CyberSecurity Updates

16 May

ESET APT Activity Report Q4 2023–Q1 2024

Information

ESET Research, Threat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024 Jean-Ian Boutin 14 May 2024  •  , 2 min. read ESET APT Activity Report Q4 2023–Q1 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2023 until the end of March 2024. The highlighted operations are representative of the broader…

Read More
14 May

Patch Tuesday, May 2024 Edition

Information, Insights

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw. First, the zero-days. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. Satnam Narang at Tenable…

Read More
14 May

Microsoft Releases May 2024 Security Updates

Attacks, Insights, Malware

Title: Microsoft Releases May 2024 Security Updates Content: Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  Users and administrators are encouraged to review the following advisory and apply the necessary updates:  Microsoft Security Update Guide for May

Read More
14 May

CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources

Attacks, Insights, Malware

CISA, in partnership with the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and international partners, released Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society. The joint guidance provides civil society organizations and individuals with recommended actions and mitigations to reduce the risk of cyber intrusions. Additionally, the guide encourages software manufactures to actively implement and publicly commit to Secure by Design practices that are necessary to help protect vulnerable…

Read More
13 May

How Did Authorities Identify the Alleged Lockbit Boss?

Information, Insights

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who…

Read More
12 May

RSA Conference 2024: AI hype overload

Information

Digital Security Can AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations. Cameron Camp 09 May 2024  •  , 3 min. read Predictably, this year’s RSA Conference is buzzing with the promise of artificial intelligence – not unlike last year, after all. Go see if you can find a booth that doesn’t mention AI – we’ll wait. This hearkens back to…

Read More
11 May

It’s a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe

Information

Video More than 40,000 security experts descended on San Francisco this week. Let’s now look back on some of the event’s highlights – including the CISA-led ‘Secure by Design’ pledge also signed by ESET. 10 May 2024 That’s a wrap on this year’s RSA Conference! More than 40,000 security professionals descended on San Francisco this week to attend one of the industry’s key events Predictably, AI was the main talk of the town, but there…

Read More
11 May

In it to win it! WeLiveSecurity shortlisted for European Security Blogger Awards

Information

Digital Security We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024 10 May 2024  •  , 1 min. read We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024. We’re grateful for this nomination, which we see as a reflection…

Read More
11 May

How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe

Information

“When I talk about climate change with people, I spend hardly any time on the science of climate change,” says Katharine Hayhoe, a leading climate science communicator and a speaker at Starmus Earth: The Future of Our Home Planet. The festival is almost here, and we’re delighted to publish an extensive interview with Dr. Hayhoe to explore issues ranging from effective science communication and “planet-hacking” efforts to why science and faith are not at odds.…

Read More
10 May

CISA and Partners Release Advisory on Black Basta Ransomware

Attacks, Insights, Malware

Today, CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) #StopRansomware: Black Basta to provide cybersecurity defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) used by known Black Basta ransomware affiliates and identified through FBI investigations and third-party reporting. Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in…

Read More