Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with …Read More Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack
With this year’s attacks against Colonial Pipeline and Kaseya, ransomware and its impact on infrastructure have been pushed to the forefront of American political consciousness. These cyber attacks brought pain to the public, driving a response from th…Read More The government’s response to cybersecurity threats is not enough
Hornetsecurity released the results of a global study of IT professionals on their preparedness for ransomware attacks. Survey data showed that although companies are increasingly aware of the risks ransomware poses, many organizations lack proper prot…Read More Ransomware attacks preparedness lagging, despite organizations being aware of the risks
CEO Fraud / BEC is a type of targeted email attack. It commonly involves a cyber criminal pretending to be your boss or a senior leader and then tricking you into sending the criminal highly sensitive information, buying gift cards or initiating a wire…Read More CEO Fraud
CloudLinux launched a new open-core project – KuberLogic – software that allows DevOps to set up scalable, self-healing PaaS on top of your Kubernetes cluster. Available on GitHub, KuberLogic allows administrators to run and deploy key open-source comp…Read More KuberLogic open-source platform turns infrastructure into a managed PaaS
BlueVoyant released the findings of its second annual global survey into third-party cyber risk management. The study reveals that 97% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain. 93% ad…Read More Worldwide supply chains vulnerable as businesses lack visibility into suppliers
SecureAge announced the release of its study which polled 200 employers and 400 employees from around the UK business world during Q3 2021, and examined key cybersecurity topics and trends. According to the survey, forty eight percent of businesses hav…Read More Cybersecurity shortcomings exposed by the pandemic
Leading organizations are investing in the mainframe, innovating with DevOps, and integrating systems and teams to drive digital transformation, according to a BMC survey. Champions drive mainframe innovation for business growth After surveying more th…Read More Investing in the mainframe remains key driver for digital transformation
IDC sees 2021 as an accelerated year for multi-access edge cloud (MEC) investments. MEC buildouts are being carried out by a broad cross-section of edge stakeholders (e.g., wireless and wireline communications service providers, cable companies, conten…Read More Multi-access edge cloud market to grow steadily by 2025
Is your Elasticsearch data protected from hackers and common attacks like search injections? Join data security expert and CEO of IronCore Labs Patrick Walsh on November 4th for a webinar on using application-layer encryption and encrypted search to se…Read More Webinar: How to secure your sensitive data in Elasticsearch
Jetico released BestCrypt Data Shelter, a new cybersecurity tool that’s integrated with all Jetico encryption products. Designed to protect files and folders even when they’re in use, Data Shelter builds on the data-at-rest capabilities of BestCrypt pr…Read More Jetico BestCrypt Data Shelter protects folders from unwanted processes and users
ReliaQuest announced two new capabilities within GreyMatter, its cloud-native open XDR platform: Security Model Index, and Verify. Now with ReliaQuest GreyMatter, organizations can deliver cyber risk metrics, test and validate security controls across …Read More ReliaQuest releases two capabilities within its XDR platform to improve security operation efficacies
Panther Labs announced Panther for AWS security, a security logging solution designed for AWS security teams. Now, AWS security teams will have a single platform for aggregating, organizing, and prioritizing security-relevant data from AWS accounts and…Read More Panther for AWS allows security teams to monitor their AWS infrastructure in real-time
Huntress launched a series of platform enhancements designed to protect small and midsize businesses (SMBs) from modern cyberthreats. The release includes the general availability of the company’s Managed Antivirus (AV) service, new host isolation capa…Read More Huntress launches endpoint protection capabilities to defend SMBs from cyberattacks
To better serve clients and the financial services industry, Broadridge Financial Solutions launched Broadridge Anti-Money Laundering Solution (AMLS), bringing new edge capabilities to Broadridge’s existing Intelligent Automation suite. The new s…Read More Broadridge Anti-Money Laundering Solution detects complex money laundering activities
ARMO released an expanded version Kubescape, an open-source testing tool for Kubernetes environments that is compliant with the standards set forth in the Kubernetes Hardening Guidance released by the NSA and CISA. Kubescape is one of the fastest-growi…Read More ARMO adds MITRE ATT&CK framework to its open-source Kubernetes testing tool
Outseer announced new identity-centric capabilities for Outseer Fraud Manager product offering. The two innovations include: New solution for account enrollment protection: Outseer Fraud Manager customers can now enroll their users into new digital ser…Read More Outseer expands fraud prevention value for customers with identity-centric capabilities
Unbound Security unveiled the latest evolution of Unbound CORE for virtualized cryptography and encryption key management. CORE virtualizes key management and enables a single pane of glass view of all key use by virtualizing HSMs that fully integrate …Read More Unbound CORE virtualizes key management via single pane of glass cryptographic platform
Digi International unveiled the Digi TX64 5G Rail, expanding the portfolio of transit routers to include a cellular router specifically designed for rail-transit applications. Digi’s new high-performance cellular router features 5G connectivity with 4G…Read More Digi International unveils TX64 5G Rail router designed for rail-transit applications
