securitymagazine.comNineteen students and two teachers were killed in Uvalde, Texas' Robb Elementary School, the deadliest school shooting since the mass shooting at Sandy Hook Elementary School in 2012....

threatpost.comA slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names....

threatpost.comThe Google Project Zero researcher found a bug in XML parsing on the Zoom client and server....

securitymagazine.comAmong ransomware, software supply chain attacks and data breaches, a Blumira report found that identity-based attacks are the top threat organizations faced in 2021. ...

securitymagazine.comThe experimentation with drone warfare in Ukraine has opened our eyes to what is possible with easily accessible platforms. Security professionals must be mindful and prepared for commercial drone security threats....

threatpost.com2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur....

TheHackersNewsIf one word could sum up the 2021 infosecurity year (well, actually three), it would be these: "supply chain attack".  A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them. In 2021, we have seen a dramatic rise in such attacks: high profile security incidents like the SolarWinds,...

securitymagazine.comIt is more important than ever that small businesses understand how cyberattacks can impact their operations and take the proper steps to protect themselves....

TheHackersNewsAn unknown advanced persistent threat (APT) group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022. "The campaigns [...] are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run commands on them remotely," Malwarebytes said in a...

TheHackersNewsSecurity incidents occur. It's not a matter of "if," but of "when." That's why you implemented security products and procedures to optimize the incident response (IR) process. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more challenging task. Feels familiar? In many organizations,...

TheHackersNewsPopular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity. Ivan Fratric of Google...

Heise Sicherheits NewsDer Webbrowser Google Chrome ist in Version 102 erschienen, die eine große Zahl an Sicherheitslücken abdichtet. Sie soll ungenannte neue Features enthalten....

Heise Sicherheits NewsJetzt aktualisieren: Der Zoom-Client ist unter Android, iOS, Linux, macOS und Windows verwundbar....

securitymagazine.comDetermining which people are most likely to become insider threats can help enterprise security leaders prevent an attack before it occurs....

TheHackersNewsEven as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down its attack infrastructure in favor of migrating their malicious cyber activities to other ancillary operations, including Karakurt and BlackByte. "From the negotiations site, chatrooms, messengers to servers and proxy hosts - the Conti brand, not the organization...

TheHackersNewsCybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma. "Though Chaos ransomware builder has only been in the wild for a year, Yashma claims to be the sixth version (v6.0) of this malware," BlackBerry research and intelligence team said in a report shared with The Hacker News. Chaos is a customizable ransomware builder that emerged in...

TheHackersNewsThreat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. "It's a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to...

securitymagazine.comThe use of artificial intelligence (AI)-based hiring tools may perpetuate discrimination against job candidates with disabilities, according to the Department of Justice and Equal Employment Opportunity Commission....

securitymagazine.comExperienced security executive Sumit Punn has been named Director of Loss Prevention at the Ritz-Carlton Bangalore....

Heise Sicherheits NewsDas BSI will Sicherheit und Qualität von Geräten mit dem IT-Sicherheitskennzeichen belohnen. Es hat nun die ersten Formulare von Routern fertig geprüft....

Weiter