Independent – Page 31 – Computer Security Articles

Microsoft released 59 updates in its September Patch Tuesday release, with critical patches for Microsoft Office and Visual Studio, and continued the trend of including non-Microsoft applications in its update cycle. (Notepad++ is a notable addition, with Autodesk returning with a revised bulletin.) We’ve made “Patch Now” recommendations for Microsoft development platforms (Visual Studio) and Microsoft Word.

Unfortunately, updates for Microsoft Exchange Server have also returned, requiring server reboots this time, too.

The team at Readiness has created this infographic outlining the risks associated with each of the September updates.

To read this article in full, please click here

Independent Krebs

September 13, 2023 admin

FBI Hacker Dropped Stolen Airbus Data on 9/11

Credit to Author: BrianKrebs| Date: Thu, 14 Sep 2023 00:22:05 +0000

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI’s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.

Independent Krebs

September 12, 2023 admin

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Credit to Author: BrianKrebs| Date: Tue, 12 Sep 2023 22:36:01 +0000

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

ComputerWorld Independent

September 8, 2023 admin

Message to IT: Update all your Apple devices right away

Apple has pushed out an essential security update to defend against yet another attack by an out-of-control mercenary surveillance group.

Like a bad smell, NSO Group has clawed its way back into the spotlight with yet another unprincipled attack against free speech and citizens’ rights, as revealed by Citizen Lab. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an “Individual employed by a Washington DC-based civil society organization with international offices.”

To read this article in full, please click here

ComputerWorld Independent

September 6, 2023 admin

UK rolls back controversial encryption rules of Online Safety Bill

The UK government has conceded one of the more controversial parts of its Online Safety Bill, stating that the powers granted by the legislation will not be used to scan encrypted messaging apps for harmful content until it can be done in a targeted manner.

Companies will not be required to scan encrypted messages until it is “technically feasible and where technology has been accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content,” said Stephen Parkinson, the Parliamentary Under-Secretary of State for Arts and Heritage, in a planned statement during the bill’s third reading in the House of Lords on Wednesday afternoon.

To read this article in full, please click here

Independent Krebs

September 5, 2023 admin

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Credit to Author: BrianKrebs| Date: Wed, 06 Sep 2023 00:21:07 +0000

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

ComputerWorld Independent

September 5, 2023 admin

GenAI in productivity apps: What could possibly go wrong?

We’re in the “iPhone moment” for generative AI, with every company rushing to figure out its strategy for dealing with this disruptive technology.

According to a KPMG survey conducted this June, 97% of US executives at large companies expect their organizations to be impacted highly by generative AI in the next 12 to 18 months, and 93% believe it will provide value to their business. Some 35% of companies have already started to deploy AI tools and solutions, while 83% say that they will increase their generative AI investments by at least 50% in the next six to twelve months.

To read this article in full, please click here

Independent Krebs

September 1, 2023 admin

Why is .US Being Used to Phish So Many of Us?

Credit to Author: BrianKrebs| Date: Fri, 01 Sep 2023 15:38:11 +0000

Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.