Week in review: Microsoft fixes two actively exploited bugs, MSI private code signing keys leaked 14/05/2023 at 15:13 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Dragos blocks ransomware attack, brushes aside extortion attempt A ransomware group has tried and failed to extort money […]
React to this headline:
Greatness phishing-as-a-service threatens Microsoft 365 users 12/05/2023 at 13:20 By Helga Labus Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service (PaaS) tool called Greatness, created to phish Microsoft 365 users. According to Cisco researcher, this tool has been utilized in numerous phishing
React to this headline:
Greatness phishing-as-a-service threatens Microsoft 365 users Read More »
New infosec products of the week: May 12, 2023 12/05/2023 at 07:00 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Aqua Security, Feedzai, Nebulon, OpenVPN, Trua, and Zscaler. Aqua Security strengthens software supply chain security with pipeline integrity scanning Powered by eBPF technology, Aqua’s
React to this headline:
New infosec products of the week: May 12, 2023 Read More »
Fraud victims risk more than money 12/05/2023 at 06:30 By Help Net Security Digital fraud has significant financial and psychological repercussions on victims, according to Telesign. Businesses may find a new reason to fear digital fraud as the negative impacts of digital fraud on companies’ brand perception and the bottom line. Trust in digital world
React to this headline:
Fraud victims risk more than money Read More »
CISOs’ confidence in post-pandemic security landscape fades 12/05/2023 at 06:00 By Help Net Security Most CISOs have returned to the elevated concerns they experienced early in the pandemic, according to Proofpoint. Elevated concerns among CISOs Globally, 68% of surveyed CISOs feel at risk of a material cyber attack, compared to 48% the year before, when
React to this headline:
CISOs’ confidence in post-pandemic security landscape fades Read More »
Google notifies users about dark web exposure 11/05/2023 at 15:46 By Helga Labus Google has announced new tools, features and updates to improve users’ online safety, help them evaluate content found online, and alert them if their Gmail identity appears on the dark web. New tools and options for users A new tool called About
React to this headline:
Google notifies users about dark web exposure Read More »
Dragos blocks ransomware attack, brushes aside extortion attempt 11/05/2023 at 15:46 By Zeljka Zorz A ransomware group has tried and failed to extort money from Dragos, the industrial cybersecurity firm has confirmed on Wednesday, and reassured that none of its systems or its Dragos Platform had been breached. What happened? “The criminal group gained access
React to this headline:
Dragos blocks ransomware attack, brushes aside extortion attempt Read More »
Refined methodologies of ransomware attacks 11/05/2023 at 06:34 By Help Net Security Adversaries were able to encrypt data in 76% of the ransomware attacks that were conducted against surveyed organizations, according to Sophos. The survey also shows that when organizations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery
React to this headline:
Refined methodologies of ransomware attacks Read More »
Automotive industry employees unaware of data security risks 11/05/2023 at 06:30 By Help Net Security 30% of automotive employees don’t check security protocols before trying a new tool, according to Salesforce. This could put their company and customer data at risk. Alarming rise in automotive API attacks Cybersecurity is a growing concern in the automotive
React to this headline:
Automotive industry employees unaware of data security risks Read More »
Never leak secrets to your GitHub repositories again 10/05/2023 at 14:47 By Helga Labus GitHub is making push protection – a security feature designed to automatically prevent the leaking of secrets to repositories – free for owners of all public repositories. Previously, the feature was available only for private repositories with a GitHub Advanced Security
React to this headline:
Never leak secrets to your GitHub repositories again Read More »
Turla’s Snake malware network disrupted by Five Eyes’ agencies 10/05/2023 at 14:47 By Help Net Security The US Justice Department announced the completion of court-authorized operation MEDUSA, to disrupt a global peer-to-peer network of computers compromised by sophisticated malware, called “Snake” (aka “Uroburous”), that the US Government attributes to a unit within Center 16 of
React to this headline:
Turla’s Snake malware network disrupted by Five Eyes’ agencies Read More »
Kubernetes Bill of Materials (KBOM) open-source tool enhances cloud security response to CVEs 10/05/2023 at 09:26 By Help Net Security Kubernetes Security Operations Center (KSOC) released the first-ever Kubernetes Bill of Materials (KBOM) standard. Available in an open-source CLI tool, this KBOM enables cloud security teams to understand the scope of third-party tooling in their
React to this headline:
56,000+ cloud-based apps at risk of malware exfiltration 10/05/2023 at 06:30 By Help Net Security The technology sector had the highest number of malware-infected employees, most exposed corporate credentials and the majority of all stolen cookies, according to SpyCloud. Drawing on SpyCloud’s database of 400+ billion recaptured assets from the criminal underground, researchers analyzed 2.27
React to this headline:
56,000+ cloud-based apps at risk of malware exfiltration Read More »
Company executives can’t afford to ignore cybersecurity anymore 10/05/2023 at 06:00 By Help Net Security Asked about the Board and C-Suite‘s understanding of cybersecurity across the organisation, only 39% of respondents think their company’s leadership has a sound understanding of cybersecurity’s role as a business enabler, according to Delinea. The high cost of ignoring security
React to this headline:
Company executives can’t afford to ignore cybersecurity anymore Read More »
Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkit (CVE-2023-29336, CVE-2023-24932) 09/05/2023 at 22:15 By Zeljka Zorz For May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug (CVE-2023-29336) and a Secure Boot bypass flaw (CVE-2023-24932) exploited by attackers in the wild. The two
React to this headline:
Microsoft Authenticator push notifications get number matching 09/05/2023 at 15:31 By Helga Labus Microsoft has enabled number matching for Microsoft Authenticator push notifications to improve user sign-in security. Authenticator MFA number matching in action (Source: Microsoft) “If the user has a different default authentication method, there’s no change to their default sign-in. If the default
React to this headline:
Microsoft Authenticator push notifications get number matching Read More »
Digital trust can make or break an organization 09/05/2023 at 12:12 By Help Net Security With increased data breaches, errors, ransomware and hacks, digital trust can be the difference between retaining reputations and customer loyalty after a major incident and suffering serious, time-consuming, and expensive losses, according to ISACA. From digital trust to business success
React to this headline:
Digital trust can make or break an organization Read More »
Finding bugs in AI models at DEF CON 31 09/05/2023 at 12:12 By Helga Labus DEF CON’s AI Village will host the first public assessment of large language models (LLMs) at the 31st edition of the hacker convention this August, aimed at finding bugs in and uncovering the potential for misuse of AI models. The
React to this headline:
Finding bugs in AI models at DEF CON 31 Read More »
Unattended API challenge: How we’re losing track and can we get full visibility 09/05/2023 at 08:13 By Help Net Security API sprawl is a prevalent issue in modern enterprises, as APIs are being developed and deployed at an unprecedented rate. As highlighted by Postman’s 2022 State of the API Report, “89% of respondents said organizations’
React to this headline:
Unattended API challenge: How we’re losing track and can we get full visibility Read More »
MSI’s firmware, Intel Boot Guard private keys leaked 08/05/2023 at 15:07 By Zeljka Zorz The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company’s private code signing keys on their dark web site. The breach MSI (Micro-Star International) is a corporation that develops and sells computers (laptops, desktops, all-in-one PCs, servers,
React to this headline:
MSI’s firmware, Intel Boot Guard private keys leaked Read More »