Apache OpenOffice (AOO) is currently impacted by a remote code execution flaw, tracked as CVE-2021-33035, that has yet to be fixed in the official release. Security researcher Eugene Lim (@spaceraccoonsec) recently revealed technical details about a remote code execution flaw, tracked as CVE-2021-33035, (CVE-2021-33035) that impacts OpenOffice (AOO). The experts disclosed the flaw at HackerOne’s […]
The post Apache OpenOffice is currently impacted by a remote code execution flaw appeared first on Security Affairs.
Read More Apache OpenOffice is currently impacted by a remote code execution flaw
Security misconfigurations are one of the most common gaps hackers look to exploit. One bad configuration setting in a popular cloud platform can have far-reaching consequences, allowing threat actors to access an abundance of valuable, personal inform…
Read More Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings
U.S. The farmers cooperative NEW Cooperative was hit by Black Matter ransomware gang that is demanding a $5.9 million ransom. BlackMatter ransomware gang hit NEW Cooperative, a farmer’s feed and grain cooperative, and is demanding a $5.9 million ransom. The ransomware gang claims to have stolen 1,000 GB of data including the source code for […]
The post Black Matter gang demanded a $5.9M ransom to NEW Cooperative appeared first on Security Affairs.
Read More Black Matter gang demanded a $5.9M ransom to NEW Cooperative
In this interview with Help Net Security, Eran Livne, Director, Product Management, Endpoint Remediation at Qualys, discusses vulnerability remediation complexity, the challenges related to proactive patching, as well as Qualys Patch Management. What m…
Read More The complexities of vulnerability remediation and proactive patching
Marlin Hawk released a research report which explores industry trends and insights of CISOs around the world, the challenges they face in a rapidly evolving cybersecurity landscape, as well as their role and place within organizations. The report also …
Read More Challenges CISOs face in a rapidly evolving cybersecurity landscape
Cyber attackers can just as easily trick or fool you in messaging apps as they can in email. Be on the look-out for scams or attacks via apps such as Slack, Skype, WhatsApp or event simple text messaging. The most common clues are tremendous sense of u…
Read More Messaging / Smishing Attacks
77% of Americans believe their company has gaps in its current security tools, according to Lynx Software survey findings. 500 Americans in managerial and executive roles were surveyed to find out their opinions on the security of their companies and i…
Read More 77% of execs concerned about security tools gaps in their company
Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand. The expert discovered the unsecured database on August […]
The post Data of 106 million visitors to Thailand leaked online appeared first on Security Affairs.
Read More Data of 106 million visitors to Thailand leaked online
Organizations are prioritizing strategic security programs but missing the foundational capabilities they need to make meaningful changes to their security posture, a ReliaQuest and Ponemon Research survey reveals. Among the roadblocks to achieving a r…
Read More Organizations prioritize strategic security programs, but lack fundamentals
Attackers are increasingly targeting a remote code execution vulnerability in the Open Management Infrastructure (OMI) framework that Microsoft released patches for earlier this month.
Read More Attacks Targeting OMIGOD Vulnerability Ramping Up
Despite office workers being aware of the cybersecurity challenges faced by their employer – especially when it comes to hybrid working – many admit to high risk behavior including sharing passwords, downloading non-work related files and e…
Read More Office workers unwilling to change their behavior, despite being aware of the cybersecurity challenges
Data breaches have reached a fever pitch over the last few years. The rapid frequency of successful attacks coupled with the rising costs to businesses has raised attention at the highest levels of global governments. In the past, breaches were re…
Read More Cybersecurity Maturity Model Certification (CMMC) – A Model for Everyone
A massive $100 billion in transactions in 2021 alone have been protected by 3-D Secure payments authentication technology, Outseer reveals. The report also reveals continued explosive growth of worldwide 3-D Secure transactions due to skyrocketing adop…
Read More 3-D Secure transactions growth fueled by card-not-present explosion and PSD2
The General Data Protection Regulation (GDPR) Act is a broad set of data privacy rules that define how an organization must handle and protect the personal data of citizens of the European Union (EU). The Regulation also outlines the way that orga…
Read More How to Report a Data Breach per GDPR
Researchers Believe NEW Cooperative Targeted By BlackMatter GangNEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the organization, according…
Read More Ransomware Reportedly Hits Iowa Farm Services Cooperative
ProLion launched its ClusterLion for SAP on the Microsoft Azure Marketplace. ProLion customers can now take advantage of the productive and trusted Azure cloud platform, with streamlined deployment and management for the first time. ProLion ClusterLion…
Read More ProLion ClusterLion for SAP now available on Azure Marketplace
A wide range of organizations from defence to banking are preparing for ‘Y2Q’, the moment when a sufficiently developed quantum computer emerges that can break today’s encryption. As a trusted cyber security supplier to ultra high net worth individuals…
Read More CDS partners with Post-Quantum to provide post-quantum encryption algorithms for super yachts
It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground.
