This week we have seen ransomware attacks targeting online service providers and MSPs to not only encrypt the victim but also cause significant outages for their customers. […]Read More The Week in Ransomware – March 5th 2021 – Targeting service providers
SITA, a multinational IT company that provides services to the air transport industry was the victim of cyberattack that impacted multiple airlines. SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry. The company provides its services to around 400 members and 2,800 customers worldwide, which it claims is about 90% of the world’s airline business. Around the world, nearly […]
The post Millions of travelers of several airlines impacted by SITA data breach appeared first on Security Affairs.Read More Millions of travelers of several airlines impacted by SITA data breach
US federal prosecutors have charged John McAfee, founder of cybersecurity firm McAfee, and his executive advisor Jimmy Gale Watson Jr for cryptocurrency fraud and money laundering. […]Read More US indicts John McAfee for cryptocurrency fraud, money laundering
A 30-million-year-old vampire squid fossil was found, lost, and then re-found in Hungary.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
A new ransomware called ‘Hog’ encrypts users’ devices and only decrypts them if they join the developer’s Discord server. […]Read More New ransomware only decrypts victims who join their Discord server
Mandiant researchers identify a range of victims affected in attacks targeting newly reported Microsoft Exchange Server vulnerabilities.Read More Microsoft Exchange Server Exploits Hit Retail, Government, Education
At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.Read More At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
The lack of cybersecurity requirements in weapons contracts from the Department of Defense opens the door for dangerous cyberattacks.Read More U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures
Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance, explains the company’s approach to keeping its customers and the industry apprised and updated on its findings from the now-infamous attack.Read More Microsoft Adopted an ‘Aggressive’ Strategy for Sharing SolarWinds Attack Intel
Website admins should patch all plugins, WordPress itself and back-end servers as soon as possible.Read More WordPress Injection Anchors Widespread Malware Campaign
This podcast includes a discussion on ways to build and enhance a security operations centre
The post Cyber Security Today Week In Review for Friday March 5, 2021 first appeared on IT World Canada.
Researchers Say Exploit Could Enable Remote Code ExecutionVMware has issued patches for a critical vulnerability in its virtual desktop deployment platform, View Planner, which could enable remote code execution.Read More VMWare Patches Vulnerability on View Planner
Microsoft experts continue to investigate the SolarWinds attack and spotted 3 new strains of malware used as second-stage payloads. Microsoft announced the discovery of three new pieces of malware that the threat actors behind the SolarWinds attack, tracked by the IT giant as Nobelium, used as second-stage payloads. Microsoft’s initial investigation revealed the existence of […]
The post GoldMax, GoldFinder, and Sibot, 3 new malware used by SolarWinds attackers appeared first on Security Affairs.Read More GoldMax, GoldFinder, and Sibot, 3 new malware used by SolarWinds attackers
The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers.Read More Massive Supply-Chain Cyberattack Breaches Several Airlines
Several leading health systems got together recently to announce the formation of Truveta, an independent company that will pool patient medical records from the participating health systems and analyze them for insights to drive healthcare outcomes…Read More Money for nothing: Making sense of data collaborations in healthcare
FireEye, Other Security Firms Detect ActivityHackers have targeted units of local government by attempting to exploit unpatched vulnerabilities in Microsoft Exchange email servers, according to a new report by the security firm FireEye. Meanwhile, CISA…Read More Hackers Exploit Exchange Flaws to Target Local Governments
Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.Read More Realistic Patch Management Tips, Post-SolarWinds
Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company. […]Read More SITA data breach affects millions of travelers from major airlines
On International Women’s Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.Read More On International Women’s Day 2021, Does the ‘Rule of Steve’ Still Apply? Yes.
Malaysia Airlines, Singapore Airlines, Finnair, Air New Zealand Confirm BreachesAn aviation IT company that says it serves 90% of the world’s airlines has been breached in what appears to be a coordinated supply chain attack. Customers of at least four…Read More Supply Chain Attack Jolts Airlines
A lack of confidence in companies’ defenses is prompting 91% of organizations to boost 2021 budgets, according to a new IDG/Insight Enterprises study.Read More 80% of senior IT leaders see cybersecurity protection deficits
Webinar: Learn best practices for enterprise network trafficRead More Strategies for Encrypted Traffic
Maza becomes latest Russian cybercrime forum to be hackedRead More Hackers Target Russian Cybercrime Forums
A new AI-powered Google Chrome extension will automatically turn on YouTube extensions if it detects you are eating noisy chips. […]Read More Chrome extension turns on YouTube captions when eating noisy chips
Women entrepreneurs are at the forefront of change. To address these changes and help foster a supportive, engaging environment for women in business, StrikeUp 2021 was created.
