Security News > 2023 > April

Microsoft is testing changes to how the print screen button works in Windows 11, causing it to open the Windows Snipping Tool rather than copying a screenshot to the clipboard. Since Windows 95, pressing the print screen keyboard button in Windows would create a screenshot of the current screen and copy it to the clipboard.

Owners of Dropcam security cameras and Nest Secure systems have been given an unwelcome deadline from Google: their smart home products will be shut off April 8 next year. Google made the announcement Friday on the Google Nest Community site, where it said point blank that Dropcam and Dropcam Pro devices "Will no longer work after that date," the same going for Nest Secure systems.

Yum! Brands, the brand owner of the KFC, Pizza Hut, and Taco Bell fast food chains, is now sending data breach notification letters to an undisclosed number of individuals whose personal information was stolen in a January 13 ransomware attack.In the breach notification letters sent to affected people starting Thursday, Yum! Brands revealed that it has now found out the attackers stole some individuals' personal information, including names, driver's license numbers, and other ID card numbers.

With the world moving toward password-free and low-friction user verification systems, identity access management provider PingIdentity has joined the raft of cybersecurity vendors embracing decentralized identity management. Enter decentralized identity solutions: instead of identity verification being handled by each enterprise issuing a credential, identity is distributed across a network.

If your company's security is vulnerable due to the tight job market or affordability concerns, you may want to consider learning or having someone learn about pen testing and ethical hacking. It's probably not as difficult as you think, and The Complete Ethical Hacking Bootcamp 2023: Zero to Mastery Certification Bundle is currently on sale for just $45. This bundle contains 11 courses across more than 150 hours and has modules for all skill levels.

Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company's Cobalt Strike software to distribute malware. The US District Court for the Eastern District of New York on March 31 issued a court order allowing Microsoft and Fortra to take down IP addresses that are hosting cracked versions of Cobalt Strike and seize the domain names.

The Cybersecurity and Infrastructure Security Agency ordered federal agencies to patch two security vulnerabilities actively exploited in the wild to hack iPhones, Macs, and iPads. According to a binding operational directive issued in November 2022, Federal Civilian Executive Branch Agencies agencies are required to patch their systems against all security bugs added to CISA's Known Exploited Vulnerabilities catalog.

Belgian HR and payroll giant SD Worx has suffered a cyberattack causing them to shut down all IT systems for its UK and Ireland services. SD Worx is a European HR and payroll management company based out of Belgium that services 5.2 million employees for over 82,000 companies, according to its website.

Separate Dell Global Data Protection Index research referenced by Keegan and conducted by Vanson Bourne indicates that 56 percent of organizations are not confident that they are able to meet their backup and recovery service level objectives for example, while over two thirds are concerned that their existing data protection measures are sufficient to cope with malware and ransomware threats. Keegan points to the key findings of the Dell Global Data Protection Index 2022 report: "Those using a single data protection vendor had far fewer incidents of data loss than those using multiple vendors. Likewise, the cost of data loss incidents resulting from a cyberattack was approximately 34 per cent higher for those organizations working with multiple data protection vendors than those using a single vendor."

An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. Court documents allege that Shevlyakov operated front companies that were used to import sensitive electronics from U.S. manufacturers.