Not only the European Commission, but many other organizations of the European Union have been targeted by a cyberattack in March. A European Commission spokesperson confirmed that the European Commission, along with other European Union organizations, was hit by a cyberattack in March. The authorities did not disclose any details about the type of threats […]
The post European Commission and other institutions were hit by a major cyber-attack appeared first on Security Affairs.
Read More European Commission and other institutions were hit by a major cyber-attack
Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government.
Read More Experts uncover a new Banking Trojan targeting Latin American users
Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation’s FactoryTalk AssetCentre, an ICS-specific backup solution. All of the vulnerabilities have been assigned the maximum (10.0) CVSS v3 base score an…
Read More Vulnerabilities in ICS-specific backup solution open industrial facilities to attack
Around the world, organizations are facing a tremendous increase in cyber risk. A recent research reveals that 31% of companies now experience a cyberattack at least once a day, a trend that’s expected to skyrocket as cybercriminals employ AI and autom…
Read More How do I select an attack detection solution for my business?
As companies continue to navigate increasingly distributed environments, the question of zero trust is coming up more and more – as is the relationship between this framework and secure access service edge (SASE). Many security teams are looking …
Read More SASE or zero trust? Why security teams should be using both
In the people-process-technology triad, human error is the top reason for breaches, accounting for 70% of successful attacks, a Cyberinc survey reveals. The next biggest cause is vulnerability management through patches and upgrades, accounting for jus…
Read More People are the weakest link in data breaches, but can they be held accountable?
Fileless malware and cryptominer attack rates grew by nearly 900% and 25% respectively, while unique ransomware payloads plummeted by 48% in 2020 compared to 2019, according to WatchGuard. Q4 2020 also brought a 41% increase in encrypted malware detect…
Read More Massive increase in endpoint attacks, rising rate of encrypted malware and new exploits targeting IoT
The popularity of eSignature solutions has skyrocketed in the last year, as part of companies’ digital transformation efforts in the COVID-19 environment. However, not all eSignatures are necessarily right for business. Considering eSignature solutions…
Read More Not all eSignature solutions are necessarily right for business
IT security budgets are spiralling out of control as organizations adapt to the everywhere workplace, an Ivanti survey reveals. 92% of CISOs highlighted the need to deploy additional security measures to better enable and secure employees as they work …
Read More IT security budgets to increase over the next 12 months
Asset management is a tricky subject. In many cases, organizations have no idea about how many assets they have, let alone where they are all located. Fortunately, there are tools that can assist with reaching your asset management goals.…
Read More Managing Your Assets with Tripwire Enterprise
DefenseStorm announced the addition of CyberFraud to its product offerings, providing an integrated solution for Information Security and BSA/AML Fraud departments in a single platform to prevent losses and protect account holders. With CyberFraud, ale…
Read More DefenseStorm expands security for financial institutions with CyberFraud
Siemens introduced PCBflow, an innovative cloud-based software solution which bridges the gap between the electronics design and manufacturing ecosystems. PCBflow extends Siemens’ Xcelerator portfolio with a secure environment for printed circuit…
Read More Siemens PCBflow enables secure collaboration between PCB designers and manufacturers
Ricoh USA announced RICOH Return to Work Security Services to help organizations get back to physical workspaces with proper safety and security measures in place. Return to Work Security Services combine consulting, technology and services to address …
Read More RICOH Return to Work Security Services: Safety and security measures for the physical workspace
Zyxel Networks announced the launch of XGS1250-12 12-Port Web-Managed Multi-Gigabit Switch with 3-Port 10G and 1-Port 10G SFP+. Designed to optimize high-bandwidth applications in the home and office, such as HD multimedia content creation and storage,…
Read More Zyxel launches XGS1250-12 12-Port Web-Managed Multi-Gigabit Switch for homes and offices
Absolute announced additional platform enhancements, further enabling customers to swiftly pinpoint and respond to potential endpoint security risks across remote, distributed device fleets. Anchored by its firmware-embedded position in more than half …
Read More Absolute’s additional platform enhancements respond to potential endpoint security risks
LogRhythm announced the launch of version 7.7 of the LogRhythm NextGen SIEM Platform. The update introduces new features designed to streamline the threat detection and response process, including a new Timeline View that provides analysts with an easy…
Read More LogRhythm NextGen SIEM Platform 7.7 offers enhanced detection and response capabilities
Majesco announced the general availability of new key capabilities to Majesco’s Distribution Management platform. “Our latest product release for Majesco Distribution Management, includes major ease of use capabilities for our customers,” said Manish S…
Read More Majesco now speeds distribution on-boarding and optimizes the distribution operation
Digital workspace and app delivery solutions provider Citrix has appointed Marcelo Giampietro as Cisco’s general manager of Americas International.
