Researchers from SecureLink and the Ponemon Institute recently released the “A Crisis in Third-Party Remote Access Security” report. Their analysis details the discrepancy between organizations’ perceived third-party access threat and their deployed se…Read More 51% of Organizations Have Suffered Data Breaches Caused by Third-Party Remote Access
With 21 years of experience, CaptureRx is a San Antonio-based healthcare technology company and leading 340B solution provider that serves over 500 hospitals and health centers in 45 states via a robust pharmacy network of more than 3,500 contracted lo…Read More Multiple Healthcare Provider Clients Affected by CaptureRx Ransomware Attack
According to a recent Which? investigation, millions of people around the UK could be at risk of using routers with security flaws, or that are no longer being supported with firmware updates. Image Source: BBC After surveying over 6,000 adults in Dece…Read More Millions of Old Broadband Routers in the UK Have Serious Security Flaws
A security flaw affecting Qualcomm’s mobile station modems (MSM) was recently disclosed by Check Point’s research team, who claims that the vulnerability could be exploited to inject malicious code into the phone by using the Android OS as an entry poi…Read More Qualcomm’s Mobile Station Modems Vulnerability Puts Android Users’ Privacy at Risk
Cisco recently announced it had patched the critical security bugs in vManage and HyperFlex HX, which could have permitted remote attackers to run commands as root or create unauthorized administrator accounts. Multiple vulnerabilities in the web-based…Read More Cisco Critical Vulnerabilities Enable Remote Attackers to Execute Commands
Vulnerable security administration and frail organizational structures are turning manufacturing businesses into profitable targets for threat actors, with over half of manufacturers admitting they have been victims of cyberattacks. The WestRock ransom…Read More Everything You Need to Know About the WestRock Ransomware Attack
Cybersecurity analysts Lloyd Macrohon and Rodel Mendrez have recently inspected a new piece of malware that they’ve encountered during a breach investigation. Dubbed “Pingback”, the malware uses ICMP (Internet Control Message Protocol) tunneling for it…Read More Pingback Malware Uses ICMP to Avoid C&C Detection
The U.S. Agency for Global Media (USAGM) recently revealed that a phishing attack from December 2020 exposed the personal information of current and former employees and their beneficiaries, including full names and Social Security numbers. Image Sourc…Read More U.S. Agency for Global Media Targeted by Phishers
Last weekend, a ransomware attack on Scripps Health’s computer network significantly thwarted care, forcing the healthcare provider to block patient access to its online portal, postpone consultations, and transfer critical care patients to other hospi…Read More Scripps Health’s Network Hit by Ransomware Attack
Two months ago, we reported that cybersecurity analysts have disclosed a vulnerability (CVE-2021-28918) in the popular npm netmask library. As a result of improper validations in place, netmask sees a different IP when parsing an IP address with a lead…Read More Critical IP Address Validation Vulnerability Also Affects Python Projects
Paleohacks, the largest paleo diet & paleo recipes online community, has suffered a major data breach that originated from a cloud account the company was using to store the private data of its customers. The breach was discovered by vpnMentor’s re…Read More Paleohacks Data Leak Exposes Customers’ Personal Information
Rogers Communications Inc. is warning Canadians to keep an eye out for SMS phishing scams offering to reimburse customers for the system outage earlier last week. An update for our valued customers: We know you depend on us & yesterday we let you d…Read More Hackers Use SMS Phishing Scams to Trick Rogers Customers with Outage Refunds
After SITA issued an official statement last Thursday confirming it had been the subject of a sophisticated cyberattack, more airlines confirmed they have been directly affected. It appears the SITA security breach affected all carrier members of Star …Read More Outspread SITA Security Breach Exposes More Airlines [Updated]
Tracking IT assets using IT asset management software can be vital for the operational and financial success of your organization. For this reason, having an effective IT asset lifecycle management (ITALM) process in place is crucial. But how exactly d…Read More Understanding IT Asset Lifecycle Management
I have always found it curious which tech tools organizations use to get their work done daily. I’m thinking it’s probably not a brief list. Every now and then, it happens I realize a tool I’ve forgotten about is way more adequate for a task than the t…Read More What is an IT Asset Management Tool?
