Spectra Logic announced the transformation and expansion of its entire product portfolio with Attack Hardened and multi-cloud solutions. The introduction of Spectra’s Vail is a pivotal addition to Spectra’s new data storage and management ecosystem. Va…Read More Spectra Logic expands its product portfolio to unify and secure data across multiple clouds
ServiceNow announced ServiceNow Messaging Service to help organizations drive better service experiences from issue to resolution. Leveraging the Twilio platform, ServiceNow Messaging Service allows organizations to purchase SMS and WhatsApp directly f…Read More ServiceNow Messaging Service enables two‑way conversations between businesses and customers
Platform9 announced a number of new enterprise features that greatly eliminate operational complexities in managing multi-cluster and multicloud Kubernetes deployments. Key advances include the Profile Engine for template-based cross-cluster governance…Read More Platform9 announces features to eliminate operational complexities in multi-cluster deployments
Amazon Web Services released AWS Panorama Appliance, a new device that customers can install in their facilities to run applications that analyze multiple video streams from existing on-premises cameras. The AWS Panorama Appliance enables customers to …Read More AWS Panorama Appliance allows customers to analyze video feeds in edge environments
Renesas Electronics Corporation announced that it is developing new microcontrollers (MCUs) that will support the recently released Bluetooth 5.3 Low Energy (LE) specification. The new devices will be part of the Renesas Advanced (RA) Family of 32-bit …Read More Renesas develops wireless microcontrollers to support Bluetooth 5.3 LE specification
Arqit Quantum has entered into an agreement with Blue Bear Systems Research, a supplier of unmanned and autonomous systems for defense and civil customers. The agreement will see the two companies jointly demonstrate the implementation of Arqit’s quant…Read More Arqit partners with Blue Bear to solve security challenges of autonomous systems
Lenovo Infrastructure Solutions Group (ISG) introduced new edge-to-cloud and AI solutions in partnership with VMware that provide massive scalability and enable business agility for VMware environments. Lenovo showcased how businesses of all sizes can …Read More Lenovo collaborates with VMware to launch edge-to-cloud and AI solutions for enterprise customers
Ketch announced it has formed a strategic partnership with SafeGuard Privacy. SafeGuard Privacy offers a platform for managing privacy compliance internally, as well as managing it across a company’s network of vendors. Through this partnership, the tw…Read More Ketch partners with SafeGuard Privacy to offer an end-to-end solution for program management
Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw […]
The post Evil Corp rebrands their ransomware, this time is the Macaw Locker appeared first on Security Affairs.Read More Evil Corp rebrands their ransomware, this time is the Macaw Locker
WekaIO announced it has added two key executives to its global team, an expansion driven by continued revenue growth from customer installations and technology partners. Frederik Schroeder has been appointed VP of Strategic Partners and will lead the e…Read More WekaIO expands its management team with two key executives
DigiPlex has appointed Tommy Wahledow as the new operations manager for its Stockholm data center on the back of significant client growth and opportunity at the site. With over 30 years’ experience in a range of outsourcing, data centers and IT,…Read More DigiPlex hires Tommy Wahledow as Operations Manager
The launch of Android 12 brings several new default security features, along with new security efforts for Android Enterprise.Read More Google Buckles Down on Android Enterprise Security
Tools Used for Personal Surveillance, Malicious Activities Must Be LicensedThe U.S. Bureau of Industry and Security has issued an interim final rule to curb and control the export, reexport, or in-country transfer of certain offensive cyber tools that …Read More US Cracks Down on Sale of Offensive Cybersecurity Tools
Legislation Targets DHS SBOM, Further Chinese Telecom RestrictionsIn a busy congressional day for cybersecurity legislation, the U.S. House of Representatives passed several bills on Wednesday, targeting both software supply chain and telecommunication…Read More House Passes Bills on Both Supply Chain, Telecom Security
Researchers warn that Discord’s bot framework can be easily weaponized.Read More Malware Abuses Core Features of Discord
Two Eastern Europeans receive prison sentences for helping cyber-criminals to distribute malwareRead More US Imprisons Bulletproof Hosting Providers
Big Game Hunting Is Out and ‘Mid Game Hunting’ Is In, Coveware WarnsWhen a business, government agency or other organization hit by ransomware opted to pay a ransom to its attacker in Q3, the average payment was $140,000, reports ransomware incident re…Read More Ransomware: Average Ransom Payment Stays Steady at $140,000