The post Women entrepreneurs adapt to new technology, mental wealth and co…
EFF worries that the Google’s ‘privacy-first” vision for the future may pose new privacy risks.Read More Critics Blast Google’s Aim to Replace Browser Cookie with ‘FLoC’
One of the world’s largest banking and financial services organizations, HSBC, last year introduced an employee-choice program enabling its workforce to choose to use a Mac as their primary work computer.Sign of the times
Back in 2008, HSBC was amon…
New phishing attack spoofs state workforce agency websites to steal PIIRead More US Warns of Fake Unemployment Benefit Websites
I have been seeing this paper by cryptographer Peter Schnorr making the rounds: “Fast Factoring Integers by SVP Algorithms.” It describes a new factoring method, and its abstract ends with the provocative sentence: “This destroys the RSA cryptosystem.”
It does not. At best, it’s an improvement in factoring — and I’m not sure it’s even that. The paper is a preprint: it hasn’t been peer reviewed. Be careful taking its claims at face value.
Some discussion here.
I’ll append more analysis links to this post when I find them.
…Read More No, RSA Is Not Broken
US mortgage company pays $1.5m to settle NYDFS Cybersecurity Regulation violation allegationsRead More Failure to Report Breach Costs Mortgage Lender $1.5m
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple’s crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of th…Read More Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Microsoft, FireEye Find Additional Payloads Used During Supply Chain AttackResearchers with Microsoft and FireEye are disclosing additional malware used by the hacking group that targeted SolarWinds last December. These second-stage malware variants ap…Read More Researchers Disclose More Malware Used in SolarWinds Attack
Proceeds Boosted via Big Game Hunting, Data Leaking, Hitting Healthcare SectorRansomware dominated the online-enabled crime landscape in 2020, some security experts say, thanks to the massive profits it’s been generating and the relative ease of use fo…Read More Mark of Ransomware’s Success: $370 Million in 2020 Profits
A new variant of the Gafgyt botnet – that’s actively targeting vulnerable D-Link and Internet of Things devices – is the first variant of the malware to rely on Tor communications, researchers say.Read More D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant
30 TB of data were exposed after an unsecured server belonging to a data analytics company was hacked, thus making the company a victim of ransomware. Who is Polecat? Polecat is a UK-based agency that offers a combination of advanced data analytics and…Read More Polecat, a Data Analytics Agency Held to Ransom After Leaving a Server Unsecured
The US National Institute of Standards and Technology’s framework defines federal policy, but it can be used by private enterprises, too. Here’s what you need to know.Read More NIST Cybersecurity Framework: A cheat sheet for professionals
Due to the critical nature of recently issued Microsoft Exchange security updates, admins need to know that the updates may have installation issues on servers where User Account Control (UAC) is enabled. […]Read More Microsoft: Exchange updates can install without fixing vulnerabilities
If you haven’t already, it’s time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.Read More Make Sure That Stimulus Check Lands in the Right Bank Account
SITA (Société Internationale de Télécommunications Aéronautiques) is one of the largest aviation IT companies, serving around 90% of the world’s airlines, which rely on the company’s passenger service system Horizon to manage reservations, …Read More Global Air Transport Giant SITA Confirms Security Breach
Following the SolarWinds unfortunate data breach, which had a significant impact on 9 Government Agencies, the officials at the White House are looking to impose “substantial costs through cyber and noncyber means”, according to its Interim National Se…Read More The Biden Administration Considers Cybersecurity a Top Priority for National Security
According to security researcher Ax Sharma, a cyber analyst was able to “bit squat” Microsoft’s windows.com domain by cybersquatting variations of windows.com. This technique differentiates itself from cases where typosquatting domain…Read More Microsoft’s windows.com Domain Hit with Bit-flipping
The discoveries show how sophisticated the suspected state-sponsored threat actor is
The post Microsoft discovers more malware used by SolarWinds attacker while FireEye finds new backdoor first appeared on IT World Canada.Read More Microsoft discovers more malware used by SolarWinds attacker while FireEye finds new backdoor
Communication is indispensable to the proper functioning of a company. In today’s corporate landscape, digital messaging between employees, C-level execs, and the likes has become an essential component of the average workday. For this reason, achievin…Read More Email Protection 101: What You Need to Know About Secure Communication
The flashy stuff like Mesh dominated the spotlight, but there was no shortage of security updates and announcements at Microsoft Ignite.