In a bid to minimize these scenarios, a growing number of major companies are adopting “Security.txt,” a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences.
Read More Does Your Organization Have a Security.txt File?
Cross-Chain Protocol pNetwork Offers Hacker ‘Clean’ $1.5 Million Bug BountyIn the latest security incident involving a decentralized finance protocol, cross-chain project pNetwork announced Sunday it had been hacked for 277 pBTC, a form of wrapped bitc…
Read More Hacker Makes Off With $12 Million in Latest DeFi Breach
Nation-State Chinese Groups APT27, APT41 Likely CandidatesEarlier this month, McAfee Enterprise’s Advanced Threat Research team, working with McAfee’s Professional Services IR team, reported that an APT campaign dubbed Operation Harvest had been in ope…
Read More Chinese APT Data-Harvesting Campaign Analyzed
Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.
Read More Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate
Microsoft last week announced the availability of the next edition of perpetual-license Office for commercial and government customers.Dubbed “Office LTSC 2021,” as in “Long-term Support Channel,” the new Office suite was built as a subset of the fe…
Read More Microsoft releases new perpetual Office for enterprise
Canada’s biggest telecom operators ranked high in 5G gaming performance, an Opensignal report that measured 5G network performance of 106 network operators found. The Big Three Canadian carriers–Bell, Rogers and Telus–all placed within the top-30 in Opensignal’s 5G Global Mobile Network Experience Awards 2021. Opensignal’s gaming performance category measures latency, jitter and packet loss during […]
The post Canadian 5G networks excel in gaming, Opensignal report finds first appeared on IT World Canada.
Read More Canadian 5G networks excel in gaming, Opensignal report finds
MicroTik Flaws Still Being Exploited, But There Are Mitigation StepsThe Mēris botnet, responsible for huge waves of DDoS attacks recorded by cybersecurity firms Qrator Labs and Cloudflare, is still active, using “abandoned” MikroTik routers. The attack…
Read More Mēris: How to Stop the Most Powerful Botnet on Record
Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits.
Read More Europol Breaks Open Extensive Mafia Cybercrime Ring
Eleven-year-olds targeted in cyber-bullying trend spread via social media
Read More France Condemns #Anti2010 Cyber-bullying
Scraped Whois Information Leaked by Anonymous in Reprisal for Alt-Right Site HostingMore than 15 million email addresses and individuals’ personal details have been leaked by Anonymous in reprisal for Texas’ new law restricting abortion. The leaked inf…
Read More Web Hoster Epik’s Breach Exposes 15 Million Email Addresses
When you look at a digital sign today, don’t be surprised if it is looking back. An increasing number of digital signs are being loaded with sensors and analytics programs so retailers can glean useful data like mapping out the shopping patterns of customers, said Johanny Payero, Senior Manager of OEM of Marketing and Program […]
The post Digital signage: More than just a pretty fascia first appeared on IT World Canada.
Read More Digital signage: More than just a pretty fascia
For added security, Windows 11 will forgo the older MBR partition scheme and use GPT instead. That may require users to convert their older hard drives. Here is how to do it.