Online cybersecurity professional development platform bolsters the Check Point Education Initiative.Read More Cybrary Launches New Partnership with Check Point Software to Make Cybersecurity Training Accessible to All
Security leaders are adopting a multilayered approach to address new security threats and risks.Read More Security Teams Still Favor Prevention Over Detection
Guardicore’s micro-segmentation products will be added to Akamai’s portfolio of Zero Trust solutions.Read More Akamai Technologies Completes Acquisition of Guardicore to Extend Its Zero Trust Solutions to Help Stop Ransomware
Transaction marks Plurilock’s second acquisition in 2021.Read More Plurilock to Acquire Assets of CloudCodes Software
NEW! Vulnerability Identification Labs
This week at Security Innovation, we are excited to release our first-ever series of vulnerability identification labs. Each lab is a fun, gamified simulation that teaches learners to recognize and re…
Web application security provider plans to leverage new investment to continue product expansion and support global growth.Read More Invicti Security Announces $625 Million Growth Investment Led by Summit Partners
A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked as CVE-2021-35052, in the popular WinRAR trialware file archiver utility for Windows. The vulnerability affects the trial version of […]
The post A flaw in WinRAR could lead to remote code execution appeared first on Security Affairs.Read More A flaw in WinRAR could lead to remote code execution
Response and recovery have significant impact on 58% of targeted businesses.Read More Nearly Three-Quarters of Organizations Victimized by DNS Attacks in Past 12 Months
New Offering Can Help Businesses Quickly Recover from Ransomware Attacks, Speed Data Recovery, and Advance Business ContinuityRead More Cohesity Announces Disaster Recovery as a Service, Providing Automated Disaster Recovery
New Offering Can Help Businesses Quickly Recover from Ransomware Attacks, Speed Data Recovery, and Advance Business ContinuityRead More Cohesity Announces Disaster Recovery as a Service, Providing Automated Disaster Recovery
In 2020 we heard a lot of talk about digital transformation. But too often it was just talk – a 2018 McKinsey survey found that while 85 per cent of respondents wanted their business to be digital, less than 20 per cent said they actually were. A second McKinsey study from 2019 found that companies […]
The post Learn how to turn digital transformation promise into results first appeared on IT World Canada.Read More Learn how to turn digital transformation promise into results
Is Mark Zuckerberg’s rebranding of Facebook an attempt to downplay negative publicity or the first steps toward a larger vision of the future?Read More What’s Really Behind Facebook’s Name Change
US seeks to recover $9.9m from Montanan fined for making nearly 5,000 illegal and malicious robocallsRead More DOJ Sues Robocaller to Pay Massive Fine
Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said.Read More U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn
Ransomware attacks have been front and center in the news recently due to high-profile breaches that have impacted businesses across the globe. These headline grabbing attacks have been part of a larger global increase in ransomware crime…Read More Resource Guide: Defending Against Ransomware
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.Read More TA551 Shifts Tactics to Install Sliver Red-Teaming Tool
Apple’s secret weapon for iPhone 13 deployment isn’t such a big secret: It’s 5G. More specifically, it’s the accelerating adoption and deployment of 5G services and infrastructure that will stimulate demand for Apple’s smartphones. Here’s why:
NPower and CyberWarrior receive funding to train unemployed and underemployedRead More CISA Awards $2M to Cybersecurity Training Programs
At its event on Monday, Apple announced new 14- and 16-inch MacBook Pros powered by their new M1 Pro and M1 Max chips. Benchmarks for the M1 Pro are nearly double that of the M1, and the M1 Max is even more powerful. As Apple continues on its two-ye…Read More Podcast: What the new M1 Pro and M1 Max chips suggest about the future of the Mac
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps …Read More Before and After a Pen Test: Steps to Get Through It
A new set of security tools is built to assess risk, provide monitoring and notification if an attack occurs, and train IT pros and users.Read More Microsoft Launches Security Program for Nonprofits
If AvosLocker stole Gigabyte’s master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.Read More Gigabyte Allegedly Hit by AvosLocker Ransomware
No two organizations are alike. But our integrations with independent software vendors (ISVs) support Zero Trust in a diverse set of environments.