The post Microsoft introduces Azure Sentinel updates, a mobile security app, new certifications, and much more first appeared on IT World Canada.Read More Microsoft introduces Azure Sentinel updates, a mobile security app, new certifications, and much more
Some time ago, I’ve written an article on how to choose the best Data Loss Prevention solution for your business. Evidently, I hadn’t had the chance of going into too many technical details; all the more reason to revisit a topic that has sparked more …Read More A Technical Approach to Data Loss Prevention (DLP)
The US Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information. […]Read More Ongoing phishing attacks target US brokers with fake FINRA audits
Ransomware gang patterns revealed, software code bug exploited, beware of malware hidden in images and mysterious hacks of criminal forums
The post Cyber Security Today, March 5, 2021 – Ransomware gang patterns revealed, software code bug exploited, ma…
Data breaches all over the place this week! Not just data breaches, but noteworthy data breaches; the VPN ones for being pretty shady, Oxfam because it included my data which was posted to a hacking forum, Ticketcounter because of the interactions I had with them during the disclosure process andRead More Weekly Update 233
Microsoft this week unveiled deeper integrations between Teams and Dynamics 365 as the company moves to make it easier for sales and customer service staffers to communicate without switching between apps. The company highlighted some of the integr…Read More Microsoft deepens Teams ties with Dynamics 365
Ransomware is a type of malware that involves encrypting a company’s or individual’s useful data or blocking users from accessing their computer systems in exchange for a given amount of…Read More How Does Ransomware Spread Globally?
“Contact”, the threat actor behind this operation has been present since 2020 and it’s believed to have collected over 400.000 credentials through phishing methods. The latest attack The most recent campaign targeted the users of Outlook Web Access and…Read More Colorado-Based Sengrid Email Marketing Company Accounts Were Hacked
Multiple zero-day vulnerabilities have been used to attack on-premises versions of Exchange Servers, according to Microsoft. Cybercriminals exploited these flaws to gain entry to servers, which allowed access to email accounts and the installation of a…Read More SECURITY ALERT: Microsoft released emergency fixes for 4 Zero-Days in Exchange
At a hospital.Read More Threat Model Humor
Developer environments seen as an easy target for attackRead More Docker Hub and Bitbucket Resources Hijacked for Crypto-Mining
A Remote Access Trojan (RAT) is a type of malware that provides the attacker with full remote control over your system. When a RAT reaches your computer, it allows the hacker to easily access your local files, secure login authorization, and other sens…Read More What is a Remote Access Trojan (RAT)?
US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its operations, experts believe it was a ransomware attack. US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its services and some of its operations. Even if the company initially did not provide technical details about […]
The post Managed Services provider CompuCom by Darkside ransomware appeared first on Security Affairs.Read More Managed Services provider CompuCom by Darkside ransomware
Widespread chatter on dark web highlights gaps in payment protectionRead More Fraudsters Circumvent 3D Secure with Social Engineering
This edition of the ISMG Security Report features an analysis of key takeaways from the breaches tied to flaws in the Accellion File Transfer appliance. Also featured: Equifax CISO Jamil Farshchi on transforming supply chain security, plus an analysis …Read More Accellion Appliance Zero-Day Attack Breaches: Key Takeaways
For over a decade, ESET and the San Diego Police Foundation have been working together to help keep children safe from online threats
The post How ESET’s work on SafetyNet® helps protect children online appeared first on WeLiveSecurity
As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions.
However, relatively few engineers know this platform well.
This leaves the door open for aspiring IT professionals who take the official exams.
In what’s a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year.
The intrusion is said…
Twitter is launching an engineering hub in Canada this year, all eyes are on Alabama as Amazon warehouse workers seek unionization, and why should companies invest in upskilling? We’ll answer that question in a moment.