Read More Windows 11 prep: How to convert MBR hard drive partitions to GPT
Apple on Monday rolled out a major refresh of its flagship iOS mobile platform, adding a built-in two-factor authentication code generator and multiple anti-tracking security and privacy features.
Read More Apple Ships iOS 15 with MFA Code Generator
Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.
Read More Payment API Bungling Exposes Millions of Users’ Payment Data
Most Americans say news of ransomware attacks and data breaches causes them stress
Read More Americans Stressed Out by Cyber-attack Coverage
Malware able to abuse Windows Subsystem for Linux has been seen in the wild, say researchers
The post Windows admins running Linux warned of threat first appeared on IT World Canada.
Read More Windows admins running Linux warned of threat
Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. The phishing campaign has been ongoing since spring 2020 when the domains were first transferred to their current host. At […]
The post Large phishing campaign targets EMEA and APAC governments appeared first on Security Affairs.
Read More Large phishing campaign targets EMEA and APAC governments
Spanish and Italian authorities have dismantled an organized crime group allegedly involved in online fraud, money laundering, and other illegal activities.
Read More Cybercriminals Linked to Italian Mafia Arrested by European Police
Personal info of international visitors to Thailand found online in unsecured database by impacted researcher
Read More Data of 106 Million Visitors to Thailand Breached
As experts stay busy trying to figure out what exactly the next “new normal” might look like, organizations are already working hard to build it. And while every business is leveraging IT to solve unique challenges and take advantage of new opportun…
Read More BrandPost: Elevating Business Computing Everywhere
As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization.
The post A guide to combatting human-operated ransomware: Part 1 appeared first on Microsoft Security Blog.
Read More A guide to combatting human-operated ransomware: Part 1
Just a couple of years of IT experience is all that’s necessary to break into the cybersecurity field with this self-paced training.
Read More Here’s how to become an in-demand cybersecurity expert
As a Microsoft Patch Lady, I’ve been patching computers and servers for more than 20 years. We started with a process that wasn’t well planned. We had no set day or time for when patches were released, and no way to centrally manage and deploy updat…
Read More A penchant for patching: After 20 years, the system’s still a mess
“Stop. Think. Connect.” Say those words aloud – and please pronounce the pauses prescribed by the periods!
Read More “Back to basics” as courier scammers skip fake fees and missed deliveries
Event management company EventBuilder exposed files containing the personal information of at least 100,000 users who registered for events on its platform.
Read More EventBuilder Exposed Information of Over 100,000 Event Registrants
Since ransomware attacks have been a continuous threat to US infrastructure over the last two years, the Biden administration is said to be expected this week to put in place ransomware crypto exchanges sanctions. These will apply to wallets, crypto ex…
Read More Ransomware Crypto Exchanges Sanctions to Be Implemented by the U.S.
12 years in prison was the sentence that a Pakistani fraudster received after he and his co-conspirators coordinated a seven-year scheme that led to the fraudulent unlocking of almost 2 million phones from the AT&T ntework. What Happened? Muhammad …
Read More $200M Lost in Illegal Phone Unlocking Scheme
Stories of ransomware assaults are common in many headlines worldwide. The attacks target both large and small businesses alike. Research suggests that over half of organizations find it difficult to…
The post Microsoft Researches Ransomware Attack Targeting App Developers appeared first on Hacker Combat.
Read More Microsoft Researches Ransomware Attack Targeting App Developers
Europol, along with Italian and Spanish police, dismantled a major crime organization linked to the Italian Mafia that focuses on online frauds. Europol, along with law enforcement agencies in Italy and Spain, has dismantled a major crime group linked to the Italian Mafia that was involved in online fraud, drug trafficking, money laundering, and property […]
The post Europol arrested 106 fraudsters, members of a major crime ring appeared first on Security Affairs.