The post How Microsoft is partnering with vendors to provide Zero Trust solutions appeared first on Microsoft Security Blog.Read More How Microsoft is partnering with vendors to provide Zero Trust solutions
Bulletproof Hosting Service Supported Zeus, SpyEye and Citadel Malware, Says FBIFour extradited Eastern European men have pleaded guilty in U.S. court to one count of conspiring to serve as administrators of a bulletproof hosting service that facilitat…Read More 4 Bulletproof Hosting Provider Admins Getting Sentenced
‘It’s no longer acceptable to invite cybersecurity and privacy late to the party.’ says EY on the survey results
The post Only a quarter of Canadian execs bring cyber, privacy teams into project planning: Survey first appeared on IT World Canada.Read More Only a quarter of Canadian execs bring cyber, privacy teams into project planning: Survey
Learn about all the cybersecurity resources available today and how digital transformation is opening cybersecurity careers to a wider field of candidates.
The post Defenders wanted—building the new cybersecurity professionals appeared first on Microsoft Security Blog.Read More Defenders wanted—building the new cybersecurity professionals
Of those organizations impacted by DNS attacks, 61% were targeted on multiple occasionsRead More 72% of Organizations Experienced a DNS Attack in the Last Year
The US Government has issued an alert to organisations about the threat posed by the BlackMatter ransomware group.
Read more in my article on the Tripwire State of Security blog.Read More US Government warns of BlackMatter ransomware attacks against critical infrastructure
The top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware, according to an IT management firm.Read More Macs Still Targeted Mostly With Adware, Less With Malware
The US Government has issued an alert to organisations about the threat posed by the BlackMatter ransomware group. The government’s Cybersecurity & Infrastructure Security Agency (better known as CISA) issued the advisory earlier this week, f…Read More US Government warns of BlackMatter ransomware attacks against critical infrastructure
The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United States Department of Justice sentenced to prison two individuals involved in providing bulletproof hosting to various malware operations, including Citadel, SpyEye, Zeus, and the Blackhole exploit kit. The two individuals, Aleksandr Skorodumov (33) of Lithuania, […]
The post Administrators of bulletproof hosting sentenced to prison in the US appeared first on Security Affairs.Read More Administrators of bulletproof hosting sentenced to prison in the US
Latest episode – listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)Read More S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]
Aura, a Burlington, MA-based company that provides cybersecurity solutions for consumers, has announced raising $200 million in a Series F funding round.
The funding, which values Aura at $2.5 billion post money, brings the total raised by the firm to …
The changing nature of insider threats and how to mitigate them were topics of a talk by Lisa ForteRead More #ISC2Congress: How to Mitigate Evolving Insider Threats
A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today.
The post Franken-phish: TodayZoo built from other phishing kits appeared first on Microsoft Security Blog.Read More Franken-phish: TodayZoo built from other phishing kits
Adding a digital signature to your email is just one simple step you can take in your journey for more secure communications. Jack Wallen shows you how this is done in the latest version of Apple Mail.Read More How to digitally sign email in Apple Mail
PurpleFox botnet, the well-known Dirty Moe, goes on and develops more vulnerability exploits and payloads. The fresh news on this botnet shows how this time it establishes C2 communication via WebSockets. PurpleFox Botnet: New Version Out There Image S…Read More C2 Communication Is Enabled via WebSockets in a Fresh PurpleFox Botnet Version
A rootkit named FiveSys is able to evade detection and slip unnoticed onto Windows users’ systems courtesy of a Microsoft-issued digital signature, according to security researchers with Bitdefender.