Softchoice announced a multi-year agreement with Amazon Web Services (AWS) to build on Softchoice’s cloud expertise and develop new capabilities so that organizations can transform and innovate in the cloud. Working together, Softchoice and AWS will cr…Read More Softchoice strengthens cloud migration and modernization service offerings through AWS
IBM and Raytheon Technologies will jointly develop advanced artificial intelligence, cryptographic and quantum solutions for the aerospace, defense and intelligence industries, including the federal government, as part of a strategic collaboration agre…Read More IBM partners with Raytheon to advance new aerospace, defense and intelligence solutions
Citrix Systems and Google Cloud are expanding their strategic partnership to deliver the future of hybrid work for enterprise customers. The companies announced a new collaboration which will include Citrix launching a new Desktop-as-a-Service (DaaS) o…Read More Citrix collaborates with Google Cloud to help customers accelerate and embrace hybrid work
Accenture has entered into an agreement to acquire BRIDGEi2i, an artificial intelligence (AI) and analytics firm headquartered in Bangalore, India, with additional offices in the US and Australia. The acquisition will add more than 800 deeply skilled p…Read More Accenture acquires BRIDGEi2i to enhance AI skills and data science capabilities
Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th. In-The-Wild & Disclosed CVEs CVE-2021-40449 Up first thi…Read More VERT Threat Alert: October 2021 Patch Tuesday Analysis
cloudtamer.io announced that it has raised a $9.5 million Series A funding round led by Blue Heron Capital and TDF Ventures, with participation from Blu Venture Investors, Early Light Ventures and Gaingels. This funding will be used to expand its sales…Read More cloudtamer.io raises $9.5M to expand its sales and marketing operations
The FreakOut (aka Necro, N3Cr0m0rPh) Python botnet evolves, it now includes a recently published PoC exploit for Visual Tools DVR. Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR, a professional digital video recorder used in surveillance video systems. The POC exploit code for this vulnerability is publicly […]Read More Necro botnet now targets Visual Tools DVRs
Brushing scams may seem harmless, but may mean that your personal data has been compromised.Read More Brushing Scams: Free stuff at a high price
A previously known threat actor is using the flaw in a broad cyber-espionage campaign, security vendor warns.Read More Microsoft Fixes Zero-Day Flaw in Win32 Driver
MITRE has created two new organizations intended to help the company better focus on cybersecurity threats to critical infrastructure and new approaches to public health challenges. The Cyber Infrastructure Protection Innovation Center and Clinical Ins…Read More MITRE launches two organizations to protect critical infrastructure and clinical health data
Encryption startup Vaultree aims to give companies the ability to work with fully encrypted data in the cloud.Read More New Vaultree Encryption-as-a-Service Keeps Cloud Data Fully Encrypted
Founder and CEO Mike Marotti will lead experts in campaign security to help progressive politicians and organizations with cybersecurity and IT needs.Read More Former Director of IT and Cybersecurity for Warren Presidential Campaign Launches Personified
IntelePeer announced the promotion of its Chief Financial Officer (CFO) Andre Simone to Chief Operating Officer (COO) and the appointment of Thomas Conway to CFO. Both Andre and Thomas bring decades of industry experience to their new roles, as well as…Read More IntelePeer promotes Andre Simone to COO and appoints Thomas Conway as CFO
On October 5, 2021, Microsoft announced the availability of Windows 11, which began as a slow, phased rollout, expected to reach all eligible devices by the middle of 2022. But a Windows launch isn’t the end a process — it’s really just the beginnin…Read More Windows 11: A guide to the updates
Microsoft’s October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers.Read More Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign
On Demand Webinar | For Retail : Preventing Application Fraud while Removing User FrictionWatch this onDemand webinar which includes a focused retail case study on fighting fraud & user friction.Read More On Demand Webinar | For Retail : Preventing Application Fraud while Removing User Friction
OMB Memo: Agencies Have 90 Days to Allow CISA to Begin Reviewing EDR StatusIn an effort to bolster endpoint protection within the U.S. government, the White House is ordering federal agencies to allow CISA to access existing deployments. It is also set…Read More CISA to Access Agencies’ Endpoints, Help Enhance Security
Adobe addressed ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. Adobe has released security updates to address ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. The IT giant addressed four vulnerabilities in Acrobat and Reader for Windows and macOS, two arbitrary code execution flaws, tracked […]
The post Adobe addresses four critical flaws in its products appeared first on Security Affairs.Read More Adobe addresses four critical flaws in its products
Increased media attention is driving changes in enterprise security strategy — some positive, some negative.Read More High-Profile Breaches Are Shifting Enterprise Security Strategy
Google Cloud, Okta, ServiceNow, Zscaler, Netskope, Proofpoint, Extrahop, Mimecast, Claroty, and Corelight have joined the coalition.Read More New CrowdXDR Alliance Defines Data Exchange Standard for XDR
Former CEO of SCANA sent to federal prison over $11bn construction of “nuclear ghost town”Read More Nukegate CEO Imprisoned for Fraud
Nearly all DDoS attacks in the first half of 2021 were less than 1 Gbps, Nexusguard found.Read More Smaller ‘Bit and Piece’ DDoS Attacks Slam Servers to Evade Mitigation Systems
CrowdStrike made two major announcements at its own Fal.Con (virtual) conference this week, launching a free Community Edition of Humio, and announcing Falcon XDR.
