July 6, 2021

Positive Technologies experts provide details about potential impact of a recently fixes command injection flaw in SonicWall NSM devices. Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection vulnerability that affects SonicWall’s Network Security Manager (NSM) product. At the end of May, SonicWall urged its customers to ‘immediately’ address a post-authentication vulnerability, tracked […]

The post SonicWall addresses critical CVE-2021-20026 flaw in NSM devices appeared first on Security Affairs.

Read More SonicWall addresses critical CVE-2021-20026 flaw in NSM devices

Russian hacking group REvil attacks 200 networks in the U.S., audio software Audacity is being called a spyware and Google removes nine apps from the Play Store for infiltrating Facebook logins.  It’s all the biz/tech news that’s popular right now. Welcome to Hashtag Trending! It’s Tuesday, July 6 and I’m your host Tom Li. […]

The post Hashtag Trending, July 6 – REvil ransomware attack; Audacity is spyware; Google app control first appeared on IT World Canada.

Read More Hashtag Trending, July 6 – REvil ransomware attack; Audacity is spyware; Google app control

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords:

The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. All the passwords it created could be bruteforced in seconds. This article explains how to securely generate passwords, why Kaspersky Password Manager failed, and how to exploit this flaw. It also provides a proof of concept to test if your version is vulnerable…

Read More Vulnerability in the Kaspersky Password Manager

Coffee Briefings are timely deliveries of the latest ITWC headlines, interviews, and podcasts. These briefings drop on Tuesday mornings. Today’s Coffee Briefing is delivered by IT World Canada reporter Tom Li, with files from the rest of the editorial team. Missed last week’s Coffee Briefing? We got you covered. ITWC Podcasts Listen to the latest […]

The post Coffee Briefing, July 6, 2021 – Qualcomm dumps Arm for PC; FTC charges Broadcom; used cars to get expensive in Canada;and more first appeared on IT World Canada.

Read More Coffee Briefing, July 6, 2021 – Qualcomm dumps Arm for PC; FTC charges Broadcom; used cars to get expensive in Canada;and more

Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers. Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack. Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management […]

The post Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya appeared first on Security Affairs.

Read More Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya

Draft NISTIR 8286A, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM), is now available for a second public comment period. This report provides a more in-depth discussion of the concepts introduced in NISTIR 8286, Inte…

Read More Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management: 2nd Public Draft of NISTIR 8286A Available for Comment

The bitcoin price rise has been fluctuating lately. It was worth roughly $10,600 in October. An analysis from Baracuda Networks reveals that with the boost of the cryptocurrency popularity, threat actors thought it’s the proper time to launch some cybe…

Read More Bitcoin Price Rise Makes Way for New Cyberattacks: BEC Attacks and Phishing Impersonations on the Carpet

The bitcoin price rise has been fluctuating lately. It was worth roughly $10,600 in October. An analysis from Baracuda Networks reveals that with the boost of the cryptocurrency popularity, threat actors thought it’s the proper time to launch some cybe…

Read More Bitcoin Price Rise Makes Way for New Cyberattacks: BEC Attacks and Phishing Impersonations on the Carpet

Group-IB supported INTERPOL in its Operation Lyrebird that allowed to identify a threat actor presumably responsible for multiple attacks. Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, has supported INTERPOL in its Operation Lyrebird that resulted in the identification and apprehension of a threat actor presumably responsible for multiple attacks, […]

The post Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide appeared first on Security Affairs.

Read More Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Taiwanese vendor QNAP addressed a critical flaw, tracked as CVE-2021-28809, that could be exploited to compromise vulnerable NAS devices. Taiwanese vendor QNAP fixed a critical vulnerability, tracked as CVE-2021-28809, that could be exploited by attackers to compromise vulnerable NAS devices. The vulnerability affects certain legacy versions of HBS 3 Hybrid Backup Sync, it was reported to […]

The post QNAP addressed a critical flaw that allows compromising NAS devices appeared first on Security Affairs.

Read More QNAP addressed a critical flaw that allows compromising NAS devices

A little over a decade ago now, I awoke from a long haul flight to find an email I never expected to see: my first Microsoft MVP award. I earned the award by doing something many people couldn’t understand, namely devoting a bunch of my time to creating

Read More MVP 11

ENISA publishes Cybersecurity guide for SMEs, a document that aims at providing suggestions to secure their business During the COVID-19 pandemic, most of organizations increased their presence online, enlarging their surface of attacks. The surface of attack for SMEs was enlarged, many of them took business continuity measures, such as adopting cloud services, improving their […]

The post ENISA publishes Cybersecurity guide for SMEs appeared first on Security Affairs.

Read More ENISA publishes Cybersecurity guide for SMEs