRepublic.

Mobile 207
article thumbnail

Multinational tech firm ABB hit by Black Basta ransomware attack

Bleeping Computer

Swiss multinational company ABB, a leading electrification and automation technology provider, has suffered a Black Basta ransomware attack, reportedly impacting business operations. [.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Building Trustworthy AI

Schneier on Security

We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives, and capabilities behind them, too. Imagine you’re using an AI chatbot to plan a vacation. Did it suggest a particular resort because it knows your preferences, or because the company is getting a kickback from the hotel chain?

article thumbnail

Feds Take Down 13 More DDoS-for-Hire Services

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “ booter ” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters.

DDOS 224

More Trending

article thumbnail

Making Products That Are Kinder Than Necessary: A Product Designer’s Career Path

Duo's Security Blog

Principal Product Designer Jake Ingman feels lucky that he’s been able to find a role that combines his passion for cybersecurity, design and engineering. Bringing Minnesota nice to a kinder than necessary culture that values design has allowed Ingman to infuse Duo products with empathy while defining his product design career path. If that’s the way you want to innovate, check out our open roles.

article thumbnail

Ted Chiang on the Risks of AI

Schneier on Security

Ted Chiang has an excellent essay in the New Yorker : “Will A.I. Become the New McKinsey?” The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different meanings of the term “A.I.” If you think of A.I. as a broad set of technologies being marketed to companies to help them cut their costs, the question becomes: how do we keep those technologies fro

Risk 254
article thumbnail

Knives Out for TikTok as Journo Reveals her Spy Story

Security Boulevard

Clock Ticking for U.S. Ban: FT’s Cristina Criddle claims ByteDance spied on her—because she wrote damaging stories about TikTok. The post Knives Out for TikTok as Journo Reveals her Spy Story appeared first on Security Boulevard.

article thumbnail

Apple ID: 3 things to remember when changing this password

Tech Republic Security

Changing an Apple ID password typically isn't as simple as just entering a replacement password. Prepare more effectively for the process by remembering three key facts. The post Apple ID: 3 things to remember when changing this password appeared first on TechRepublic.

Passwords 192
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

WordPress Elementor plugin bug let attackers hijack accounts on 1M sites

Bleeping Computer

One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain administrator rights on the site. [.

article thumbnail

AI Hacking Village at DEF CON This Year

Schneier on Security

At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will rely on an evaluation platform developed by Scale AI, a California company that produces training for AI applications. Participants will be given laptops to use to attack the models. Any bugs discovered will be disclosed using industry-standard responsible disclosure practices.

Hacking 228
article thumbnail

How Compliance Automation Can Transform Your Next Audit

CyberSecurity Insiders

Automation transforms the audit experience. What was once a burden to bear becomes a competitive advantage that lets your company maximize every opportunity. Streamlining the audit process is not the only benefit compliance automation. From higher productivity to stronger security posture, automation improves your compliance program. Learn more about the benefits of compliance automation and then schedule a demo to see how you can streamline your audit processes.

Risk 139
article thumbnail

White House addresses AI’s risks and rewards as security experts voice concerns about malicious use

Tech Republic Security

The Biden administration, last week, articulated aims to put guardrails around generative and other AI, while attackers get bolder using the technology. The post White House addresses AI’s risks and rewards as security experts voice concerns about malicious use appeared first on TechRepublic.

Risk 173
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

QR codes used in fake parking tickets, surveys to steal your money

Bleeping Computer

As QR codes continue to be heavily used by legitimate organizations—from Super Bowl advertisements to enforcing parking fees and fines, scammers have crept in to abuse the very technology for their nefarious purposes. A woman in Singapore reportedly lost $20,000 after using a QR code to fill out a "survey" at a bubble tea shop. [.

article thumbnail

Small- and medium-sized businesses: don’t give up on cybersecurity

CSO Magazine

In today’s increasingly hostile environment, every enterprise, be they big or small, should be concerned about cybersecurity and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world. Yet time and again, we see small- and medium-sized businesses (SMBs) left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt.

article thumbnail

Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years

Dark Reading

While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.

Firmware 138
article thumbnail

How to remove specific cookies from Microsoft Edge

Tech Republic Security

A corrupted cookie could block access to a site. You could delete all Microsoft Edge cookies to solve the problem, but that isn't necessary. The post How to remove specific cookies from Microsoft Edge appeared first on TechRepublic.

Software 169
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

CISA warns of critical Ruckus bug used to infect Wi-Fi access points

Bleeping Computer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a critical remote code execution (RCE) flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet. [.

Wireless 139
article thumbnail

Make them pay: Hackers devise new tactics to ensure ransomware payment

CSO Magazine

Ransomware remains one of the biggest cyber threats that organizations and governments continue to face. However, hackers are engineering new ways to extract ransom from their victims as organizations take a conscious call to decline ransom payment demands. With the fall of the most notorious ransomware gang Conti in May 2022, it was assumed that ransomware attacks would see a major decline.

article thumbnail

Firing the Vulnerability Disclosure Fire-Drill Mentality

CyberSecurity Insiders

Omer Carmi, VP of Threat Intelligence, Cybersixgill When I was in elementary school, we had a routine fire drill. The alarm bells would ring, and we were expected to drop everything and run outside as quickly as possible. As a young child, this was frightening, even upsetting, and we initially took it very seriously. The drills continued through our school years, yet we responded in a much different way by the time we reached high school: The alarm bells would ring, we’d shrug, pick up our stuff

CISO 128
article thumbnail

How to secure your Mac’s data via Full Disk Access settings

Tech Republic Security

Learn one of the most effective ways to secure your Mac’s data within seconds. The post How to secure your Mac’s data via Full Disk Access settings appeared first on TechRepublic.

Software 151
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Intel investigating leak of Intel Boot Guard private keys after MSI breach

Bleeping Computer

Intel is investigating the leak of alleged private keys used by the Intel BootGuard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices. [.

Firmware 139
article thumbnail

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

The Hacker News

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.

article thumbnail

Lessons From the Fortune 100 About Cloud-Native Application Security 

CyberSecurity Insiders

By Ratan Tipirneni, President and CEO, Tigera While cloud-native technologies are relatively new to many businesses, Global 2,000 companies have run containers and distributed applications at scale for over a decade. Although these household-name companies are high-profile targets for hackers, they have avoided devastating security incidents. This is evidence of their holistic security strategies and advanced tactics.

Software 127
article thumbnail

70% of US IT Leaders Told Not to Disclose Data Breaches

Security Boulevard

Not all cybersecurity breaches get reported. A new report from Bitdefender found that although IT leaders have an obligation to report attacks, over 42% of them have been told to keep quiet when a breach should have been reported. Shockingly, in the U.S., this number rises to 70.7%. IT leaders may have reasons to keep. The post 70% of US IT Leaders Told Not to Disclose Data Breaches appeared first on Security Boulevard.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

YouTube tests blocking videos unless you disable ad blockers

Bleeping Computer

YouTube is running an experiment asking some users to disable their ad blockers or pay for a premium subscription, or they will not be allowed to watch videos. [.

article thumbnail

Cybersecurity stress returns after a brief calm: ProofPoint report

CSO Magazine

Global cybersecurity concerns are returning to pandemic levels as 68% of CISOs from 16 countries said they fear a cyberattack in the next 12 months, according to a ProofPoint survey. “With the disruption of the pandemic now largely behind us, the return to normal operations may imply that CISOs can breathe easier, but the opposite is true,” said Lucia Milică Stacy, Global Resident CISO of Proofpoint.

CISO 123
article thumbnail

Australia TechnologyOne hit by a Cyber Attack

CyberSecurity Insiders

TechnologyOne, the Australia-based trading firm, has issued a statement stating that some of its systems were targeted by a cyber attack, as a result of which it halted the entire trading process, impacting millions of customers. Unconfirmed sources state that the attack is of the ransomware genre and has impacted a few of the servers related to the software maker.

article thumbnail

Okta Adds Security Center to Provide Real-Time Threat Visibility

Security Boulevard

Okta this week made available Security Center, an extension of the Okta Customer Identity Cloud that provides a real-time view of authentication events, potential security incidents and threat response efficacy. Ian Hassard, senior director of product management for Okta, said Security Center will enable organizations to monitor attacks that compromise the identity of end users.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.