February 18, 2021

Calix announced a significant update to AXOS which expands infrastructure APIs to enable full modularity across network functions. This important update to the Intelligent Access EDGE solution allows communications service providers (CSPs) to isolate s…

Read More Calix updates AXOS to expand infrastructure APIs to enable full modularity across network functions

RIPE NCC has disclosed a failed credential stuffing attack against its infrastructure, it asking its members to enable 2FA for their accounts. RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts. The RIPE NCC is a not-for-profit membership association, a Regional Internet Registry and the […]

The post Credential stuffing attack hit RIPE NCC: Members have to enable 2FA appeared first on Security Affairs.

Read More Credential stuffing attack hit RIPE NCC: Members have to enable 2FA

Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange. Microsoft announced that the threat actors behind the SolarWinds supply chain attack could have had access to repositories containing the source code for a limited number of components used by Azure, Intune, and Exchange. In […]

The post SolarWinds hackers had access to components used by Azure, Intune, and Exchange appeared first on Security Affairs.

Read More SolarWinds hackers had access to components used by Azure, Intune, and Exchange

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. WatchDog is one of the largest and longest-lasting Monero cryptojacking operations uncovered by security experts, […]

The post WatchDog botnet targets Windows and Linux servers in cryptomining campaign appeared first on Security Affairs.

Read More WatchDog botnet targets Windows and Linux servers in cryptomining campaign

This blog shares the results of Total Economic Impact Study, creating a framework for organizations to evaluate the financial impact of Azure Security Center.

The post Forrester Consulting TEI Study: Azure Security Center delivers 219 percent ROI over 3 years and a payback of less than 6 months appeared first on Microsoft Security.

Read More Forrester Consulting TEI Study: Azure Security Center delivers 219 percent ROI over 3 years and a payback of less than 6 months

The recent Solar Winds attack is a moment of reckoning. Today, as we close our own internal investigation of the incident, we continue to see an urgent opportunity for defenders everywhere to unify and protect the world in a more concerted way. We also see an opportunity for every company to adopt a Zero Trust plan…

The post Turning the page on Solorigate and opening the next chapter for the security community appeared first on Microsoft Security.

Read More Turning the page on Solorigate and opening the next chapter for the security community

The United States Department of Justice has charged three North Korean computer programmers with a range of cyber attacks that made headlines around the world.

Read more in my article on the Tripwire State of Security blog.

Read More US charges North Korean hackers in relation to WannaCry, Sony Pictures attack, and an attempt to steal more than a billion dollars from banks

It’s raining bitcoin, New York is suing Amazon over concerns about health standards at the tech giant’s warehouses, and Shopify continues to ride the small business wave.
The post Hashtag Trending, Feb. 18 – Bitcoin goes nuclear; New York sues Amazon; …

Read More Hashtag Trending, Feb. 18 – Bitcoin goes nuclear; New York sues Amazon; Shopify rides small biz wave

The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection. The OpenSSL Project released security patches to address three vulnerabilities, two denial-of-service (DoS) flaws, and an incorrect SSLv2 rollback protection issue. The fist vulnerability, tracked as CVE-2021-23841, is a NULL pointer dereference issue that can be […]

The post The OpenSSL Project addressed three vulnerabilities appeared first on Security Affairs.

Read More The OpenSSL Project addressed three vulnerabilities