After having a busy 2020, it seems that 2021 is going to be at least as equally productive for the North Korean Lazarus group. Considered one of the most dangerous hacking groups at the moment, they have targeted the defense industry with malware dubbe…Read More The Lazarus Group Used Custom Malware to Target Defense Industry
As defined by the International Association of IT Asset Managers, IT Asset Management is a set of business practices that incorporates IT assets across the business units within the organization. It joins the financial, inventory, contractual, and risk…Read More What is an IT Asset Management System?
When referring to an IT asset, we usually talk about hardware (servers, routers, and switches), software (applications and support systems), and confidential information. So, it’s safe to assume that an IT Asset is basically any data, device, or other …Read More What is an IT Asset Inventory?
Over 6,700 VMware vCenter servers have been exposed online and susceptible to a new cyberattack, writes Catalin Cimpanu. With a severity score of 9.8 out of 10, this bug can allow hackers to control unpatched devices and effectively take over companies…Read More More than 6,700 VMware servers exposed, susceptible to takeover attacks
As defined by Jericho Systems, privilege management also referred to as Privileged Account Management (PAM) is “the practice of controlling and administering digital user identities and the rights of those identities to perform actions on specified res…Read More What is Privilege Management?
Last week, the Python Software Foundation (PSF) has released Python 3.9.2 and 3.8.8 to handle two recognized security issues. One of them is an RCE vulnerability, remotely exploitable in theory but in practical use, it can simply be utilized to take a …Read More Python Programming Language Rushes to Address RCE Vulnerability
At the beginning of the week, Accellion File Transfer Appliance (FTA) was subject to a security breach and extortion campaign orchestrated by the FIN11 group. Following the attacks, Accellion issued an official statement announcing that they have patch…Read More Jet Manufacturer Bombardier Data Leaked Following FTA Attack
There are premises outside of economic implications that draw attention to the importance of Automated Patch Management processes. Keeping systems well informed about the newly-released patches is no longer just a recommendation. It’s a necessity. As d…Read More Understanding the Automated Patch Management Process
On Monday, cybersecurity researchers connected a series of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to a data breach and extortion campaign orchestrated by the UNC2546 cybercrime group. Threat actors ta…Read More Accellion Attackers Stole Data and Breached Companies Running FTA Servers
When discussing cyber risks, among the most common terms that are used are vulnerabilities, exploits, and threats. It is necessary to understand the difference between these terms and what they mean in order to properly define Vulnerability Risk Manage…Read More What Is Vulnerability Risk Management?
A short while ago, news reports revealed that social networking app Clubhouse was exposed to a major security breach and the application is currently reviewing its data. The company that owns the app also confirmed that it is looking to use specialized…Read More Clubhouse Chats Have Been Breached
Nowadays, every single organization relies on software and Internet services. This dependence brings along a certain degree of vulnerability. Today’s marketplace businesses are more likely to be disrupted by cybercriminals than real-world crimina…Read More What Is a Zero-Day Vulnerability?
Failed credential-stuffing attack on RIPE NCC’s infrastructure. These assaults aim to compromise a large number of user accounts with stolen credentials. The group, which manages the IP address space for the EMEA region, is asking members to enab…Read More RIPE NCC reveals failed brute-force assault on its SSO service
According to TechTarget, a software patch is a “quick-repair job for a piece of programming designed to resolve functionality issues, improve security and add new features.” Although similar to a hotfix, which users can apply without having to restart …Read More What Is a Software Patch?
After their official statement in September 2020, where they confirmed they were ending support for Adobe Flash Player on its Chromium-based Edge, legacy Edge browsers, and Internet Explorer 11, Microsoft has begun removing the software from Windows de…Read More Windows Starts Removing Adobe Flash Player via KB4577586 update
Just when you thought things were finally going smoothly for a change, the malvertising group widely known as “ScamClub” has made an unfavorable comeback. This time, they exploited a zero-day vulnerability in WebKit-based browsers in order …Read More New Malvertising Campaign by the ScamClub Group Is Actively Exploiting Zero-Days