Information

30 Dec

Cybersecurity trends and challenges to look out for in 2023

Information

What are some of the key cybersecurity trends and themes that organizations should have on their radars in 2023? As another eventful year comes to a close, it’s time not only to take stock of and reflect on the defining moments of 2022, but especially to look ahead to the challenges that are likely to persist or emerge in the new year. The increasing geopolitical complexity, upheaval and uncertainty, along with high economic volatility and…

Read More
30 Dec

Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyond

Information

by Paul Ducklin It’s the last regular working weekday of 2022 (in the UK and the US, at least), in the unsurprisingly relaxed and vacationistic gap between Christmas and New Year… …so you were probably expecting us to come up either with a Coolest Stories Of The Year In Review listicle, or with a What You Simply Must Know About Next Year (Based On The Coolest Stories Of The Year) thinly-disguised-as-not-a-listicle listicle. After all, even…

Read More
30 Dec

CISA Says Two Old JasperReports Vulnerabilities Exploited in Attacks

Information, News

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two JasperReports flaws to its Known Exploited Vulnerabilities Catalog. Tibco’s JasperReports Library is advertised as the world’s most popular open source reporting engine. The JasperReports Server software is designed to enable non-technical users to create reports, dashboards, and visualizations. CISA has learned that two JasperReports vulnerabilities discovered in 2018 have been exploited in attacks. One of them is CVE-2018-18809, a critical directory traversal issue in…

Read More
29 Dec

Happy 13th Birthday, KrebsOnSecurity!

Information, Insights

KrebsOnSecurity turns 13 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m bound to keep doing this as long as they keep letting me. Heck, I’ve been doing this so long I briefly forgot which birthday this was! Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with…

Read More
29 Dec

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

Information, Malware

by Paul Ducklin A DAY IN THE LIFE OF A CYBERCRIME FIGHTER Once more unto the breach, dear friends, once more! Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. Intro and outro music by Edith Mudge. You can listen…

Read More
29 Dec

US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?

Information

by Paul Ducklin Remember quantum computing, and the quantum computers that make it possible? Along with superstrings, dark matter, gravitons and controlled fusion (hot or cold), quantum computing is a concept that many people have heard of, even if they know little more about any of these topics than their names. Some us are vaguely better informed, or think we are, because we have an idea why they’re important, can recite short but inconclusive paragraphs…

Read More
29 Dec

The horror! The horror! NOTEPAD gets tabbed editing (very briefly)

Information, Uncategorized

by Paul Ducklin These days, almost every decent app, along with some that are half-decent (as well as a few that aren’t very good at all) will offer you tabbed whateveritis. Even command windows, which used to be just what they said (windows in which one – and only one – command shell was running), went “tabbed” somewhere in the 1990s, and have been ever since. If you want two command windows these days, you…

Read More
29 Dec

The Five Stories That Shaped Cybersecurity in 2022

Information, News

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem As we looked back at the security incidents, events and stories that demanded attention over the past year, it became crystal clear that high-profile data breaches and zero-day attacks would continue to dominate the headlines. It seemed that hardly a week went by without some sort of cybersecurity incident making headlines, stretching spending budgets to the limits as CISOs and…

Read More
29 Dec

Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers

Information, News

Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities. The US Cybersecurity and Infrastructure Security Agency (CISA) last week published three advisories to describe a total of four high-severity vulnerabilities. Rockwell Automation has published individual advisories for each security hole. One flaw is CVE-2022-3156, which impacts the Studio 5000 Logix Emulate controller emulation software. The vulnerability is caused by a misconfiguration that results in users being granted elevated…

Read More
29 Dec

Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients

Information, News

Southwest Louisiana healthcare provider Lake Charles Memorial Health System (LCMHS) is informing roughly 270,000 patients that their personal and medical information was compromised in a data breach. A regional community healthcare system consisting of several facilities, LCMHS identified the cyberattack on October 25 and started informing the impacted patients of the incident on December 23. In a notification on its website, LCMHS says that ‘an unauthorized third party’ gained access to its network between October…

Read More