The post Citrix appoints former SAP exec as new GM of Americas first appeared on IT World Canada.
Read More Citrix appoints former SAP exec as new GM of Americas
Mosyle announced a new approach to Apple device management and protection with the introduction of Mosyle Fuse. The product is the cloud-native solution to blend enterprise-grade mobile device management (MDM), identity management, automated applicatio…
Read More Mosyle boosts Apple device management and security with Mosyle Fuse
Jumio announced the company is collaborating with Microsoft for the rollout of its Azure Active Directory (Active AD) verifiable credentials to help provide self-service enrollment and fast onboarding of remote users. With Azure AD verifiable credentia…
Read More Jumio collaborates with Microsoft to improve verifiability and secure information exchange
Socure announced the company will provide identity verification services for remote onboarding for individuals accessing decentralized IDs as part of the new Microsoft Azure Active Directory (Azure AD) verifiable credentials feature in public preview. …
Read More Socure provides identity verification for Microsoft Azure AD verifiable credentials
Onfido announced it has been selected by Microsoft to enable fast and secure identity verification and onboarding for its Azure Active Directory (Azure AD) verifiable credentials. Azure AD verifiable credentials, now in public preview, provide an open …
Read More Onfido’s identity verification to power onboarding for Microsoft’s digital wallet for identity credentials
I’ve been chatting about this in some of my recent weekly videos and I thought it was finally time to sit down and write the blog post. So, this is a blog post about a book about blog posts. Gotcha, makes sense.
It all began when Rob Conery reached out
Read More I’m Writing a Book with Rob Conery, and It’s Gonna Be Awesome
ThreatQuotient announced it has closed $22.5 million in new financing, including a combination of equity and debt financing. The investment syndicate includes New Enterprise Associates (NEA), Adams Street Partners, Escalate Capital, Blu Ventures, Cisco…
Read More ThreatQuotient raises $22.5M to accelerate execution of new innovations
Cyble announced that it has raised a $4M seed financing round led by Blackbird Ventures and Spider Capital, with participation from Xoogler Ventures, Picus Capital, and Cathexis Ventures. The funding comes as Cyble graduates from Y Combinator, which ac…
Read More Cyble raises $4M to provide early warning intelligence on cyber threats
The 2021 Pwn2Own is among the largest in its history, with 23 separate entries targeting 10 products.
Read More Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021
Splunk announced the appointment of Teresa Carlson, an executive with more than 25 years of industry experience and expertise in leading complex business transformations for premier SaaS, data management and cloud businesses, to the newly created role …
Read More Splunk appoints Teresa Carlson as President and Chief Growth Officer
Letter to Twitter, Google, Others Asks About Selling Information to Foreign GovernmentsA bipartisan group of senators has sent a letter to Google, Twitter, Verizon, AT&T and online advertising firms and networks raising national security concerns about…
Read More Senators Raise Security Concerns Over Selling Personal Data
A recently created ransomware decryptor illustrates how threat actors have to support Windows XP, even when Microsoft dropped supporting it seven years ago. […]
Read More Windows XP makes ransomware gangs work harder for their money
The quick pivot to the cloud for remote support also ushered in risks.
Read More Security Falls Short in Rapid COVID Cloud Migration
Recent Trickbot campaigns and at least three common banking Trojans all attempt to infect systems using malicious macros in Microsoft Office documents created using EtterSilent.
Read More Crime Service Gives Firms Another Reason to Purge Macros
CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain.
Read More Critical Cloud Bug in VMWare Carbon Black Allows Takeover
A massive operation offers access to hacked camera feeds in bedrooms and at hotels.
Read More Chinese Hackers Selling Intimate Stolen Camera Footage
The idea of monetizing DDoS attacks dates back to the 1990s. But the rise of DDoS-for-hire services and cryptocurrencies has radically changed the landscape.
Read More The Edge Pro Tip: Update Your DDoS Defense Plan
Gemini Advisory Says Russian Cybercriminal Sold Gift Card, Payment Card DataA Russian-speaking cybercriminal recently sold on a darknet forum thousands of stolen payment and gift cards that researchers at Gemini Advisory believe were taken from the now…
Read More Stolen Cards, Reportedly From Cardpool.com, Sold on Darknet
Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you’re a Facebook product user and want to learn if your data was leaked, there are easy ways to find out.
