Sat.May 07, 2022 - Fri.May 13, 2022

Microsoft Patch Tuesday, May 2022 Edition

Krebs on Security

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software.

The Danger of Online Data Brokers

Dark Reading

Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so

Risk 113
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Better Together: How Data Loss Prevention Can Shed Light on Ediscovery and Internal Investigations

Hanzo Learning Center

Some things that are great on their own turn out to be even better as half of a dynamic duo. We’re talking peanut butter and jelly. Burgers and fries. Hall and Oates. And now: data loss prevention (DLP) and ediscovery. ediscovery Technology DLP

72

A $150 Million Plan to Secure Open-Source Software

Data Breach Today

Areas of Proposed Investments Include SBOMs, Software Supply Chains The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S.

Cyber Security, Change Management and Enterprise Risk Management: Scaling Operations for Growth

Speaker: William Hord, Vice President of Risk Management and Compliance

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases.

More Trending

NFTs Emerge as the Next Enterprise Attack Vector

Dark Reading

Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say

Viasat Cyberattack Attributed to Russia by EU, UK and US

Data Breach Today

Russia Continues Its Cyber Offensive, Launches New DDoS Attacks on Ukraine Viasat's satellite communications suffered an outage an hour before the Russian invasion of Ukraine began on Feb. The company said it was a cyberattack, but did not identify the attacker. The U.S., U.K.,

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services.

GUEST ESSAY: Best practices checklists each individual computer user still needs to follow

The Last Watchdog

In the days of non-stop attacks on personal and work devices, the common day consumer wouldn’t know where to begin in order to protect their devices. Related: Apple’s privacy stance questioned. The rise of attacks is unavoidable and with the everyday announcement of a new strain of malware, ransomware and now data wipers, consumers find themselves asking: where do I start? How do I do this?

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Jocker, Other Fleeceware Surges Back Into Google Play

Dark Reading

Some mobile apps are being weaponized with Trojans that secretly sign Android users up for paid subscription services

113
113

Microsoft Unveils Services to Simplify Threat Hunting, XDR

Data Breach Today

New Microsoft Services Help Clients Hunt Threats and Extend XDR Beyond the Endpoint Microsoft plans to roll out new managed services that give organizations the expertise needed to proactively hunt for threats and extend XDR beyond the endpoint.

Thousands of Top Websites See What You Type—Before You Hit Submit

WIRED Threat Level

A surprising number of the top 100,000 websites effectively include keyloggers that covertly snag everything you type into a form. Security Security / Privacy

Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last Year

KnowBe4

A March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far. Phishing Ransomware

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Google Will Use Mobile Devices to Thwart Phishing Attacks

Dark Reading

In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys

CyberArk Debuts $30M Venture Fund to Back Talented Startups

Data Breach Today

CyberArk Ventures Will Give Visibility Into Adjacent Markets and Offer Integrations CyberArk has unveiled a $30 million fund to back early-stage startups with unique approaches to solving large problems in the cybersecurity industry.

ICE Is a Domestic Surveillance Agency

Schneier on Security

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI.

European Wind-Energy Sector Is the Latest Target of Russian State-Sponsored Attacks

KnowBe4

While Russia consistently denies any launching of cyberattacks, attack details point to reasonable intent by and cybercriminal ties to the Russian government. Social Engineering Phishing Ransomware

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes

Dark Reading

The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography

110
110

Preparing for Hacktivism Tied to US Supreme Court's Ruling

Data Breach Today

Healthcare sector organizations should prepare to deal with potential hacktivist attacks tied to controversy surrounding the U.S. Supreme Court's leaked draft ruling and eventual final decision involving Roe vs. Wade, says attorney Erik Weinick of the law firm Otterbourg PC

Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack

Security Affairs

Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack.

Mustang Panda Uses Spear Phishing to Conduct Cyberespionage

KnowBe4

The China-based threat actor Mustang Panda is conducting spear phishing campaigns against organizations in NATO countries and Russia, as well as entities in the US and Asia, according to researchers at Cisco Talos. The goal of this activity is cyberespionage. Spear Phishing

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

US Agrees to International Electronic Cybercrime Evidence Swap

Dark Reading

The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals

103
103

Exploits Created for Critical Flaw in F5 Networks' BIG-IP

Data Breach Today

Flaw Is in iControl REST Authentication Platform; Researchers Urge Patching An exploit has been created using critical remote code execution vulnerability CVE-2022-1388 in BIG-IP network traffic security management appliances.

Apple Mail Now Blocks Email Trackers

Schneier on Security

Apple Mail now blocks email trackers by default. Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. The server keeps track of every time this “image” is opened and by which IP address.

Beware of Spoofed Vanity URLs

KnowBe4

Researchers at Varonis warn that attackers are using customizable URLs (also known as vanity URLS) on SaaS services to craft more convincing phishing links. The attackers have used this technique for links created through Box, Zoom, and Google Docs and Forms. Social Engineering Phishing

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

Top 6 Security Threats Targeting Remote Workers

Dark Reading

Remote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are

Five Eyes Alliance Warns MSPs About Targeted Cyberattacks

Data Breach Today

Advisory From US, UK, New Zealand, Australia and Canada Offers Recommendations The Five Eyes alliance of cybersecurity authorities from the U.S.,

CISA adds CVE-2022-1388 flaw in F5 BIG-IP to its Known Exploited Vulnerabilities Catalog

Security Affairs

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. The U.S.

IT 93