Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev , a.k.a. “ Wazawaka ” and “ Boriselcin ” worked with three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies.

Ransomware 280

Ransomware Cybercrime VPN Healthcare 280

Daniel Miessler

MAY 15, 2023

Introduction Purpose Components Attacks Discussion Summary Introduction This resource is a first thrust at a framework for thinking about how to attack AI systems. At the time of writing, GPT-4 has only been out for a couple of months, and ChatGPT for only 6 months. So things are very early. There has been, of course, much content on attacking pre-ChatGPT AI systems, namely how to attack machine learning implementations.

Technology 364

Technology Internet Internet Mobile 364

Schneier on Security

MAY 15, 2023

Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do.

Software 277

Software Ransomware 277

Lohrman on Security

MAY 14, 2023

Depending on who you talk with or what stories you read, Open AI and ChatGPT may be the greatest things in the world — or the beginning of the end for humanity.

Risk 240

Risk 240

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

MAY 17, 2023

Get technical details about how the cybercriminals are targeting this vulnerability, who is impacted, and how to detect and protect against this security threat. The post PaperCut vulnerability abused by several threat actors could impact 70,000 organizations appeared first on TechRepublic.

Ransomware 193

Ransomware Cybersecurity Network Security 193

Bleeping Computer

MAY 18, 2023

The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. [.

Passwords 144

Passwords Password Management 144

Security Boulevard

MAY 19, 2023

Om Nom Nom Nom Nom: Privacy Sandbox inching towards reality. But concerns remain. The post Google Chrome 3rd Party Cookies Crumbling — Finally! appeared first on Security Boulevard.

Security Awareness 144

Security Awareness Mobile Risk Government 144

Tech Republic Security

MAY 15, 2023

A new report from Proofpoint provides global insight into CISOs' challenges, expectations and priorities for 2023. The post Survey: Most CISOs feel their business is at risk for cyberattack appeared first on TechRepublic.

CISO 190

CISO Risk Big data Ransomware 190

Bleeping Computer

MAY 16, 2023

A financially motivated cybergang tracked by Mandiant as 'UNC3944' is using phishing and SIM swapping attacks to hijack Microsoft Azure admin accounts and gain access to virtual machines. [.

Phishing 142

Phishing Accountability 142

Schneier on Security

MAY 14, 2023

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST. The list is maintained on this page.

233

233

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Duo's Security Blog

MAY 16, 2023

What do Duo and the Guardians of the Galaxy have in common? They’re superheroes who save their galaxies from unexpected threats. Tech smarts and teamwork are critical to superhero-level protection, no matter what threats you’re facing. How do you protect your galaxy against cyber attacks? In Marvel Studios’ Guardians of the Galaxy Vol. 3, Groot is locked and loaded with bigger and more advanced skills, Mantis has opened up and embraced her powers to help protect her family, and Nebula has brand-

Cyber Attacks 141

Cyber Attacks Cybersecurity Engineering 141

Tech Republic Security

MAY 18, 2023

Learn what the expanded cloud offerings mean for potentially smoothing out the line between DevOps and SecOps. The post What is IBM Hybrid Cloud Mesh? appeared first on TechRepublic.

Digital transformation 177

Digital transformation Network Security 177

Bleeping Computer

MAY 19, 2023

ASUS has apologized to its customers for a server-side security maintenance error that has caused a wide range of impacted router models to lose network connectivity. [.

Technology 145

Technology 145

CSO Magazine

MAY 17, 2023

As digital transactions with customers, employees, suppliers, and other stakeholders grow, digital trustworthiness is set to become one of the most important enterprise-wide initiatives with the biggest potential impact (both negative and positive), even though it often has the smallest budget allocation. “Organizations are focusing on security and privacy, but if your customers don’t trust you, they will go elsewhere,” says Mark Thomas president of Escoute Consulting, which specializes in compl

136

136

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

MAY 17, 2023

by John Spiegel, Director of Strategy, Axis Security Gartner just released the 2023 version of their “Magic Quadrant” for Secure Service Edge or SSE. Cheers are being heard from the companies who scored upper righthand and jeers being shouted for those companies who did not enjoy where they landed on Gartner’s matrix. Over the next few months, there will be a lot of noise coming from all the vendors.