Distributed Denial of Service, otherwise known as DDoS attacks are online attacks in which legitimate users are prevented from accessing their target online location. The attack happens by flooding the website in question with a multitude of illegitima…Read More Distributed Denial of Service Attacks Against Russia Have Tripled
According to Google, YouTube influencers have been targeted with password-stealing malware in a phishing campaign allegedly conducted by Russian-speaking cybercriminals. Security experts with Google’s Threat Analysis Group (TAG), who first notice…Read More Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts
Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.Read More How Psychology Can Save Your Cybersecurity Awareness Training Program
Threat Actors Use Scanning Tools for Malicious ActivitiesResearchers at Uptycs Threat Research have uncovered a campaign in which the cloud-focused cryptojacking group TeamTNT is deploying malicious container images hosted on Docker Hub with an embedde…Read More TeamTNT Deploys Malicious Docker Image on Docker Hub
A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome…Read More Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.Read More Why is Cybersecurity Failing Against Ransomware?
Software-as-a-service (SaaS) applications have gone from novelty to business necessity in a few short years, and its positive impact on organizations is clear. It’s safe to say that most industries today run on SaaS applications, which is undoubtedly p…Read More Product Overview: Cynet SaaS Security Posture Management (SSPM)
Sacramento, CA-based Rhombus Systems – a provider of smart security cameras – has raised $10 million in a Series A funding round led by Cota Capital.
Microsoft has added several features to Teams aimed at expanding use of the collaboration application among front-line workers. This includes a Viva Connections mobile app, updates to approvals, and improvements to virtual medical visit management.W…Read More Microsoft makes virtual healthcare visits easier to manage in Teams
Academic experts from a U.S. university designed a new type of cyberattack dubbed Gummy Browsers. Its main characteristics include the capturing of fingerprints and also tricking the browser. Gummy Browsers Attack: How It Might Unfold According to Blee…Read More Gummy Browsers: The New Cyberattack Developed by Researchers
They’re here. They’re really, truly, officially here.After what’s felt like 47 years of waiting and approximately 994 gazillion unofficial leaks, Google’s Pixel 6 and Pixel 6 Pro phones are out of hiding and on their way into the world.Well, okay: T…Read More The two Pixel 6 numbers that could change everything
Managing passwords and privileged access is bad enough for people—but that’s going to be dwarfed by the problem of dealing with non-human identities.Read More Microsoft bought CloudKnox because hybrid multicloud identity is complicated
Quick Heal Security Labs has been monitoring various attack campaigns using JSOutProx RAT against different SMBs in…
The post Multi-Staged JSOutProx RAT Targets Indian Banks and Finance Companies appeared first on Quick Heal Blog | Latest comp…
As part of the federal government’s effort to improve access to voting, the National Institute of Standards and Technology (NIST) has released a draft publication outlining barriers that voters with disabilities may encounter during the electionRead More NIST Draft Publication Addresses Removing Barriers for Voters With Disabilities
Chicago-based Ferrara acknowledged an Oct. 9 attack that encrypted some systems and disrupted production.Read More Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween
Cybersecurity researchers have recently come across an unknown threat actor conducting a crimeware operation in which it attacks organizations in India and Afghanistan using political and government-themed malicious domains. As explained by security sp…Read More Hacker Exploits an Old Microsoft Office Vulnerability to Deliver RATs
The Bureau of Industry and Security (BIS) supports the US national security, foreign policy, and economic objectives by maintaining an effective export control and treaty compliance system and encouraging continuing US leadership in key technology. The…Read More The United States Government Will Ban the Reselling of Potentially Hacking Tools to Authoritarian Regimes
The United States Department of Justice this week announced that two individuals involved in providing bulletproof hosting to various malware families were sentenced to prison.
Roger Grimes on why multifactor authentication isn’t a panacea:
Read More Problems with Multifactor Authentication
The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers in. It turns out that the VP had approved over 10 different push-based messages for logins that he was not involved in. When the VP was asked why he approved logins for logins he was not actually doing, his response was, “They (IT) told me that I needed to click on Approve when the message appeared!”…
Three former executives of now defunct cybersecurity company GigaTrust have been charged for defrauding investors and lenders in a $50 million fraud scheme.
