Information

15 Mar

Microsoft Patch Tuesday, March 2023 Edition

Information, Insights

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability (CVE-2023-23397) affects all versions of Microsoft Outlook from 2013 to the newest. Microsoft said it has seen evidence that attackers are exploiting this flaw, which can be done…

Read More
14 Mar

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Data Breaches, Information, Insights

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. Prosecutors for the Eastern District of New York today unsealed criminal complaints against Sagar Steven Singh…

Read More
14 Mar

5 signs you’ve fallen for a scam – and what to do next

Information

Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage. Online fraud can be thought of as a price we pay for the ubiquity of digital services. These services make our lives easier, healthier, safer and more entertaining. But there are countless scammers out there waiting to steal our identities and money. Their ingenuity, our credulity and poor corporate security combine…

Read More
14 Mar

Linux gets double-quick double-update to fix kernel Oops!

Information

by Paul Ducklin Linux has never suffered from the infamous BSoD, short for blue screen of death, the name given to the dreaded “something went terribly wrong” message associated with a Windows system crash. Microsoft has tried many things over the years to shake that nickname “BSoD”, including changing the background colour used when crash messages appear, adding a super-sized sad-face emoticon to make the message feel more compassionate, displaying QR codes that you can…

Read More
14 Mar

How the Best CISOs Drive Operational Resilience

Information, News

The last three years have been fueled by turbulent change — especially when it comes to an organization’s tech structure. The unanticipated global pandemic drastically accelerated digital transformation (DX) and a borderless workforce, forcing businesses to fast-track projects they had previously scheduled to take years. These years-long projects began to be completed in the matter of months, or even weeks, and propelled the industry forward momentously, but also highlighted that cybersecurity must be interwoven in…

Read More
13 Mar

NMFTA Appoints Cybersecurity Director to Help Protect Trucking Industry 

Information, News

The National Motor Freight Traffic Association (NMFTA) has appointed Antwan Banks as its director of enterprise security as the organization shifts focus to end-to-end security for the trucking industry. The NMFTA told SecurityWeek that this is a newly created position. Banks will lead the organization’s cybersecurity practice, and work with its partners and members to ensure the safety and security of the supply chain in the United States.  “As you can imagine, this is increasingly…

Read More
11 Mar

Cyber Madness Bracket Challenge – Register to Play

Information, News

As bracket-mania sweeps across the country for the 2023 NCAA Men’s Basketball Tournament, commonly referred to as “March Madness,” SecurityWeek will host its own “Cyber Madness” bracket challenge for those in the cybersecurity community to compete for a chance to win great prizes, earn bragging rights, and have some fun!  SecurityWeek’s Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America’s top sporting…

Read More
11 Mar

Common WhatsApp scams and how to avoid them

Information

Here’s a roundup of some of the most common tricks that fraudsters use to dupe their victims on WhatsApp – and what you can do to protect yourself against them. With more than two billion users, WhatsApp offers a vast pool of potential targets for scammers. To make things more complicated, fraudsters aren’t known for resting on their laurels – instead, they’re learning new and sophisticated social engineering skills to entrap us in their trickery.…

Read More
11 Mar

APT hackers set a honeytrap to ensnare victims – Week in security with Tony Anscombe

Information

A request to move an online conversation to a supposedly more secure platform may not be as well-meaning as it sounds Have you ever been asked to move an online conversation to another – and supposedly more secure – platform? This technique, often used by romance scammers, was recently used against a number of Indian and Pakistani netizens, possibly with a military or political background. The targeted campaign – courtesy of the Transparent Tribe APT…

Read More
11 Mar

SHEIN shopping app goes rogue, grabs price and URL data from your clipboard

Information

by Paul Ducklin Chinese “fast fashion” brand SHEIN is no stranger to controversy, not least because of a 2018 data breach that its then-parent company Zoetop failed to spot, let alone to stop, and then handled dishonestly. As Letitia James, Attorney General of the State of New York, said in a statement at the end of 2022: SHEIN and [sister brand] ROMWE’s weak digital security measures made it easy for hackers to shoplift consumers’ personal…

Read More