The post Hashtag Trending, March …
Malaysia Airlines, Singapore Airlines and others affectedRead More SITA Supply Chain Breach Hits Multiple Airlines
FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a “sophisticated second-stage backdoor,” as the investigation into the sprawling espionage campaign conti…Read More Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
This edition of the ISMG Security Report features an analysis of key takeaways from the breaches tied to flaws in the Accellion File Transfer appliance. Also featured: Equifax CISO Jamil Farshchi on transforming supply chain security, plus an analysis …Read More Accellion Breaches: Key Takeaways
Experts found five vulnerabilities in the Linux kernel, tracked as CVE-2021-26708, that could lead to local privilege escalation. Positive Technologies researcher Alexander Popov found five high severity vulnerabilities in the Linux kernel that could lead to local privilege escalation. The Linux kernel vulnerabilities are race conditions that reside in AF_VSOCK implementation, they were implicitly introduced in November […]
The post Five privilege escalation flaws fixed in Linux Kernel appeared first on Security Affairs.Read More Five privilege escalation flaws fixed in Linux Kernel
IT operator Sita, which serves airlines including Singapore, Lufthansa and United, reports systems breach revealing frequent flyer dataData on hundreds of thousands of airline passengers around the world has been hacked via a “highly sophisticated” att…Read More Airline data hack: hundreds of thousands of Star Alliance passengers’ details stolen
Microsoft got an early start on Patch Tuesday, releasing a series of out-of-band security updates this week to address four zero-day vulnerabilities in Exchange Server. There’s been a lot of security activity in the news, so I’m sure it is going to be …Read More March 2021 Patch Tuesday forecast: Off to an early start
Since the COVID-19 pandemic drove workforces home, we’ve seen an increase in security risk across the board: from an increase in phishing and spear phishing attacks to an increase in reliance on third-party DNS-over-HTTPS resolver use and sophisticated…Read More Risky business: 3 timeless approaches to reduce security risk in 2021
SpyCloud researchers recovered more than 4.6 billion pieces of personally identifiable information and nearly 1.5 billion stolen account credentials from 854 breach sources in 2020, the company announced in its 2021 Credential Exposure Report. Credenti…Read More Credential exposure trends: You need a better password
Cybercriminals have wasted little time in capitalizing on the vulnerabilities that come with remote work, and their attacks have been highly targeted, with a focus on business-related apps, according to GreatHorn. Business-related applications, those t…Read More Cybercriminals increasingly impersonate business-related apps
Nutanix announced the global public sector industry findings of its report, measuring organizations’ plans for adopting a private, hybrid and public cloud. The findings point to a concentrated modernization effort throughout the sector over the past fe…Read More To support a growing remote workforce, the public sector turned to the cloud
Global digital transformation has entered a phase marked by exponential growth in innovation, with the size of the digital economy projected to continue on an upward trend. As a key factor that underlies digital technology development, computing is now…Read More In the digital economy, computing power defines productivity
CrowdStrike announced enhancements to the CrowdStrike Falcon platform that significantly improve Security Operations Center (SOC) efficiency and effectiveness, allowing security teams to focus on critical priorities and fortify their organizations̵…Read More CrowdStrike Falcon platform enhancements improve SOC efficiency
Awake Security, the network detection and response (NDR) security division of Arista Networks unveiled platform enhancements that strengthen its ability to detect advanced threats, protect the unmanaged attack surface and autonomously perform threat hu…Read More Awake’s NDR platform strengthens cybersecurity across cloud, hybrid and IoT environments
Attivo Networks announced the expansion of its Active Directory protection suite of products with a new and innovative way to discover and remediate exposures in Active Directory (AD) that could lead to breaches. Active Directory is a directory service…Read More Attivo offers solution for preventing the misuse of Active Directory
SIRP announced the launch of its SOAR-as-a-Service offering. The cloud-based model provides a fast, flexible solution for enterprises and MSSPs who can access its single, centralised interface to gain valuable intelligence and context on threats, reduc…Read More SIRP’s SOAR platform helps organizations reduce incident response time
Siren announced the release of Siren 11.1. The latest version of Siren focuses on ease of use and control, with new functionality simplifying many day-to-day tasks for the analyst and business user. Usability has been addressed with the addition of a n…Read More Siren 11.1 simplifies everyday tasks for the analyst and business user
