September 8, 2021

Zoho urges customers to address an authentication bypass vulnerability in its ManageEngine ADSelfService Plus that is actively exploited in the wild. Zoho has released a security patch to address an authentication bypass vulnerability, tracked as CVE-2021-40539, in its ManageEngine ADSelfService Plus. The company also warns the vulnerability is already exploited in attacks in the wild. […]

The post Zoho warns of zero-day authentication bypass flaw actively exploited appeared first on Security Affairs.

Read More Zoho warns of zero-day authentication bypass flaw actively exploited

A threat actor that goes online with the moniker ‘Sangkancil’ claims to have stolen the personal information of 7 million Israelis. A threat actor that goes online with the moniker ‘Sangkancil’ claims to have stolen the personal information of 7 million Israelis from the CITY4U website. The hacker is offering the data for sale, but […]

The post Personal information of 7 million Israelis available for sale appeared first on Security Affairs.

Read More Personal information of 7 million Israelis available for sale

Announced at the Lenovo Tech World event on Sept. 8, the Lenovo IdeaPad Slim 7 Carbon and Lenovo IdeaPad Slim 7 Pro are the first Lenovo laptops that will ship with Windows 11. Name Lenovo IdeaPad Slim 7 Carbon Lenovo IdeaPad Slim 7 Pro Dimensions and Weight Thinnest point: 14.9mm Weight: 1kg (2.37 lbs) Thinnest […]

The post Lenovo launches two new IdeaPads with Windows 11 first appeared on IT World Canada.

Read More Lenovo launches two new IdeaPads with Windows 11

Groove gang leaked online Fortinet credentials that could be used to breach networks of organizations using the compromised devices. The financially motivated threat actor Groove has leaked online compromised credentials belonging to many organizations. The ransomware group has been active since August 2021 and implement a double extortion model like other gangs. The threat actor leaked a […]

The post Groove gang leaks list of 500k credentials of compromised Fortinet appliances appeared first on Security Affairs.

Read More Groove gang leaks list of 500k credentials of compromised Fortinet appliances

Russian communications watchdog Roskomnadzor tightens control of its citizens and blocked access to six virtual private networks (VPNs), including NordVPN and ExpressVPN. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six virtual private networks (VPNs), Hola!VPN, ExpressVPN, KeepSolid VPN Unlimited, Nord VPN, Speedify VPN, and IPVanish VPN. Russian communications […]

The post Russian communications watchdog Roskomnadzor blocks access to 6 VPNs appeared first on Security Affairs.

Read More Russian communications watchdog Roskomnadzor blocks access to 6 VPNs

Microsoft Corp. warned Tuesday that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.

Read More Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Today’s podcast reports on the kind of companies ransomware gangs are targeting, another reminder to patch Confluence servers and patches available for Netgear hardware and NPM software

The post Cyber Security Today, Sept. 8, 2021 – Ransomware gang targets, Confluence servers under attack and a warning to Firebase developers first appeared on IT World Canada.

Read More Cyber Security Today, Sept. 8, 2021 – Ransomware gang targets, Confluence servers under attack and a warning to Firebase developers

Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either the nature of the […]

The post Microsoft warns of a zero-day in Internet Explorer that is actively exploited appeared first on Security Affairs.

Read More Microsoft warns of a zero-day in Internet Explorer that is actively exploited

Organisations that adopted hybrid working during the pandemic have had to adjust many policies and processes, but one that they may have overlooked is their CIR (cyber incident response) plan. Before the pandemic, you could safely assume that most employees were based in the office and therefore a controlled environments. That made planning for disruptions comparatively straightforward: you knew where everyone was located, you had complete visibility over your threat landscape and you could communicate with everyone directly. But hybrid working complicates that. Although it comes with huge logistical and financial benefits – plus it makes employees happier – it

The post How to create a cyber incident response plan when you have a hybrid workforce appeared first on IT Governance UK Blog.

Read More How to create a cyber incident response plan when you have a hybrid workforce

El Salvador makes a big Bitcoin purchase, Facebook’s fake news epidemic rages on, and Zoom’s prominence continues to have unexpected side effects on our mental health. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Wednesday, September 8, and I’m your host, Tom Li. Ahead of plans to make Bitcoin […]

The post Hashtag Trending September 8 – El Salvador Bitcoin purchase; Fake news generates high engagement; ‘Zoom Dysmorphia’ on the rise first appeared on IT World Canada.

Read More Hashtag Trending September 8 – El Salvador Bitcoin purchase; Fake news generates high engagement; ‘Zoom Dysmorphia’ on the rise