Sat.May 07, 2022 - Fri.May 13, 2022

article thumbnail

Microsoft Patch Tuesday, May 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process

article thumbnail

The Danger of Online Data Brokers

Dark Reading

Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.

Risk 113
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Better Together: How Data Loss Prevention Can Shed Light on Ediscovery and Internal Investigations

Hanzo Learning Center

Some things that are great on their own turn out to be even better as half of a dynamic duo. We’re talking peanut butter and jelly. Burgers and fries. Hall and Oates. And now: data loss prevention (DLP) and ediscovery.

98
article thumbnail

A $150 Million Plan to Secure Open-Source Software

Data Breach Today

Areas of Proposed Investments Include SBOMs, Software Supply Chains The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S. The plan was announced at the Open Source Software Security Summit II in Washington, D.C., on Thursday.

Security 358
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

More Trending

article thumbnail

Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack

Security Affairs

Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack. The IT giant fixed a total of 74 flaws in Microsoft Windows and Windows Components,NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Metho

article thumbnail

Feds Post $10 Million Reward for Conti Ransomware Actors

Data Breach Today

2nd $5m reward for conviction of actual or potential Conti incident participants The U.S. State Department is offering rewards of up to $10 million for information that leads to the identification or location of members of any individual who holds a key leadership position in the Conti ransomware variant transnational organized crime group.

article thumbnail

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Passwords 262
article thumbnail

ICE Is a Domestic Surveillance Agency

Schneier on Security

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But unless you or someone you love has been targeted for deportation, you probably don’t immediately think of Immigration and Customs Enforcement (ICE).

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

EU condemns Russian cyber operations against Ukraine

Security Affairs

The European Union condemns the cyberattacks conducted by Russia against Ukraine, which targeted the satellite KA-SAT network. The European Union accused Russia of the cyberattack that hit the satellite KA-SAT network in Ukraine, operated by Viasat, on February 24. This cyberattack caused communication outages and disruptions in Ukraine, it also impacted several EU Member States. 5,800 Enercon wind turbines in Germany were unreachable due to the spillover from this attack.

article thumbnail

Viasat Cyberattack Attributed to Russia by EU, UK and US

Data Breach Today

Russia Continues Its Cyber Offensive, Launches New DDoS Attacks on Ukraine Viasat's satellite communications suffered an outage an hour before the Russian invasion of Ukraine began on Feb. 24. The company said it was a cyberattack, but did not identify the attacker. The U.S., U.K., EU and Ukraine have now attributed this attack to Russia.

article thumbnail

Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last Year

KnowBe4

A March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far.

article thumbnail

Getting Started with the Burp Suite: A Pentesting Tutorial

eSecurity Planet

Burp is one of the top-rated security suites for pentesting and ethical hacking. While there are paid professional and enterprise editions, you can install the community edition for free and even use it directly from Kali Linux. The Burp suite is widely used by security professionals to perform advanced scans and various traffic interceptions (e.g., HTTP requests).

Education 130
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

CISA adds CVE-2022-1388 flaw in F5 BIG-IP to its Known Exploited Vulnerabilities Catalog

Security Affairs

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulne

IT 136
article thumbnail

Microsoft Unveils Services to Simplify Threat Hunting, XDR

Data Breach Today

New Microsoft Services Help Clients Hunt Threats and Extend XDR Beyond the Endpoint Microsoft plans to roll out new managed services that give organizations the expertise needed to proactively hunt for threats and extend XDR beyond the endpoint. Microsoft Security Experts features new managed services as well as existing services around incident response and modernization.

Security 305
article thumbnail

European Wind-Energy Sector Is the Latest Target of Russian State-Sponsored Attacks

KnowBe4

While Russia consistently denies any launching of cyberattacks, attack details point to reasonable intent by and cybercriminal ties to the Russian government.

article thumbnail

NFTs Emerge as the Next Enterprise Attack Vector

Dark Reading

Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Thousands of Top Websites See What You Type—Before You Hit Submit

WIRED Threat Level

A surprising number of the top 100,000 websites effectively include keyloggers that covertly snag everything you type into a form.

Privacy 123
article thumbnail

Preparing for Hacktivism Tied to US Supreme Court's Ruling

Data Breach Today

Healthcare sector organizations should prepare to deal with potential hacktivist attacks tied to controversy surrounding the U.S. Supreme Court's leaked draft ruling and eventual final decision involving Roe vs. Wade, says attorney Erik Weinick of the law firm Otterbourg PC.

297
297
article thumbnail

Mustang Panda Uses Spear Phishing to Conduct Cyberespionage

KnowBe4

The China-based threat actor Mustang Panda is conducting spear phishing campaigns against organizations in NATO countries and Russia, as well as entities in the US and Asia, according to researchers at Cisco Talos. The goal of this activity is cyberespionage.

Phishing 130
article thumbnail

Google Will Use Mobile Devices to Thwart Phishing Attacks

Dark Reading

In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.

Phishing 122
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Apple Mail Now Blocks Email Trackers

Schneier on Security

Apple Mail now blocks email trackers by default. Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. The server keeps track of every time this “image” is opened and by which IP address. This quirk of internet history means that marketers can track exactly when you open an email and your IP address, which can be used to roughly work out your location.

article thumbnail

CyberArk Debuts $30M Venture Fund to Back Talented Startups

Data Breach Today

CyberArk Ventures Will Give Visibility Into Adjacent Markets and Offer Integrations CyberArk has unveiled a $30 million fund to back early-stage startups with unique approaches to solving large problems in the cybersecurity industry. CyberArk Ventures will offer the company broader visibility into adjacent markets and provide high-value integrations that can evolve over time.

Marketing 292
article thumbnail

KnowBe4 Earns 2022 Top Rated Award from TrustRadius

KnowBe4

We are proud to announce that TrustRadius has recognized KnowBe4 with a 2022 Top Rated Award.

124
124
article thumbnail

Connecticut Enacts Consumer Privacy Law

Hunton Privacy

On May 10, 2022, Connecticut Governor Ned Lamont signed An Act Concerning Personal Data Privacy and Online Monitoring , after the law was previously passed by the Connecticut General Assembly in April. Connecticut is now the fifth state to enact a consumer privacy law. Upon taking effect on July 1, 2023, the law, also known as the Connecticut Data Privacy Act (“CTDPA”), will apply to individuals and entities that (1) conduct business in Connecticut, or produce products or services that are targe

Privacy 118
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Surveillance by Driverless Car

Schneier on Security

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them.

Privacy 118
article thumbnail

Material Security Raises $100M to Protect Sensitive Content

Data Breach Today

Company Will Extend Its Protection of Sensitive Data at Rest Beyond Email Material Security has closed a $100 million funding round on a $1.1 billion valuation to extend its protection of sensitive content at rest beyond email. The startup will take patents for defending content in old emails and apply them to SaaS applications such as Dropbox, Google Drive and Slack.

Security 282
article thumbnail

Beware of Spoofed Vanity URLs

KnowBe4

Researchers at Varonis warn that attackers are using customizable URLs (also known as vanity URLS) on SaaS services to craft more convincing phishing links. The attackers have used this technique for links created through Box, Zoom, and Google Docs and Forms.

Phishing 119