The need for experienced and qualified cyber security professionals is a highlight of Cybersecurity Career Awareness Week, led by NICE (National Initiative for Cybersecurity Education). This campaign is part of Cybersecurity Awareness Month 2021, which is focused on empowering individuals and organisations to “own their role in protecting their part of cyberspace”. UK skills gap The UK government’s Cyber security skills in the UK labour market 2021 report estimates that approximately 680,000 UK businesses (50% of those surveyed) have a basic skills gap. This includes individuals in charge of cyber security who “lack the confidence to carry out the kindsRead More Building cyber security careers
US authorities unveiled Wednesday long-delayed new rules aimed at clamping down on export to nations like Russia and China of hacking technology amid a sharp uptick in cyberattacks globally.
The rules, which are set to go into force in 90 days, would p…
Check Point researchers warn platform needs more in-built protectionsRead More Threat Actors Abusing Discord to Spread Malware
Remote desktop software is basically a computer program that lets you connect to another computer. The PC you will connect to is named “the host”, your PC from where you initiate the connection is called the viewer or the client. After connecting to th…Read More 20+ Free Remote Desktop Software Tools You Need to Know
Want to help make technology safer for everyone? Love solving puzzles? Looking for a rewarding career? Break into cybersecurity! Insights from ESET researchers Aryeh Goretsky and Cameron Camp will put you on the right track.
The post Cybersecurity care…
With files from Samira Balsara Facebook is planning a name change, Google plans to add a new feature to its Play Store, and Instagram users will finally be able to make posts via desktop. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Thursday, October 21, and I’m your host, […]Read More Hashtag Trending Oct. 21- Facebook’s Name Change; New Play Store Security Feature; Instagram Posts from Desktop
Latest commerce department rule will include exemptionsRead More US to Ban Export of Hacking Tools to Authoritarian States
Information was found in a misconfigured Elasticsearch serverRead More Data Scrapers Expose 2.6 Million Instagram and TikTok Users
The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security (NS) and anti-terrorism (AT) reasons.
The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes. The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes. The rule announced by the BIS […]
The post US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes appeared first on Security Affairs.Read More US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes
Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder.
Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty of […]Read More Top 5 Attack Vectors to Look Out For in 2022
When the pandemic forced organizations to send customer service agents to work from home, fraudsters quickly seized the new opportunity presented by isolated employees. Social engineering and bribery attempts rapidly increased as fraudsters targeted ag…Read More Fraud never sleeps: Why biometrics is essential for effective fraud prevention
If you’re traveling abroad on business, there’s a good chance you’ll need to bring along a smartphone to get around, meet up with associates or learn about the idiosyncrasies of local culture. But even if you’re security-savvy and never let your device…Read More Smartphone counterespionage for travelers
Privacy is more than just settings in your social media account or using the Tor Browser. Your data and actions are collected in a variety of ways. The more aware you are of just how much of your data is collected, the better you can protect it.Read More Privacy
Selecting a governance, risk and compliance (GRC) solution can be very challenging. It must cover all three practices it stands for, without exception, which can sometimes be hard to integrate. Regulations have especially been a pain point for many org…Read More How do I select a GRC solution for my business?
SpyCloud released an analysis of IT security leaders’ perceived threat of ransomware attacks and the maturity of their cybersecurity defenses. The report found that while 81% of those surveyed consider their security to be above average or exceptional,…Read More Many organizations lack basic cyber hygiene despite high confidence in their cyber defenses
Two Eastern European nationals have been sentenced in the U.S. for offering “bulletproof hosting” services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 …Read More Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals
Dark web activity the value of stolen data and cybercriminal behaviors, have dramatically evolved in recent years, according to a Bitglass research. Stolen data has a wider reach and moves more quickly Breach data received over 13,200 views in 2021 vs….Read More Increased activity surrounding stolen data on the dark web
Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successf…Read More CIS Control 09: Email and Web Browser Protections