Canadian not-for-profit organization Mitacs is helping SMEs in Canada solve business challenges with research solutions from Canadian education institutes
The post Canadian students are helping SMEs innovate with funding from Mitacs – here’s how first appeared on IT World Canada.Read More Canadian students are helping SMEs innovate with funding from Mitacs – here’s how
The Microsoft Patch Tuesday freight train for October rolled in with fixes for at least 71 security defects in Windows products and components and an urgent warning about a newly discovered zero-day cyberespionage campaign.
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.Read More Patch Tuesday, October 2021 Edition
On October 2021 Patch Tuesday, Microsoft has fixed 71 CVE-numbered vulnerabilities. Of those, only one was a zero-day exploited in attacks in the wild (CVE-2021-40449) and three were publicly known before the release of the patches. Vulnerabilities of …Read More Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)
The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers.Read More Windows Zero-Day Actively Exploited in Widespread Espionage Campaign
Sam King, CEO of Veracode, was recently named a Tech Top 50 recipient by the Mass Technology Leadership Council (MassTLC) for her exemplary leadership over the past twelve months.
The Mass Technology Leadership Council (MassTLC), the region’s leading t…
You can develop the skills to qualify you for a variety of tech careers all online and on your own schedule.Read More Get lifetime access to 9 courses to help you pass the most popular CompTIA exams
Team of in-house experts at Google aims to advise governments on digital securityRead More Google Creates Cybersecurity Action Team
Japanese medical technology company Olympus this week revealed that its operations in the Americas were affected by a cyberattack.
Detected on October 10, the attack forced the company to shut down some of its systems, but Olympus says that it is alrea…
Ransomware struck the northern Canadian territory the morning after Halloween. With the help of Microsoft’s disaster recovery team the IT department ralliedRead More How Nunavut recovered from a ransomware attack
Adobe on Tuesday announced that it has patched a total of 10 vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products.
California holding company snaps up fourth cybersecurity acquisitionRead More RealDefense Acquires STOPzilla
An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others.Read More Office 365 Spy Campaign Targets US Military Defense
As a female entrepreneur, Adelia Castelino credits much of her early success to the role models who inspired and supported her vision to create a small start-up business, which has since flourished into a successful global company. …
Olympus US was forced to take down IT systems in the American region (U.S., Canada, and Latin America) following a cyberattack. The medical technology giant Olympus was forced to shut down its computer network in America (U.S., Canada, and Latin America) following a cyberattack. The attack took place on October 10, 2021. “Upon detection of […]
The post Olympus US was forced to take down computer systems due to cyberattack appeared first on Security Affairs.Read More Olympus US was forced to take down computer systems due to cyberattack
Defense should focus on high-value choke points first to ensure that their most critical assets are protected, before moving on to deal with other attack paths.Read More Why Choke-Point Analysis Is Essential in Active Directory Security
The attack, which clocked in at 2.4 Tbps, targeted one of Azure customers based in Europe
The post Microsoft thwarts record‑breaking DDoS attack appeared first on WeLiveSecurity
With the newest iOS and iPad updates, Apple has fixed another vulnerability (CVE-2021-30883) that is being actively exploited by attackers. About CVE-2021-30883 CVE-2021-30883 is a memory corruption issue in IOMobileFrameBuffer, a kernel extension for …Read More Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)
A second threat actor has discovered a way to attack the Unified Extensible Firmware Interface (UEFI) to further spying activity, says ESETRead More New bootkit can bypass Windows protection
Jack Wallen demystifies these two Linux admin tools because knowing which sudo or su command to run is important.Read More The different types of sudo and su in Linux
Coffee Briefings are timely deliveries of the latest ITWC headlines, interviews, and podcasts
The post Coffee Briefing, Oct. 12, 2021 – All the recent tech news; a podcast roundup; and more first appeared on IT World Canada.Read More Coffee Briefing, Oct. 12, 2021 – All the recent tech news; a podcast roundup; and more
As organizations move their computing from on-premises to the cloud, they realize that leveraging cloud-native security tools can provide additional cost savings and business benefits to their security infrastructure. Azure network security offers a suite of cloud-native security tools to protect Azure workloads while automating network management, implementing developer security operations (DevSecOps) practices, and reducing the risk of a material security breach.