Read More Are You One of the 533M People Who Got Facebooked?
Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further.
Read More SAP Bugs Under Active Cyberattack, Causing Widespread Compromise
Ransomware operators demand $40m from Broward County Public Schools system
Read More Florida School District Held to Impossibly High Ransom
Meanwhile, Agency Continues to Investigate SolarWinds AttackCybersecurity weakness persist throughout the U.S. Department of Energy’s unclassified networks, including those of the National Nuclear Security Administration, according to an inspector gene…
Read More IG: Cybersecurity Weaknesses Persist in US Energy Dept.
Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site’s recent data leak. […]
Read More Have I Been Pwned adds search for leaked Facebook phone numbers
Technology advances quickly. That’s why IT professionals devote time and money towards their own development every year. Training opportunities, however, are expensive. And the costs are trending upwards. So how do you add to your skills without inc…
Read More A 3-yr subscription to ITU Online is 50% off this week
Webinar | Securing Remote Workers: Using SASE to Maintain Visibility and Maximize EfficiencyView this webinar as we discuss how organizations throughout EMEA maintain security and visibility as employees and customers work from home, and manage the add…
Read More EMEA OnDemand | Mitigating Remote: Maintaining Visibility and Maximizing Efficiency
European drone group partners with YesWeHack to launch a Bug Bounty program
Read More Parrot Launches Bug Bounty Program
IDC’s James Baker on Developing Ways to Battle FraudCrypto banks need to develop new ways to track suspicious activities, such as money laundering, says James Wester, research director, worldwide blockchain strategies, at IDC, a technology research and…
Read More Crypto Banks: The Security Road Ahead
View this webinar as we discuss how can organizations throughout Africa maintain security and visibility as employees and customers work from home, and manage the added responsibility this places on the CISO and security team.
Read More Africa OnDemand | Mitigating Remote: Maintaining Visibility and Maximizing Efficiency
On-premises SAP systems are targeted by threat actors within 72 hours after security patches are released, security SAP security firm Onapsis warns. According to a joint study published by Onapsis and SAP, on-premises SAP systems are targeted by threat actors within 72 hours after security patches are released. Threat actors perform reverse-engineering of the SAP […]
The post SAP systems are targeted within 72 hours after updates are released appeared first on Security Affairs.
Read More SAP systems are targeted within 72 hours after updates are released
The European Commission and several other European Union organizations were hit by a cyberattack in March according to a European Commission spokesperson. […]
Read More European Commission, other EU orgs recently hit by cyber-attack
Aussies may have to prove who they are to use online dating and social media accounts
Read More Australia Considers Social Media ID Requirement
Posted by Jeff Vander Stoep and Stephen Hines, Android Team Correctness of code in the Android platform is a top priority for the security, stability, and quality of each Android release. Memory safety bugs in C and C++ continue to be the most-difficu…
Read More Rust in the Android platform
A Russian hacker has sold on a top-tier underground forum close to 900,000 gift cards with a total value estimated at $38 million. […]
Read More Hacker sells $38M worth of gift cards from thousands of shops
At Veracode, we have long promoted and nurtured strong partnerships. Through our network of strategic partners, technical alliances, and integration partners, we believe that by working together, we can bring even more value to our customers. ﾂ?
Read More Introducing the Veracode Technology Alliance Program
The National College of Ireland is working on restoring IT services after being hit by a ransomware attack over the weekend that forced the college to take IT systems offline. […]
Read More Ransomware hits TU Dublin and National College of Ireland
IDs, names, email addresses and more personal details are part of the massive database of stolen data, which could be used to launch additional attacks on LinkedIn and its users.
Read More Data scraped from 500 million LinkedIn users found for sale online
The latest App Annie report confirms the important part mobile technologies plays as nations continue to battle the COVID-19 pandemic. App usage, purchasing, and time spent using apps all shot up as the world turned to mobile to hold things together…
Read More Fueled by pandemic shifts, mobile is now even more critical
SAP is warning CISOs that threat actors are hunting for unpatched versions of the company’s enterprise resource and supply chain management platform.
The post SAP urges infosec teams to patch applications faster first appeared on IT World Canada.
Read More SAP urges infosec teams to patch applications faster
More than half of the cyberattacks reported to Keeper Security involved stolen credentials.
Read More How poor password habits put your organization at risk
Personal Touch Holding Corp., the parent company of Personal Touch Home Care centers across the U.S. started notifying 753,107 patients and employees regarding a ransomware attack that targeted its cloud-stored business records at the beginning of this…
Read More A Ransomware Attack Affected Personal Touch Patients and Employees Across U.S.
According to a Cyber Threat Report released by the Bangladesh Government’s e-Government Computer Incident Response Team (BGD e-GOV CIRT) on April 1st, hacker group Hafnium has launched attacks on more than 200 organizations in Bangladesh. Bangladesh Te…
Read More Over 200 Bangladesh Organizations Hit by Hafnium Hacker Group
Log management is nothing new. But doing so smartly, correctly, and concisely in today’s data-driven world is another story.
Read More 9 Modern-Day Best Practices for Log Management
Cisco’s Elias Levy on the Leap From EDR to XDR and What It MeansExponentially more devices on the network mean proportionately less visibility. This is reality for most enterprises today, and it’s changed the role of endpoint security solutions. Elias …
Read More Evolution of Endpoint Security
Ireland’s Data Protection Commission (DPC) is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users. […]
Read More Facebook data leak now under EU data regulator investigation
The personal details belonging to 30,000 individuals based in Singapore may have been illegally accessed after a security breach targeted a third-party vendor of a job-matching organization called Employment and Employability Institute. The leaked data…
Read More Job-Matching Service Data Compromised by a Security Breach
Report assesses how cyber-criminals have exploited the COVID-19 crisis
Read More Ransomware Attacks Grew by 485% in 2020
A Chromebook today is an awful lot of different things.Sometimes, it’s a simple cloud-centric laptop. Other times, it’s a complex and capable computing machine. Other times yet, it’s effectively an Android tablet.One thing a Chromebook is not, howev…
Read More 2 colossal Chrome OS changes to keep an eye on
Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.
Read More NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets
New details of negotiation between attackers and officials from Broward County Public Schools emerge after a ransomware attack early last month.
Read More Conti Gang Demands $40M Ransom from Florida School District
Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research.
Read More Watch Out! Mission Critical SAP Applications Are Under Active Attack
“Observed exploitation could lead in many cases to full control of the unsecu…
Founded in 2016, OnlyFans is the social platform revolutionizing creator and fan connections. This site includes artists and content creators from all genres and allows them to monetize their content such as images, videos, and live streams while creat…
Read More Hundreds of OnlyFans Creators had Their Adult Content Published Online
CNA Financial is one of the largest American insurance companies, providing a broad range of standard and specialized property and casualty insurance products and services for businesses and professionals in the U.S., Canada, Europe, and Asia. In a sta…
Read More CNA Financial Fell Victim to a ‘Sophisticated’ Ransomware Cybersecurity Attack
Automating cloud security is a process still in its infancy for many organizations, says Unit 42.
Read More How the quick shift to the cloud has led to more security risks
China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda, Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing. The threat actors are sending out spear-phishing messages to compromise diplomatic targets in Southeast […]
The post Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks appeared first on Security Affairs.
Read More Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks
The advanced cyber threat intelligence is aimed at customers who need to protect mission-critical applications, the companies said.
Read More SAP and Onapsis detail findings of potential exploits on unprotected SAP apps
Conti Ransomware Gang Hit Scottish Environment Protection Agency on Christmas EveHow much does it cost to recover from a ransomware attack? For the Scottish Environment Protection Agency, which was hit by the Conti ransomware-wielding gang on Christmas…
Read More Ransomware Cleanup Costs Scottish Agency $1.1 Million
The network defense provider joins a growing list of companies offering cloud-based firewalls.
Read More Perimeter 81 launches new Firewall-as-a-Service offering
Threat actors are targeting mission-critical SAP enterprise applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks. […]
Read More Ongoing attacks are targeting unsecured mission-critical SAP apps
Yesterday, the Department of State Hospitals (DSH) announced the discovery of additional data that had been improperly accessed during the Atascadero State Hospital security breach that was identified on February 25th. Source According to the ongoing i…
Read More More Data Accessed During Atascadero State Hospital Security Breach
The deal will act as a platform for AddSecure to grow its business
Read More AddSecure Acquires Telia Finland’s Alerta Business
A malicious document builder named EtterSilent is gaining more attention on underground forums, security researchers note. As its popularity increased, the developer kept improving it to avoid detection from security solutions. […]
Read More EtterSilent maldoc builder used by top cybercriminal gangs
A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it. What’s clever about this scam is that the victim is an Uber driver and the scamm…
Read More Phone Cloning Scam
Experts suspect branding move to kick-start affiliate program
Read More Sophos Links Mount Locker to Astro Locker Ransomware
April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms’ abilities to detect and react…
Read More MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm
Code42 announced it is offering security analysts a new automated workflow that speeds alert triage and “right-sizes” an appropriate response based on the severity of insider risk events. The workflow is available through an integration between Code42’…
Read More Code42 accelerates insider risk response using automated Slack workflows
TP-Link introduced the Archer AX5400 Dual-band Wi-Fi 6 Router (Archer AX73). The Archer AX5400 features the latest-generation in Wi-Fi 6 technology, equipped with HE160 and 1024-QAM, offering 25 percent faster data speeds and six streams of simultaneou…
Read More TP-Link introduces Archer AX5400 Wi-Fi 6 Router to improve network efficiency and bandwidth
As public safety’s partner, AT&T is committed to evolving FirstNet to meet first responders’ needs and supporting innovative new technologies to help them stay mission ready. That’s why it is announcing 3 major milestones for Firs…
Read More AT&T evolves FirstNet to help the public safety community stay mission ready
Nearly all the US IT jobs lost in 2020 during the COVID-19 pandemic have come back, with IT employment enjoying eight straight months of growth. Of course, some of the replacement jobs were in IT specialties other than the jobs lost, as there has be…
Read More US IT jobs have regained what they lost in the pandemic
MITRE named Dana (Keoki) Jackson as senior vice president and general manager, MITRE National Security Sector, where he will serve as a catalyst for accelerating change in how our nation addresses its greatest national security challenges and drive sol…
Read More MITRE names Dana Jackson as senior VP and GM, MITRE National Security
Aviatrix announced that Brad Hedlund has joined as a Principal Solutions Architect. Prior to joining Aviatrix, Hedlund held principal technical positions for some of the world’s biggest IT infrastructure brands including AWS, VMware / NSX, and Cisco. A…
Read More Brad Hedlund joins Aviatrix as a Principal Solutions Architect
Cloudbooking announced that David Miller has been appointed Chief Operating Officer, a new position within Cloudbooking. A well-respected and highly experienced commercial solicitor, David has recently been a partner and Head of Commercial at Flint Bis…
Read More Cloudbooking appoints David Miller as COO
OVHcloud U.S. expanded the availability of its VPS for the U.S. market by adding services in its Hillsboro, Oregon, data center. OVHcloud VPS solutions offer powerful performance to support a wide range of users from enterprise companies to ambitious s…
Read More OVHcloud VPS supports a wide range of users from enterprise companies to ambitious startups
Cybersecurity can be hard. Even for the professionals.
Read more in my article on the Bitdefender Business Insights blog.
Read More Check you own the website before you send out the press release
OneTrust announced it signed a definitive agreement to acquire Convercent. The acquisition will build on OneTrust’s longstanding investments in creating the technology fabric of trust within an organization, bringing together privacy, security, data go…
Read More OneTrust acquires Convercent to bring ethics and compliance capabilities into the OneTrust platform
Security researcher implemented a service to verify if your mobile number is included in the recent Facebook data leak. Security researcher Yaser Alosefer developed a new tool to help users to determine if their mobile numbers are included within the recent Facebook data leak that impacted 553 million users of the social networking giant. The […]
The post This service allows checking if your mobile is included in the Facebook leak appeared first on Security Affairs.
Read More This service allows checking if your mobile is included in the Facebook leak
ESET Research uncovers a new threat that targets organizations operating in various sectors in Brazil
Read More Janeleiro, the time traveler: A new old banking trojan in Brazil
The post Janeleiro, the time traveler: A new old banking trojan in Brazil appeared first on WeLiveSecurity
The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works. There’s been huge interest in this incident, and I’ve seen near-unprecedented traffic to Have I Been Pwned (HIBP) over the last couple of days, let me
Read More The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned
A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam.
Read More Hackers From China Target Vietnamese Military and Government
The attacks have been attributed with low confidence to the advanced persisten…
Experts discovered a vulnerability in the popular CMS Umbraco that could allow low privileged users to escalate privileges to “admin.” Security experts from Trustwave have discovered a privilege escalation vulnerability in the popular website CMS, Umbraco. The vulnerability affects an API endpoint that fails to properly check the user’s authorization prior to returning results found to […]
The post Experts discovered a privilege escalation issue in popular Umbraco CMS appeared first on Security Affairs.
Read More Experts discovered a privilege escalation issue in popular Umbraco CMS