Read More Europol arrested 106 fraudsters, members of a major crime ring
Apple ships the latest iteration of its operating systems for iPads and iPhones today, but some (though not all) of the most enterprise-friendly features won’t be ready on day one.What you get with iOS 15/iPadOS 15
Read More What’s not coming (yet) in iOS 15/iPadOS 15
Despite the extent of this list, y…
Using Microsoft’s Windows Subsystem for Linux (WSL), attackers have leveraged Linux binaries to load payloads into Windows processes, according to researchers with Black Lotus Labs, the threat intelligence unit of tech company Lumen.
Read More Attackers Use Linux Binaries as Loaders for Windows Malware
APIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before atta…
Read More Bring Your APIs Out of the Shadows to Protect Your Business
The Alaska health department has shared more information about the cyberattack detected earlier this year, and the organization says the attack was conducted by state-sponsored hackers.
Read More Cyberattack on Alaska Health Department Linked to State-Sponsored Hackers
Law enforcement agencies in Italy and Spain have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking, and property crime, netting the gang about €10 million ($11.7 millio…
Read More Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters
As ransomware attacks have gained ground recently, researchers decided to start making out a list of vulnerabilities abused by ransomware groups that is easy-to-follow in order for organizations to be aware of which security flaws ransomware gangs expl…
Read More Experts Make Out a List of Vulnerabilities Abused by Ransomware Groups
Government departments in at least 7 countries in the Asia-Pacific (APAC) and Europe, the Middle East and Africa (EMEA) regions have been targeted in a phishing campaign that has been ongoing since spring 2020.
Read More Ongoing Phishing Campaign Targets APAC, EMEA Governments
Report: Treasury Department to Announce Sanctions as Early as This WeekThe Biden administration may soon unveil plans to curtail the ransomware attacks that have crippled corporate networks this year. According to a report from The Wall Street Journal,…
Read More US to Unveil Sanctions on Use of Cryptocurrency for Ransoms
Indonesian authorities have found no evidence that the country’s main intelligence service’s computers were compromised, after a U.S.-based private cybersecurity company alerted them of a suspected breach of its internal networks by a Chinese hacking g…
Read More Indonesia Says No Evidence of Alleged Chinese Intel Hack
A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research…
Read More A New Wave of Malware Attack Targeting Organizations in South America
A threat actor likely operating out of Nigeria has been engaged in various malicious campaigns for the past five years and it has mainly targeted the aviation industry for the last two, Cisco’s Talos security researchers reveal.
Read More Nigerian Threat Actor Targeting Aviation Industry Since 2018
One of the biggest enterprise additions to iOS 15 and iPadOS 15 is a significant change to Apple’s MDM (mobile device management) protocol. Earlier MDM changes primarily focused on adding new management, security, or deployment features, extending what…
Read More How Apple is changing MDM in iOS 15
The new Elon Musk-themed cryptocurrency giveaway scam is called the “Elon Musk Mutual Aid Fund” or “Elon Musk Club”. People might think that no one falls for these scams, but unfortunately, similar crypto scams have been extreme…
Read More A New Crypto Giveaway Scam Is Promoted Via Email
Researchers claim developers are failing to follow best practices
Read More Payment API Vulnerabilities Exposed “Millions” of Users
Amazon bans merchants for fake reviews, Apple threatens to boot Facebook from its App Store, and MacBook displays are randomly cracking. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Monday, September 20, and I’m your host, Tom Li. Amazon is cracking down on merchants who purchase fake reviews. According […]
The post Hashtag Trending Sept. 20 – Amazon bans fake reviews; Apple threatens to boot Facebook; Cracking MacBook displays? first appeared on IT World Canada.
Read More Hashtag Trending Sept. 20 – Amazon bans fake reviews; Apple threatens to boot Facebook; Cracking MacBook displays?
Credential stuffing is a form of cyberattack where hackers are taking over massive databases of usernames and passwords, many of which are stolen in recent data breaches, and use an automated method to “stuff” the account logins into other …
Read More Everything You Need to Know About Credential Stuffing and How to Prevent It