Architecture 136

Architecture Engineering Marketing Internet 136

Tech Republic Security

MAY 15, 2023

Abnormal Security is tracking cybercriminals from an unusual location for business email compromises who are using sophisticated spoofing to spur payments for fake acquisitions. The post Israel-based threat actors show growing sophistication of email attacks appeared first on TechRepublic.

Phishing 165

Phishing Cybersecurity 165

Bleeping Computer

MAY 17, 2023

Cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times. [.

Passwords 141

Passwords 141

The Hacker News

MAY 15, 2023

Poorly managed Microsoft SQL (MS SQL) servers are the target of a new campaign that's designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware.

Malware 135

Malware Ransomware Cryptocurrency 135

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Trend Micro

MAY 14, 2023

Water Orthrus has been active recently with two new campaigns. CopperStealth uses a rootkit to install malware on infected systems, while CopperPhish steals credit card information. This blog will provide the structure of the campaign and how they work.

Phishing 133

Phishing Malware 133

Tech Republic Security

MAY 19, 2023

New BEC cyberattacks use phishing with a legitimate Dropbox link as a lure for malware and credentials theft. The post How business email compromise attacks emulate legitimate web services to lure clicks appeared first on TechRepublic.

Phishing 162

Phishing Malware Cybersecurity 162

Bleeping Computer

MAY 18, 2023

Hackers are now actively probing for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites in massive Internet scans, attempting to exploit a critical account password reset flaw disclosed earlier in the month. [.

Passwords 138

Passwords Internet Internet Accountability 138

Security Boulevard

MAY 16, 2023

Insecure applications come with a cost that can be measured in billions of dollars of losses. I recently spoke with Brook Schoenfield, a distinguished engineer who quietly describes himself as an “Elder AppSec Diplomat,” on the eve of the RSA Conference. Schoenfield is the quintessential walking, talking go-to resource on anything involved with application security.

Engineering 133

Engineering Cybersecurity 133

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Thales Cloud Protection & Licensing

MAY 17, 2023

Ransomware – Stop’em Before They Wreak Havoc madhav Thu, 05/18/2023 - 06:03 Cybercriminals have been making a run on your data with ransomware attacks over the last decade in increasing frequency. They wreak havoc by bringing critical infrastructures, supply chains, hospitals, and city services to a grinding halt. Cybersecurity Ventures predicts by 2031 ransomware will cost victims $265 billion annually, and it will affect a business, consumer, or device every 2 seconds.

Ransomware 127

Ransomware Encryption Authentication System Administration 127

Tech Republic Security

MAY 15, 2023

Artificial intelligence art service Midjourney and Shutterstock will identify their computer-generated images in Google Search. The post Google combats AI misinformation with Search labels, adds dark web security upgrades appeared first on TechRepublic.

Artificial Intelligence 162

Artificial Intelligence Software Cybersecurity 162

Dark Reading

MAY 18, 2023

Cybercrime group that often uses smishing for initial access bypassed traditional OS targeting and evasion techniques to directly gain access to the cloud.

Cybercrime 141

Cybercrime 141

Security Boulevard

MAY 18, 2023

ChatGPT has become a powerful tool for security professionals seeking to enrich their work. However, its widespread use has raised concerns about the potential for bad actors to misuse the technology. Experts are worried that ChatGPT’s ability to source recent data about an organization could make social engineering and phishing attacks more effective than ever.

Phishing 130

Phishing Social Engineering Engineering Technology 130

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

MAY 19, 2023

CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization (ASLR) protection. [.

134

134

Tech Republic Security

MAY 16, 2023

Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses. The post The top 6 enterprise VPN solutions to use in 2023 appeared first on TechRepublic.

VPN 156

VPN Software 156

CyberSecurity Insiders

MAY 14, 2023

The rise of cloud computing has provided individuals and businesses with a convenient way to store and access their data. However, with this convenience comes a concern about data security. Cloud storage services have become a target for hackers, and the theft of personal and sensitive information can have serious consequences. So, how is information stored in the cloud secured from hacks?

Hacking 128

Hacking Antivirus Firewall Encryption 128

Security Boulevard

MAY 19, 2023

This blog post explores the DevSecOps best practices that development teams can use to ensure that security is ingrained in the development process. The post 7 Essential DevSecOps Best Practices Every Development Team Should Implement appeared first on Security Boulevard.

126

126

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity