Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root. Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts and executing commands as root. Cisco SD-WAN vManage Software flaws (CVE-2021-1275, CVE-2021-1468, CVE-2021-1505, CVE-2021-1506, CVE-2021-1508) could […]
The post Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software appeared first on Security Affairs.
Read More Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software
NFTs, or non-fungible tokens, have captured the attention (and wallets) of consumers and businesses around the world. This is largely in part to the big price-tag sales, such as the digital artwork by Beeple that sold for over $69M on Christie’s Auctio…
Read More Are NFTs safe? 3 things you should know before you buy
Research suggests that email is the most common point of entry for malware, providing access in 94% of cases, so it’s unsurprising that phishing is the root cause of 32% of security breaches. Just last month the UK government’s Cyber Security Breaches …
Read More Email security is a human issue
Q1 2021 has been a tumultuous period in our era of cyber espionage. The Center For Strategic & International Studies (CSIS), which has been tracking “significant cyber incidents” since 2006, lists 30 major attacks from January to March 2021. Over …
Read More What contractors should start to consider with the DoD’s CMMC compliance standards
Using technology securely can be overwhelming or confusing, especially for those who did not grow up with it. When helping secure those who are uncomfortable with technology focus on just the basics – 1) be aware of social engineering attacks 2) secure…
Read More Older Generation
The public key infrastructure (PKI) underpins the most effective strategy for securing communications between machines, network and mobile devices, virtual servers, and the IoT, whether inside or outside the firewall. As the volume of machines, devices…
Read More Dispelling four myths about automating PKI certificate lifecycle management
In this interview with Help Net Security, Adam Bennett, CEO at Red Piranha, discusses Extended Detection and Response and their flagship product – Crystal Eye XDR. We’ve been hearing a lot about XDR in the past year. What is it, and what se…
Read More Crystal Eye XDR: Protect, detect and respond to threats from a single unified platform
Cloud native adoption has both transformed the way organizations build modern applications and resulted in increased security threats and concerns, according to a research by Snyk. Most notably, the report found that: More than half of companies survey…
Read More Cloud native adoption increasing security concerns
Portworx released findings from its survey which assesses the mass adoption and evolution of Kubernetes usage among enterprise users in the last 12 months, in addition to the impact of the pandemic on IT users’ attitudes towards their jobs. The finding…
Read More Kubernetes adoption continues to grow
Avatier announced the release of Avatier for Outlook, giving users passwordless Single Sign-On (SSO) and unified Identity Access Management (IAM) from within Outlook to make remote work more secure. Avatier for Outlook improves workforce efficiency by …
Read More Avatier for Outlook offers passwordless Single Sign-On and IAM to improve workforce efficiency
Semperis announced the general availability of Directory Services Protector (DSP) 3.5, which includes DSP Intelligence, a new module that provides automated security assessments of Microsoft Active Directory (AD). DSP Intelligence proactively uncovers …
Read More Semperis DSP 3.5 provides automated security assessments of Microsoft AD
Teradata announced a set of enhancements for Teradata Vantage on Google Cloud, making it easier for Teradata customers to use the Google Cloud services they prefer in a consumption pricing model. The platform enhancements highlight Teradata’s commitmen…
Read More Teradata announces a set of enhancements for Teradata Vantage on Google Cloud
Nutanix announced the Nutanix cloud platform now extends to AWS GovCloud, providing a unified cloud platform across Nutanix on-premises and bare metal Amazon Elastic Compute Cloud (Amazon EC2) instances running on Amazon Web Services (AWS) GovCloud reg…
Read More Nutanix cloud platform now extends to AWS GovCloud to help public sector adopt cloud smart strategy
Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code (IaC), now integrates with the Argo Project. This integration, coupled with the new Terrascan admi…
Read More Accurics open source project Terrascan integrates with the Argo Project to enhance cloud security
ICS Hot Takes transcript, with Brandon Evans, on the challenge’s organizations face when integrating cloud services into the control network. This video delves into security requirements, data collection, service management and other issues relating to…
Read More SANS ICS Hot Take: Cloud Security Transcript
Adlumin announced that its platform will now integrate directly with Google Workspace, giving customers the ability to ingest crucial audit logs from their Google Workspace domains. Google Workspace is a suite of secure, cloud-native collaboration and …
Read More Adlumin integrates with Google Workspace to give customers the ability to ingest crucial audit logs
McAfee and Ingram Micro have announced that the full MVISION portfolio of McAfee Device-to-Cloud suites is available globally for Ingram Micro’s network of independent software vendors, value added resellers and managed service providers via the Ingram…
Read More McAfee offers cloud-delivered security solutions on the Ingram Micro Cloud Marketplace
Accenture has made a strategic investment, through Accenture Ventures, in Prevailion, a next-generation cyber intelligence company that provides clients with expansive visibility into malware across their organization and supply chains with early detec…
Read More Accenture invests in Prevailion to provide clients with early warning of cyber threats
More than 20 businesses worldwide have announced the creation of the Data Privacy Protocol Alliance (DPPA), to build a decentralized blockchain-based data ecosystem that provides consumers control of their data and competes against the entrenched data …
Read More DPPA forms to build a decentralized blockchain-based data ecosystem
Signal tried to run targeted ads on Instagram that showed users *how* they had been targeted, and revealed the extraordinary amount of data Facebook collects about users.
Read More Signal says its Instagram ads were banned for being too honest
Carriers operate 5G on licensed spectrum in major markets for consumers. Enterprises need to build their own private secure networks with WIFI economics. Frequencz’s innovations unlock 5G to run on unlicensed spectrum in multiple frequency bands for cu…
Read More Frequencz raises $4.1M to accelerate product development
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
Read More Attackers Seek New Strategies to Improve Macros’ Effectiveness
MITRE has named Wen Masters as vice president for cyber technologies, where she will lead corporate cybersecurity strategy beginning May 17, 2021. Masters will be responsible for developing a wide range of cyber capabilities and solutions, including pr…
Read More MITRE appoints Wen Masters as vice president for cyber technologies
ISP Belnet Targeted by Waves of AttacksThe websites of about 200 public and private entities in Belgium were knocked fully or partially offline Tuesday by a distributed denial-of-service attack against the publicly funded internet service provider Belnet.
Read More DDoS Attack Knocks Belgian Websites Offline
Twitter is rolling out a new feature for iOS and Android mobile apps that aims to bring “bigger and better” images to your timeline in the form of tall and uncropped photos. […]
Read More Twitter kills ‘Open for a surprise’ tweets with new mobile feature
In MITRE Engenuity’s recent Carbanak+FIN7 ATT&CK Evaluation, Microsoft demonstrated that we can stop advanced, real-world attacks by threat actor groups with our industry-leading security capabilities. In this year’s evaluation, we engaged our unified Microsoft 365 Defender stack, with market-leading capabilities in Microsoft Defender for Endpoint and Microsoft Defender for Identity collaborating to provide: Best overall…
The post Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation appeared first on Microsoft Security.
Read More Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation
SEC Filing Predicts $10 Million to $15 Million ImpactSmileDirectClub, which sells teeth-straightening appliances, expects that a recent cyberattack, which disrupted the manufacturing of its products, will take a $10 million to $15 million bite out of i…
Read More SmileDirectClub: Attack Taking Big Bite Out of Revenue
Each Proposal Calls for a Different Approach to Mitigating RisksLawmakers in the Senate and House have introduced legislation designed to improve and enhance the nation’s electrical grid and respond to concerns that the country’s power system is prone …
Read More 3 Bills Focus on Enhancing Electrical Grid Cybersecurity
PandaStealer is delivered in rigged Excel files masquerading as business quotes, bent on stealing victims’ cryptocurrency and other info.
Read More New Crypto-Stealer ‘Panda’ Spread via Discord
A survey from Blackberry finds that IT departments are worried about unpatched devices connecting to corporate networks as offices reopen.
Read More Security teams plan a new pandemic quarantine for BYOD devices headed back to the office
‘Spam protection, AntiSpam, FireWall by CleanTalk’ is installed on more than 100,000 sites — and could offer up sensitive info to attackers that aren’t even logged in.
Read More Anti-Spam WordPress Plugin Could Expose Website User Data
Professionals in each field describe a poor working relationship between the two teams
Read More Gap Between Security and Networking Teams May Hinder Tech Projects
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
Read More DoD Lets Researchers Target All Publicly Accessible Info Systems
Separate workforce studies by (ISC) 2 and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
Read More Wanted: The (Elusive) Cybersecurity ‘All-Star’
Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts. […]
Read More Cisco bugs allow creating admin accounts, executing commands as root
The first Thursday in May is World Password Day. Keeping your data safe isn’t as difficult as you think. Here are some strategies.
Read More World Password Day: How to keep your personal and work data safe
If you received an email in April stating that your active Microsoft Teams Free account is being deleted, this email was sent by mistake and Microsoft is not deleting your data. […]
Read More No, active Microsoft Teams Free organizations will not be deleted
The FBI’s action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials’ response to cyberattacks.
Read More Debating Law Enforcement’s Role in the Fight Against Cybercrime
Remote code execution, privilege escalation to root and lateral movement through a victim’s environment are all on offer for the unpatched or unaware.
Read More Raft of Exim Security Holes Allow Linux Mail Server Takeovers
Recently seized by the government, the site spoofed an actual company developing a coronavirus vaccine in an effort to steal personal data for malicious purposes.
Read More How one phony vaccine website tried to capture your personal information
Florida teen accused of hacking students’ accounts to rig homecoming contest to face felony charges as an adult
Read More Homecoming Queen Hacker to be Tried as an Adult
Just as digital transformation accelerated in the enterprise, the implementation and deployment of tech in the education sector has also accelerated, prompting Apple’s Claris subsidiary to introduce its own powerful student information system (SIS),…
Read More With Apple’s Claris, digital transformation goes to school
Crypto wallets and Discord credentials among targets of new information stealer
Read More Panda Stealer Targets Crypto Wallets
Avaddon Group Claims It Stole SIM Card Data, Banking InformationA ransomware gang claims to have stolen SIM card data and banking information in an attack on Schepisi Communications, a service provider to Australian telecommunications company Telstra, …
Read More Ransomware Hits Australian Telecom Provider Telstra’s Partner
Every IT pro should have at least a basic understanding of cyber security. That’s because the field is constantly evolving, and it makes sense that opportunities to change your career focus could come your way. Want to explore the possibilities with…
Read More Learn how to stop cybercrime with this low cost bundle, right from the comfort of home
On top of the privacy spill, Peloton is also recalling all treadmills after the equipment was linked to 70 injuries and the death of one child.
Read More Peloton’s Leaky API Spilled Riders’ Private Data
VMware has released security updates to address a critical severity vulnerability in vRealize Business for Cloud that enables unauthenticated attackers to remotely execute malicious code on vulnerable servers. […]
Read More VMware fixes critical RCE bug in vRealize Business for Cloud
Not only were Peloton bikes leaking personal information about users, but when told about the problem the company was far from perfect in its response.
Read More Peloton exercise bikes found exposing user data – company dawdles in its response
The attack overwhelmed the systems of a Belgian ISP, leading to widespread service outages and disruptions
Read More DDoS attack knocks Belgian government websites offline
The post DDoS attack knocks Belgian government websites offline appeared first on WeLiveSecurity
There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago.
Read More New Spectre-Like Attacks
The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process, as the team explains in a writeup from the University of Virginia. Even though the processor quickly realizes its mistake and does a U-turn to go down the right path, attackers can get at the private data while the processor is still heading in the wrong direction…
Even though they both seek common ends, networking and security teams are often at odds with each other, slowing their companies down.
Read More Poor collaboration between NOC and SOC hampers digital transformation efforts
A Windows Defender bug creates thousands of small files that waste gigabytes of storage space on Windows 10 hard drives. […]
Read More Windows Defender bug fills Windows 10 boot drive with thousands of files
A new cybercrime gang, tracked as UNC2529, has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware. The group targeted the organization […]
The post UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware appeared first on Security Affairs.
Read More UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware
Vulnerable security administration and frail organizational structures are turning manufacturing businesses into profitable targets for threat actors, with over half of manufacturers admitting they have been victims of cyberattacks. The WestRock ransom…
Read More Everything You Need to Know About the WestRock Ransomware Attack
Experts Stress Importance of Upgrading the Tool and Auditing FilesA patch has been issued for a serious vulnerability that impacts PHP Composer – a tool to manage and install software dependencies in the PHP ecosystem. Security researchers at SonarSour…
Read More PHP Composer Flaw That Could Affect Millions of Sites Patched
Blackbaud, a cloud software supplier, suffered one of the most notable ransomware attacks in May 2020. Not very long after discovering the attack, Blackbaud decided to pay the ransomware attackers. The move was considered unwise by cybersecurity expert…
Read More Blackbaud Ransomware Attack 101
In addition to new blueprints, IBM Security also announced a partnership with the cloud and network security provider Zscaler.
Read More IBM Security announces new ways for customers to adopt a zero trust approach
Clop Ransomware belonging to a popular Cryptomix ransomware family is a dangerous file encrypting virus which actively avoids the security unprotected system and encrypts the saved files by planting the .Clop extension. It exploits AES cipher to encryp…
Read More Clop Ransomware: Overview, Operating Mode, Prevention and Removal
Belgium’s parliament, universities, and police targeted in a coordinated DDoS attack
Read More Cyber-Attack on Belgian Parliament
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
Read More Will 2021 Mark the End of World Password Day?
A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even …
Read More New Study Warns of Security Threats Linked to Recycled Phone Numbers
Dell Has Patched Driver Issue Found by SentinelOneDell has patched five issues in a firmware update driver that has shipped in millions of laptops, tablets and desktops since 2009. The vulnerabilities apparently have not beem exploited in the wild and …
Read More Millions of Dell Devices Vulnerable to Update Driver Flaw
‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.
Read More Feds Shut Down Fake COVID-19 Vaccine Phishing Website
From the data gathered so far, it’s estimated that hundreds of millions of Dell desktops, laptops, and tablets have received the driver containing the vulnerability through various BIOS updates. Collectively tracked as CVE-2021-21551, five flaws have b…
Read More A Vulnerable Dell Driver Might Be Putting Millions of Systems at Risk
These bugs date back to 2009, and they could give crooks who are already in your network access to sysadmin superpowers.
Read More Dell fixes exploitable holes in its own firmware update driver – patch now!
A rapid proliferation of IoT has opened unsupervised doors to cybercriminals. How can we apply the principles of Zero Trust to address this challenge?
The post How to apply a Zero Trust approach to your IoT solutions appeared first on Microsoft Security.
Read More How to apply a Zero Trust approach to your IoT solutions
A few newly discovered critical vulnerabilities in the Exim mail transfer agent software are allowing unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers. Exim is a well-known mail transfer agent available…
Read More Critical Vulnerabilities Found in Exim MTA Servers
Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.
Read More Malicious Office 365 Apps Are the Ultimate Insiders
After developing a tool for testing the security of its own AI systems and assessing them for vulnerabilities, Microsoft has decided to open-source it to help organizations verify that that the algorithms they use are “robust, reliable, and trust…
Read More Counterfit: Open-source tool for testing the security of AI systems
Today’s podcast reports on creating safer passwords, why your car’s infotainment system may be a privacy risk, the discovery of a new hacking group, and security updates from Exim, Dell and Apple
The post Cyber Security Today, May 5, 2021 – World Password Day advice, your car’s infotainment system may be a privacy risk, plus vendor security updates first appeared on IT World Canada.
Read More Cyber Security Today, May 5, 2021 – World Password Day advice, your car’s infotainment system may be a privacy risk, plus vendor security updates
Article by Shiela PulidoDue to our dependence on the internet for digital transformation, most people suffer from the risks of cyberattacks. It is an even greater concern this year due to the trend of remote working and international business expansion…
Read More The Role of Translation in Cyber Security and Data Privacy
Cybersecurity analysts Lloyd Macrohon and Rodel Mendrez have recently inspected a new piece of malware that they’ve encountered during a breach investigation. Dubbed “Pingback”, the malware uses ICMP (Internet Control Message Protocol) tunneling for it…
Read More Pingback Malware Uses ICMP to Avoid C&C Detection
PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition.