Unbound Security unveiled Unbound Security CORE (Cryptographic Orchestration Reimagined for Enterprise), a new all-encompassing platform that enables businesses to manage all cryptographic keys from multiple environments in one single place. Unbound Se…Read More Unbound Security CORE enables enterprises to reimagine cryptographic infrastructure security
Samsung Electronics, Mastercard, Samsung Card, have signed a memorandum of understanding to develop a biometric card that features a built-in fingerprint scanner to authorize transactions securely at in-store payment terminals. Through this strategic c…Read More Samsung Electronics, Mastercard and Samsung Card develop fingerprint biometric payment card
CoreView announced a new add-on tool to get even deeper insight into Microsoft Teams. This lets organizations get the most out of their Teams investment. IT teams will now have full visibility into Teams usage across their organization to help accelera…Read More CoreView add-on tool gets deeper insight into Microsoft Teams
Microsoft, FireEye Find Additional Payloads Used During Supply Chain AttackResearchers with Microsoft and FireEye are disclosing additional malware used by the hacking group that targeted SolarWinds in December. These second-stage malware variants appe…Read More Researchers Disclose More Malware Used in SolarWinds Hack
MaxLinear announced the extension of its Ethernet portfolio with the GPY241, a quad-port 2.5GBASE-T Ethernet PHY. The new device adds to the Company’s existing portfolio of 1 Gigabit PHYs, 2.5 Gigabit PHYs and 1 Gigabit switches. The GPY241 is the indu…Read More GPY241 expands MaxLinear’s portfolio of Ethernet physical layer transceivers and switches
Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware’s UEFI firmware-infecting module, known as TrickBoot. […]Read More Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacks
The Open Security & Safety Alliance announced two important developments as part of its mission to pave the road towards trustworthy and innovative security and safety solutions. First, a new specification is now available to members that focuses o…Read More OSSA introduces Camera Cyber Security Specification and App Developer Council
IOTech announced the launch and availability of Edge XRT, its time-critical edge platform for Microsoft Azure Sphere. Designed and optimized for resource-constrained environments, Edge XRT delivers out-of-the-box device connectivity and edge intelligen…Read More IOTech Edge XRT: A time-critical edge platform for Microsoft Azure Sphere
Blumira announced that it has partnered with Cerium Networks. Through this strategic partnership, Cerium Networks will be able to leverage Blumira’s enterprise-level threat detection and response technology to help its small and medium-size customers e…Read More Blumira and Cerium Networks simplify threat detection and response
Tyto Athene has entered into an agreement to acquire AT&T Government Solutions which comprises AT&T’s Department of Defense IT professional services business and select other contracts. AT&T and Tyto have also agreed to enter into teaming a…Read More Tyto Athene to acquire AT&T Government Solutions
IDnow announced that it has agreed to acquire identity Trust Management AG. This is IDnow’s second acquisition in the last six months and marks a significant milestone on IDnow’s path to becoming one of the leading identity platforms in Eur…Read More IDnow acquires identity Trust Management AG to expand portfolio of verification methods
Cyber Defense Labs has named Marla Beckham as Chief Financial Officer. In this role, Ms. Beckham will oversee all financial operations while working closely with our leadership team to support Cyber Defense Labs’ business strategy and anticipated…Read More Cyber Defense Labs names Marla Beckham as Chief Financial Officer
IBM announced key members of the executive team to lead the independent company that will be created following the previously announced separation of IBM’s Managed Infrastructure Services business (NewCo). The leadership appointments represent an impor…Read More IBM expands executive team for NewCo
Ingram Micro Cloud announced its new White-Label Marketplace, a robust feature for resellers to publish and launch their own branded marketplace on the Ingram Micro Cloud Marketplace. Now, reseller partners can easily automate their own cloud business …Read More White-Label Marketplace helps resellers automate their cloud business
Business-related applications like those from Microsoft, Zoom, and DocuSign are most often impersonated in brand phishing attacks.Read More Business Apps Spoofed in 45% of Impersonation Attacks
Beyond regulated entities, the bodies that regulate and supervise the financial services sector are reviewing existing guidance and regulations to discern the extent to which they apply in the context of this new pervasive technology.
The post How nati…
Interest in vaccines is driving all sorts of activity, reports say, from vaccine-specific phishing to growing bot traffic on healthcare sites.Read More Healthcare Still Seeing High Level of Attacker Activity
Researchers with Microsoft and FireEye found three new malware families, which they said are used by the threat group behind the SolarWinds attack.Read More Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers