article thumbnail

Microsoft Patch Tuesday, November 2023 Edition

Krebs on Security

The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. Microsoft says it is relatively straightforward for attackers to exploit CVE-2023-36036 as a way to elevate their privileges on a compromised PC.

article thumbnail

Microsoft Patch Tuesday, February 2023 Edition

Krebs on Security

Redmond flags CVE-2023-23376 as an “Important” elevation of privilege vulnerability in the Windows Common Log File System Driver , which is present in Windows 10 and 11 systems, as well as many server versions of Windows. Microsoft’s security advisories are somewhat sparse with details about the zero-day bugs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Patch Tuesday, January 2023 Edition

Krebs on Security

Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. Of particular concern for organizations running Microsoft SharePoint Server is CVE-2023-21743. Microsoft says this flaw is “more likely to be exploited” at some point.

Software 281
article thumbnail

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Schneier on Security

Zero-day vulnerabilities are more commonly used , according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets.

article thumbnail

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

July 13th, 2023 at 9:30am PDT, 12:30pm EDT, 5:30pm BST

article thumbnail

Patch Tuesday, October 2023 Edition

Krebs on Security

The patch fixes CVE-2023-42724 , which attackers have been using in targeted attacks to elevate their access on a local device. Apple said it also patched CVE-2023-5217 , which is not listed as a zero-day bug. ” Microsoft also patched zero-day bugs in Skype for Business ( CVE-2023-41763 ) and Wordpad ( CVE-2023-36563 ).

article thumbnail

The Top 23 Security Predictions for 2023 (Part 1)

Lohrman on Security

Here’s part 1 of your annual roundup of security industry forecasts for 2023 and beyond. After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next?

article thumbnail

Exploring the Overlap: Cost Optimization and Digital Transformation

Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM

April 19th, 2023 at 9:30 am PDT, 12:30 pm EDT, 4:30 pm GMT

article thumbnail

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

Speaker: Elizabeth "Paige" Baumann, Founder and CEO of Paige Baumann Advisory, LLC

March 22nd, 2023 at 9:30 am PDT, 12:30 pm EDT, 4:30 pm GMT Treasury’s Financial Crimes Enforcement Network (FinCEN) pursuant to the AMLA so far Anticipated impacts of the AMLA to financial institutions required to have AML programs and other entities Save your seat and register today!

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

July 20th, 2023 at 9:30am PDT, 12:30pm EDT, 5:30pm BST This exclusive webinar with William Hord, Senior VP of Risk & Professional Services, will explore the answers to these questions and other foundational elements you need to start or validate your ERM program. Register today!

article thumbnail

Cybersecurity Predictions for 2024

We’ve recently looked back at what happened within cybersecurity in 2023. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

August 23, 2023 at 9:30am PDT, 12:30pm EDT, 5:30pm BST Bales, Esq. is here to teach you: How to break compliance and security down into discrete components Tips and strategies to establish a functional compliance and security protocol for your organization Why compliance and security are moving targets - your job is never “done” And more!

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). In this eBook, we will look at the 2023 report and explore the most important cybersecurity stats and how to prevent them.

article thumbnail

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

May 18th, 2023 at 9:30 am PDT, 12:30 pm EDT, 5:30 pm BST

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

November 14th, 2023 at 9:30am PST, 12:30pm EST, 5:30pm GMT In this exclusive webinar with industry visionaries, you'll learn: The value of Software Composition Analysis Regulations impacting both software producers and buyers What a Software Bill of Materials is and why you need one Software supply chain security best practices.and more!