The post Azure network security helps reduce cost and risk according to Forrester TEI study appeared first on Microsoft Security Blog.Read More Azure network security helps reduce cost and risk according to Forrester TEI study
Though the final price for a cybercriminal’s services is usually negotiated, personal attacks are the most expensive, says Comparitech.Read More What it costs to hire a hacker on the Dark Web
At SecurityWeek’s 2021 CISO Forum, a high-powered panel of experts discussed specific ways an SBOM can improve supply chain security and where expectations may be overblown. The conversation covers edge cases that are turning out …Read More CISO Forum Panel: Navigating SBOMs and Supply Chain Security Transparency
Internet giant aims to help companies use the cloud securely and adds more security features to its productivity workspaces to better compete with Microsoft.Read More Google Launches Security Advisory Service, Security to Workspaces
The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a “great” flaw that can be used for jailbreaks and local privilege escalation.Read More Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug
Extended Detection and Response (XDR) is touted as the security solution for the increasingly complex modern IT ecosphere. The principle is to extend EDR threat hunting beyond the endpoint and across the entire infrastructure. Cybereason has announced …Read More Cybereason Partners With Google Chronicle on XDR Product
With more workers at home than ever before, security has become an even bigger concern. Tom Merritt shows us how to be extra safe.Read More Top 5 tips for remote security
Tom Merritt shows us how to be extra safe while more workers than ever before are working from their home offices.Read More Remote security: 5 tips
I feel sorry for the accused:
Read More Airline Passenger Mistakes Vintage Camera for a Bomb
The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday.
American Airlines Flight 4817 from Indianapolis — operated by Republic Airways — made an emergency landing at LaGuardia just after 3 p.m., and authorities took a suspicious passenger into custody for several hours.
It turns out the would-be “bomber” was just a vintage camera aficionado and the woman who reported him made a mistake, sources said…
Palo Alto Networks anticipates meeting the requirements for inclusion in the NASDAQ-100 index when it rebalances in December.Read More Palo Alto Networks to Transfer Stock Exchange Listing to Nasdaq
ONUG Collaborative welcomes new members including Oracle Cloud, Sysdig, Wiz, Intuit, Adobe, Qualys, and F5.Read More Oracle Cloud Joins ONUG Collaborative
Kaspersky Industrial CyberSecurity unlocks centralized management and visibility across entire OT infrastructure.Read More Kaspersky Updates Industrial Cybersecurity Service
Adam Levin was featured in a news segment on KATU news where he discussed the recent spike in data breaches reported in Oregon and across the country.
Read the article here.
The post Adam Levin Speaks to KATU News About Spike in Reported Data Breaches …
Following the sell-out of data related to nuclear-powered warship design to an undercover FBI agent, a nuclear engineer together with his wife were imprisoned, being charged with espionage accusations that indicate the Atomic Energy Act’s violati…Read More Undercover FBI Agent Reveals Espionage Plans of Nuclear Engineer
Git GUI client GitKraken team fixed a flaw that lead to the generation of weak SSH keys, users are recommended to revoke and renew their keys. The development team behind the Git GUI client GitKraken has fixed a vulnerability that was leading to the generation of weak SSH keys. The developers addressed the flaw with […]
The post GitKraken flaw lead to the generation of weak SSH keys appeared first on Security Affairs.Read More GitKraken flaw lead to the generation of weak SSH keys
LibreOffice and OpenOffice have released fixes to tackle an issue that allows hackers to make documents look as if they were signed by a trustworthy source. Even though the vulnerability is not placed in the ‘High’ severity category being rated as mode…Read More Flaw Impacting LibreOffice & OpenOffice Enables Attackers to Spoof Signed Documents
RealDefense holding company seeks to acquire additional security companies and brands through partnership with Corbel Capital Partners.Read More RealDefense Completes Fourth Cyber Security Acquisition; Adds STOPzilla to Its Portfolio
The SSH protocol used by GitHub allows you to log in without a user name or password. To do this, users would need to establish an SSH keypair and add the public key to their accounts’ SSH key settings. You may use the key with a Git client to au…Read More GitHub Revokes Duplicate SSH Authentication Keys
CISOs can deliver better outcomes and get the support they need by linking security processes to business results.Read More Not Hitting Your Security KPIs? Get the Whole Business Involved
Microsoft on Monday revealed that an Azure customer was targeted in late August in a massive distributed denial of service (DDoS) attack that peaked at 2.4 Tbps (terabytes per second).
