Schneier on Security
MAY 10, 2023
Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.” The headline says that the FBI “sabotaged” the malware, which seems to be wrong.
Krebs on Security
MAY 9, 2023
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
MAY 8, 2023
There is no doubt there is a constant and growing concern amongst CEO’s, and particularly CISO’s, concerning the hiring of the cybersecurity talent their organizations require to safeguard against cyberattacks. According to Cybersecurity Ventures, by 2025 there will exist a gap of over 3.5 million unfilled cybersecurity positions. Moreover, of the current worldwide workforce, surveys conducted by PwC have shown that there is only a 38 percent ‘availability of key skills ’, considering the new an
Lohrman on Security
MAY 7, 2023
The National Association of State Chief Information Officers held their 2023 Midyear Conference in National Harbor, Md., this past week. Here are some top takeaways from the program and state leadership conversations.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
MAY 12, 2023
Ted Chiang has an excellent essay in the New Yorker : “Will A.I. Become the New McKinsey?” The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different meanings of the term “A.I.” If you think of A.I. as a broad set of technologies being marketed to companies to help them cut their costs, the question becomes: how do we keep those technologies fro
Krebs on Security
MAY 9, 2023
The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “ booter ” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
MAY 12, 2023
Someone who gains physical access to an iPhone or Android phone could use the Phone Link app to spy on the user’s text messages, phone calls and notifications, says Certo. The post How cyberstalkers could access your iPhone using the Windows Phone Link app appeared first on TechRepublic.
Schneier on Security
MAY 11, 2023
We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives, and capabilities behind them, too. Imagine you’re using an AI chatbot to plan a vacation. Did it suggest a particular resort because it knows your preferences, or because the company is getting a kickback from the hotel chain?
Duo's Security Blog
MAY 9, 2023
Principal Product Designer Jake Ingman feels lucky that he’s been able to find a role that combines his passion for cybersecurity, design and engineering. Bringing Minnesota nice to a kinder than necessary culture that values design has allowed Ingman to infuse Duo products with empathy while defining his product design career path. If that’s the way you want to innovate, check out our open roles.
The Last Watchdog
MAY 9, 2023
One meeting I had at RSA Conference 2023 , was a briefing about a new partnership , announced this morning, between a top-rung Silicon Valley tech giant and the leading provider of digital trust. Related: Centralizing control of digital certificates I had the chance to sit down with Deepika Chauhan , DigiCert’s Chief Product Officer, and Mike Cavanagh , Oracle’s Group Vice President, ISV Cloud for North America.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
MAY 11, 2023
Google adds a Cybersecurity Certificate to its Career Certificates program, which offers paths to such enterprise tech fields as data analytics, IT support and business intelligence. The post Google offers certificate in cybersecurity, no dorm room required appeared first on TechRepublic.
Schneier on Security
MAY 8, 2023
At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will rely on an evaluation platform developed by Scale AI, a California company that produces training for AI applications. Participants will be given laptops to use to attack the models. Any bugs discovered will be disclosed using industry-standard responsible disclosure practices.
Bleeping Computer
MAY 10, 2023
YouTube is running an experiment asking some users to disable their ad blockers or pay for a premium subscription, or they will not be allowed to watch videos. [.
Security Boulevard
MAY 8, 2023
Clock Ticking for U.S. Ban: FT’s Cristina Criddle claims ByteDance spied on her—because she wrote damaging stories about TikTok. The post Knives Out for TikTok as Journo Reveals her Spy Story appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
MAY 9, 2023
Changing an Apple ID password typically isn't as simple as just entering a replacement password. Prepare more effectively for the process by remembering three key facts. The post Apple ID: 3 things to remember when changing this password appeared first on TechRepublic.
Schneier on Security
MAY 9, 2023
Another nation-state malware , Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial control systems (ICSs).
Bleeping Computer
MAY 12, 2023
Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised. [.
The Hacker News
MAY 10, 2023
Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
MAY 10, 2023
A corrupted cookie could block access to a site. You could delete all Microsoft Edge cookies to solve the problem, but that isn't necessary. The post How to remove specific cookies from Microsoft Edge appeared first on TechRepublic.
SecureList
MAY 11, 2023
Ransomware keeps making headlines. In a quest for profits, attackers target all types of organizations, from healthcare and educational institutions to service providers and industrial enterprises, affecting almost every aspect of our lives. In 2022, Kaspersky solutions detected over 74.2M attempted ransomware attacks which was 20% more than in 2021 (61.7M).
Bleeping Computer
MAY 11, 2023
One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain administrator rights on the site. [.
CyberSecurity Insiders
MAY 12, 2023
Automation transforms the audit experience. What was once a burden to bear becomes a competitive advantage that lets your company maximize every opportunity. Streamlining the audit process is not the only benefit compliance automation. From higher productivity to stronger security posture, automation improves your compliance program. Learn more about the benefits of compliance automation and then schedule a demo to see how you can streamline your audit processes.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MAY 8, 2023
Learn one of the most effective ways to secure your Mac’s data within seconds. The post How to secure your Mac’s data via Full Disk Access settings appeared first on TechRepublic.
Dark Reading
MAY 10, 2023
While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.
Bleeping Computer
MAY 11, 2023
Swiss multinational company ABB, a leading electrification and automation technology provider, has suffered a Black Basta ransomware attack, reportedly impacting business operations. [.
CSO Magazine
MAY 9, 2023
In today’s increasingly hostile environment, every enterprise, be they big or small, should be concerned about cybersecurity and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world. Yet time and again, we see small- and medium-sized businesses (SMBs) left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
MAY 12, 2023
As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution.
Dark Reading
MAY 9, 2023
Operation "Medusa" disabled Turla's Snake malware with an FBI-created tool called Perseus.
Bleeping Computer
MAY 8, 2023
Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication (MFA) fatigue attacks. [.
CSO Magazine
MAY 10, 2023
Ransomware remains one of the biggest cyber threats that organizations and governments continue to face. However, hackers are engineering new ways to extract ransom from their victims as organizations take a conscious call to decline ransom payment demands. With the fall of the most notorious ransomware gang Conti in May 2022, it was assumed that ransomware attacks would see a major decline.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
325 
Let's personalize your content