July 8, 2021

Cisco addresses high severity privilege escalation vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks. Cisco released security patches for high severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks. The IT giant fixed two flaws […]

The post Cisco fixes High Severity issue in BPA and WSA appeared first on Security Affairs.

Read More Cisco fixes High Severity issue in BPA and WSA

BetterCloud surveyed more than 500 IT and security professionals—and examined internal data from thousands of organizations and users—to understand their top challenges, priorities, and the magnitude of data loss and sensitive information leaks. “Last …

Read More File security violations within organizations have spiked 134% as the world reopened for business

Rapid7 researchers discovered security vulnerabilities in the Sage X3 ERP product that could allow to take control of vulnerable systems. Researchers from Rapid7 discovered a total of four security vulnerabilities in the Sage X3 enterprise resource planning (ERP) solution. Chaining two of the vulnerabilities discovered by the expert, an attacker could execute malicious commands and take control of vulnerable […]

The post Multiple Sage X3 vulnerabilities expose systems to hack appeared first on Security Affairs.

Read More Multiple Sage X3 vulnerabilities expose systems to hack

1Strategy announced that it has achieved AWS Security Competency status. This designation validates 1Strategy’s comprehensive experience and expertise in delivering secure solutions. AWS Security Competency Partners help customers take advantage of int…

Read More 1Strategy achieves AWS Security Competency status and validates expertise in delivering secure solutions

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. Investment banking firm Morgan Stanley has disclosed a data breach after threat actors have compromised the Accellion FTA server of the third-party vendor Guidehouse. The company has offices in more than […]

The post Morgan Stanley discloses data breach after the hack of a third-party vendor appeared first on Security Affairs.

Read More Morgan Stanley discloses data breach after the hack of a third-party vendor

Cybersecurity analysts are charting both a rise in ransomware incidents and in amounts cybercriminals are demanding from businesses to restore their data. That’s bad news in itself, but what’s often overlooked are the additional ways – beyond payments victims may or may not choose to make– victims pay for these attacks. Our latest threat report […]

The post 4 ways ransomware can cost your business (in addition to extortion) appeared first on Webroot Blog.

Read More 4 ways ransomware can cost your business (in addition to extortion)

We’re excited to announce that in its first year of inclusion in the Magic Quadrant report, Microsoft Azure Sentinel has been named a Visionary, where we were recognized for our completeness of vision for SIEM.

The post Microsoft named a Visionary in the 2021 Gartner Magic Quadrant for SIEM for Azure Sentinel appeared first on Microsoft Security Blog.

Read More Microsoft named a Visionary in the 2021 Gartner Magic Quadrant for SIEM for Azure Sentinel

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

Read More Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details:

This weekend’s attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target’s network. After writing a base-64-encoded payload to a file named agent.crt the dropper executed it.

[…]

The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.” By digitally signing their malware, attackers are able to suppress many security warnings that would otherwise appear when it’s being installed. Cybereason said that the certificate appears to have been used exclusively by REvil malware that was deployed during this attack…

Read More Details of the REvil Ransomware Attack

The Tor Project has released Tor Browser 10.5 which enhances an anti-censorship feature and warns of V2 onion URL deprecation. The Tor Project has released Tor Browser 10.5 which implements an improved anti-censorship feature and warns users of V2 onion URL deprecation in favor of the newer V3 URLs. The first version supporting V3 URLs […]

The post Tor Browser 10.5 is out, it includes a new anti-censorship feature appeared first on Security Affairs.

Read More Tor Browser 10.5 is out, it includes a new anti-censorship feature

A threat actor has deposited 26.99 Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members. A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble. According to the experts, the […]

The post Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits appeared first on Security Affairs.

Read More Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Script prepared by Jori Negin-Shecter. Chinese social media giant WeChat is shutting down LGBTQ accounts, the Pentagon has cancelled a defence deal with Microsoft, and the Canadian tech sector is booming, but is it for real? It’s all the biz/tech news that’s popular right now. Welcome to Hashtag Trending! It’s Thursday, July 8 and I’m […]

The post Hashtag Trending, July 8 – WeChat drops LGBTQ content; Pentagon’s Microsoft deal fizzles; The Canadian Sector’s explosion first appeared on IT World Canada.

Read More Hashtag Trending, July 8 – WeChat drops LGBTQ content; Pentagon’s Microsoft deal fizzles; The Canadian Sector’s explosion