Month: May 2024

Vulnerabilities

Issued by: CSO Online

Microsoft released its monthly batch of security fixes on Tuesday, which included patches for three vulnerabilities that already had exploits available. Two of those vulnerabilities are being actively exploited, with one being used by multiple groups to deliver malware, including the QakBot trojan. Microsoft’s updates addressed 61 vulnerabilities across its products, but only one was…

Malware & Threats

Issued by: DataBreach Today

Over the last decade, social engineering cyberthreats have surged among retailers just as the sector’s reliance on customer data, financial transactions and e-commerce platforms has intensified. Social engineering, in which malicious actors exploit human vulnerabilities to obtain personal or financial information, can pose serious risks to retailers. As a result, chief information security officers and…

Malware & Threats

Issued by: Dark Reading

Only five months into 2024, and the year has been a busy one for cybersecurity practitioners, with multi-year supply chain attacks, nation-state actors exploiting multiple vulnerabilities in network gateways and edge devices, and multiple ransomware incidents against large healthcare entities. What’s ahead for the rest of year? At last week’s RSA Conference, Ed Skoudis, the…

Vulnerabilities

Issued by: DataBreach Today

Microsoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited. U.S. authorities in August dismantled the botnet, also known as Qbot, and told reporters that it “ceased to operate” as a result of an antimalware campaign dubbed Operation Duck Hunt. Malware…

Network Security

Issued by: DataBreach Today

The concept of “responsible radical transparency” plays a critical role in efforts to improve the state of cybersecurity, said Suzanne Spaulding, former undersecretary, Department of Homeland Security, and Jim Richberg, head of global policy and field CISO as security firm Fortinet. “The shelf life of secrets is vanishingly short,” Spaulding said. “There are tremendous costs…

Vulnerabilities

Issued by: SecurityWeek

In summary, Trend Micro has found only one criminal LLM: WormGPT. Instead, there is a growing incidence, and therefore potential use, of jailbreaking services: EscapeGPT, BlackHatGPT, and LoopGPT. (The RSA presentation is supported by a separate Trend Micro blog.) There is also an increasing number of ‘services’ whose purpose is unclear. These provide no demo…

Network Security

Issued by: Dark Reading

Since the pandemic forced unprecedented adoption of remote access and delivery of government services, telehealth, and education, cybersecurity has rapidly shot to the top of priority lists for IT leaders. What was once a shiny object that agencies didn’t have the resources to implement is now mission critical. However, governments are grappling with several challenges…

Network Security

Issued by: CSO Online

Amid serious cyberattacks by Russian and Chinese threat actors, the Biden administration issued a new National Security Memorandum (NSM-22) to update Presidential Policy Director 21 (PPD-21) from the Obama administration to secure and enhance the resilience of US critical infrastructure in “a comprehensive effort to protect US infrastructure against all threats and hazards, current and…

Vulnerabilities

Issued by: SecurityWeek

The case is yet another reason why everyone — not just politicians and celebrities — should be concerned about this increasingly powerful deep-fake technology, experts say. “Everybody is vulnerable to attack, and anyone can do the attacking,” said Hany Farid, a professor at the University of California, Berkeley, who focuses on digital forensics and misinformation….