In a survey by BlueVoyant, 97% of people said they’ve been impacted by a security breach that occurred in their supply chain.Read More How to protect your organization from security threats across your supply chain
Industrial giants Siemens and Schneider Electric on Tuesday released nearly a dozen security advisories describing a total of more than 50 vulnerabilities affecting their products.
The companies have released patches and mitigations to address these vu…
Patching has certainly gained a lot of momentum ever since research has proven that ‘unattended’ apps and software can quickly lead to a data leak. Patching is the new ‘kid’ on the block and already has it shown great potential in averting what can on…Read More Intune vs. WSUS vs. SCCM – Costs, Benefits, Ease of Use, and Deployment
Help Net Security, an independent site focusing on information security, has recently started a new series of reports in order to help CISOs worldwide choose what’s best for their organization when it comes to cybersecurity solutions and providers. Hel…Read More Help Net Security Publishes a Report on Extended Detection and Response (XDR)
When it comes to the next iPhone SE, recent speculation suggests Apple is reading the room. It knows we’re facing a period of deep global economic uncertainty and seems to recognize the changing nature of consumer culture in crisis.iPhone SE 2022 to…Read More iPhone SE 2022: Apple reads the room
On Demand Webinar | Fraud ROI for Ecommerce: Drive More Revenue with Fewer False PositivesWatch this onDemand webinar which includes an e-commerce case study on fighting fraud & user friction.Read More On Demand Webinar | Fraud ROI for Ecommerce: Drive More Revenue with Fewer False Positives
onDemand Webinar | Fraud ROI for Ecommerce: Drive More Revenue with Fewer False PositivesWatch this onDemand webinar which includes an e-commerce case study on fighting fraud & user friction.Read More onDemand Webinar | Fraud ROI for Ecommerce: Drive More Revenue with Fewer False Positives
Google added new app integrations and security capabilities to its Workspace productivity suite on Tuesday ahead of its Cloud Next virtual event.The Workspace Marketplace now has 5,300 third-party apps that users can integrate with the various Works…Read More Google rolls out new Workspace app integrations, security features
Cloud service providers, like, for instance, Huawei Cloud, are now targeted by some new variant of a past crypto-mining malware. This is Linux-based and its initial version started its activities in 2020 when the victims were Docker containers. TrendMi…Read More Crypto-mining Malware Targets Huawei Cloud
NCSC CEO Lindy Cameron said organizations must take action to strengthen their cyber defensesRead More NCSC CEO: Ransomware the “Most Immediate Threat” Facing UK Businesses
Developers of Git GUI client GitKraken have addressed a vulnerability resulting in the generation of weak SSH keys, and they are prompting users to revoke and renew their keys.
Discovered in the open source library that the Git GUI client uses for SSH …
Wiz on Monday announced raising $250 million in a Series C funding round, which brings the total raised by the cloud security company to $600 million.
The Apache Software Foundation (ASF) has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document. Abo…Read More Apache OpenOffice users should upgrade to newest security release!
OK, I get it. Facebook is insanely popular. With it closing in on 3 billion (yes, billion with a “b”) users, no one can ignore Facebook. But do you really want to base your business’s advertising and outreach on Facebook alone? I think not.First, as…Read More Don’t put all your eggs in one Facebook basket
Count of Victims – Listed on Leak Sites or Not – Appears To Be Holding SteadyOne measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators’ dedicated data-leak sites, as part of their so-c…Read More Ransomware: No Decline in Victims Posted to Data-Leak Sites
As my colleague Cezarina explained in a previous article, a botnet is a network of infected computers or other internet-connected devices, that communicate with each other in order to perform the same malicious actions. Such actions can range from laun…Read More DDoS Operator Arrested by the Ukrainian Police
Researchers at cybersecurity firm Tenable have discovered critical and high-severity vulnerabilities in video surveillance systems made by Exacq Technologies, which is owned by building technology giant Johnson Controls.