Read More BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide
The issues, reporte…
Two waves of global financial phishing attacks that flooded at least 50 companies from a vast variety of fields in December have delivered three new malware strains, according to a report from FireEye’s Mandiant cybersecurity team. The main target area…
Read More Three New Malware Strains Found in Global-scale Phishing Campaign
Microsoft last week launched a public preview of the APIs (application programming interfaces) that IT admins can call on to control Windows Update for Business Deployment Service, the company’s latest effort to push commercial customers to adopt cl…
Read More Microsoft previews new Windows servicing APIs for enterprises
Another in our occasional series demystifying Latin American banking trojans
Read More Ousaban: Private photo collection hidden in a CABinet
The post Ousaban: Private photo collection hidden in a CABinet appeared first on WeLiveSecurity
The U.S. Agency for Global Media (USAGM) recently revealed that a phishing attack from December 2020 exposed the personal information of current and former employees and their beneficiaries, including full names and Social Security numbers. Image Sourc…
Read More U.S. Agency for Global Media Targeted by Phishers
A code audit of Exim, a widely used mail transfer agent, has revealed 21 previously unknown vulnerabilities, some of which can be chained together to achieve unauthenticated remote code execution on the Exim Server. They have all been fixed in Exim v4….
Read More 21 vulnerabilities found in Exim, update your instances ASAP!
Cyber Defense Magazine March 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 90 pages of excellent content. Cyber Defense Magazine May 2021 OVER 90+ PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached.CLICK HERE AND […]
The post Cyber Defense Magazine – May 2021 has arrived. Enjoy it! appeared first on Security Affairs.
Read More Cyber Defense Magazine – May 2021 has arrived. Enjoy it!
New study reveals major consumer mistrust of e-commerce brands
Read More Shoppers Choose Guest Checkouts Over Security Fears
Human nature has shown that people re-use passwords, at least for non-work accounts that aren’t requiring quarterly changes. How can it affect your current security that you’ve reused an old password or passphrase from 2012? Surprisingly, quite a…
Read More World Password Day: Using a Passphrase to Strengthen Your Security
From securing e-commerce transactions to encrypting data sent via email and verifying software packages, public key infrastructure (PKI) and encryption are essential to secure online communications. But what exactly is PKI, how does PKI work, and what …
Read More Your 10-Minute Guide to PKI & How Internet Encryption Works
Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline Infrastructure Manager (EIM), tracked as CVE-2021-29203, that could be exploited by attackers to compromise a customer’s cloud infrastructure. “A security vulnerability […]
The post Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager appeared first on Security Affairs.
Read More Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager
The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges.
Read More ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking
Collectively named ’21Nail…
IBM Security introduced a new Software as a Service (SaaS) version of IBM Cloud Pak for Security, designed to simplify how organizations deploy a zero trust architecture across the enterprise. The company also announced an alliance partnership with Zsc…
Read More IBM Cloud Pak for Security simplifies how organizations deploy a zero trust architecture
Amazon Web Services announced the general availability of Amazon DevOps Guru, a fully managed operations service that uses machine learning to make it easier for developers to improve application availability by automatically detecting operational issu…
Read More Amazon DevOps Guru: ML-powered cloud operations service to improve application availability
As organisations prepare for what life looks like in a post-pandemic world, one of the many issues they’ll have to address is IT security for home workers. A remote workforce comes with myriad dangers, with employees relying on their home networks – and sometimes their own devices – to complete tasks. And you better hope they have technical skills, because should they experience any technical issues, there’s only so much your IT team can do to help. According to the Velocity Smart Technology Market Research Report 2021, 70% of remote workers said they had experienced IT problems during the pandemic,
The post The cyber security risks of working from home appeared first on IT Governance UK Blog.
Read More The cyber security risks of working from home