Microsoft has released emergency out-of-band security updates for Microsoft Exchange that fix four zero-day vulnerabilities actively exploited in targeted attacks. […]Read More Microsoft fixes actively exploited Exchange zero-day bugs, patch now
Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users. […]Read More Google fixes second actively exploited Chrome zero-day bug this year
The Fortune-500 hospital network owner is facing steep costs in damages after a cyberattack impacted patient care and billing in September and October.Read More Post-Cyberattack, Universal Health Services Faces $67M in Losses
Microsoft Corp. today released software updates to plug four critical security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.Read More Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails
Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.Read More Microsoft Urges Businesses to Patch Critical Exchange Server Flaws
Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers. […]Read More Payroll giant PrismHR outage likely caused by ransomware attack
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, threat actors used this vulnerability to access on-premises Exchange servers, which enabled access to email accounts, and install additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM.
The post HAFNIUM targeting Exchange Servers with 0-day exploits appeared first on Microsoft Security.Read More HAFNIUM targeting Exchange Servers with 0-day exploits
Recorded Future Says China-Sponsored Groups InvolvedState-sponsored groups in China appear to be targeting India’s power supply by dropping malware into systems, according to online digital threat analysis company Recorded Future. The Indian government…Read More India Fights Against Malware Targeting Power Supply
Commission Makes Recommendations on Developing Technologies, Countering ThreatsThe U.S. is in danger of falling behind China and Russia on developing artificial intelligence technologies and countering cybersecurity threats that could develop as AI use…Read More Report Sizes Up How AI Poses a Security Threat
Universal Health Services’ Financial Statement Spells Out the EffectsIn an eye-opening look at the cost burden of a ransomware attack, Universal Health Services reports that an incident last September had a $67 million economic impact – citing, for exa…Read More Ransomware Attack’s Economic Impact: $67 Million
TPG Capital will combine privileged access management providers into one company.Read More Thycotic and Centrify to Merge In $1.4B Deal
The popular jailbreaking tool called “unc0ver” now supports iOS 14.3 and earlier releases, and is able to unlock almost every iPhone device. Pwn20wnd, the author of the jailbreaking tool “unc0ver,” has updated their software to support iOS 14.3 and earlier releases. The last release of the jailbreaking tool, unc0ver v6.0.0, now includes the exploit code […]
The post Pwn20wnd released the unc0ver v 6.0 jailbreaking tool appeared first on Security Affairs.Read More Pwn20wnd released the unc0ver v 6.0 jailbreaking tool
What should you consider as you shop for this DBaaS cloud service that’s an appealing alternative to another on-premises DBMS? Here are some tips.
The post Need a graph DBMS but don’t want one? first appeared on IT World Canada.
While most enterprise meetings are more sedate than those at Handforth Parish Council, collaboration tools are evolving rapidly, driven by the global work-from-home (WFH) surge and in the use of Zoom, which now claims 467,100 customers and saw reven…Read More Enterprise collaboration enters the innovation fast lane
PrismHR, a company that sells software and services used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack.Read More Payroll/HR Giant PrismHR Hit by Ransomware?
Google Cloud, Allianz, and Munich Re teamed up to build a program that aims to reduce risk and potentially cut costs for customers.Read More Google Partners With Insurers to Create Risk Protection Program
Whether paying ransom for data held hostage makes sense depends on many variables. Experts define the variables and why they’re important.Read More Should you pay up when hit by ransomware? There are several things to consider first
Android 11 allows users to enable the Wi-Fi-Enhanced MAC randomization. Jack Wallen shows you how.Read More Android 11: How to enable enhanced randomize MAC addresses
Too many people shrug off SELinux on their data center systems. Jack Wallen says it’s time to stop giving into that siren song so your operating systems are weakened.Read More Why it’s time to stop setting SELinux to Permissive or Disabled
GootLoader Campaign Spreads Ransomware, TrojansA new malware loader dubbed “GootLoader” is using search engine optimization techniques to spread ransomware, Trojans and other malware, the security firm Sophos reports.Read More Hackers Use Search Engine Optimization to Deliver Malware
Judge dismisses Temple’s claims that former members who wiped its Facebook pages were cyber-squattingRead More Satanic Temple Loses Cyber-squatting Lawsuit
Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program. […]Read More Malaysia Airlines discloses a nine-year-long data breach
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.Read More 4 Ways Health Centers Can Stop the Spread of Cyberattacks
Hacker stole heroes’ identities and used them to buy goods on American military exchangesRead More Medal of Honor Holders’ Identities Stolen
The UnC0ver team took advantage of an iOS flaw patched in January in its latest tool allowing developers and other enthusiasts to hack into their own devices.Read More Jailbreak Tool Works on iPhones Up to iOS 14.3
SolarWinds has reported expenses of $3.5 million from last year’s supply-chain attack, including costs related to incident investigation and remediation. […]Read More SolarWinds reports $3.5 million in expenses from supply-chain attack
Court case tests corporate responsibility for censoring harassment in gaming communityRead More Gamer Sues Microsoft Over Cyberbullying
A new Red Hat report also finds that app development and digital transformation are important to users and that security perceptions have improved.Read More Infrastructure modernization remains the biggest use case for enterprise open source
Emails spreading the ObliqueRAT malware now make use of steganography, disguising their payloads on compromised websites.Read More Compromised Website Images Camouflage ObliqueRAT Malware
Hackers Threatened to Leak Sensitive DataThe cryptocurrency company Tether has refused to pay a ransom of 500 bitcoins ($24 million) after hackers threatened to leak sensitive data if the company failed to pay.Read More Cryptocurrency Firm Tether Refuses to Pay Ransom to Hackers
The Ryuk scourge has a new trick in its arsenal: Self-replication via SMB shares and port scanning.Read More Ryuk Ransomware: Now with Worming Self-Propagation
Microsoft’s ASP.NET Core enables users to more easily configure and secure their applications, building on the lessons learned from the original ASP.NET. The framework encourages best practices to prevent SQL injection flaws and cross-site scripting (X…Read More Top Security Anti-Patterns in ASP.NET Core Applications
Oxfam Australia has confirmed a data breach after suffering a cyberattack and their donor databases put up for sale on a hacker forum in January. […]Read More Oxfam Australia confirms data breach after stolen info sold online
The program plans to go live this summer.
The post P.E.I to adopt Telus Health’s electronic medical record system first appeared on IT World Canada.
Google’s Android 12 software is nowhere near ready for prime time, but Goog almighty: We’ve sure seen plenty of hints about some of the tantalizing touches it could include. And if you’re anything like me, that makes it tough not to feel at least a …Read More 3 Android 12 features you can bring to any phone today
French multinational dairy products corporation Lactalis discloses cyberattack, but claimed that had no evidence of a data breach. France-based dairy giant Lactalis announced that it was hit by a cyber attack, but claimed that it had found no evidence of a data breach. Lactalis employs more than 80,000 people worldwide, at more than 230 production […]
The post French multinational dairy Lactalis hit by a cyber attack appeared first on Security Affairs.Read More French multinational dairy Lactalis hit by a cyber attack
SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research.
“While the two ransomware [families] are…Read More Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware
Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.Read More Linux: How to quickly check to see if your server is under a DoS attack from a single IP address
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.Read More Name That Edge Toon: In Hot Water
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.Read More Why Cloud Security Risks Have Shifted to Identities and Entitlements
The recent manipulation of GameStop stock points to the need for public companies to carefully monitor mentions of their firm on social media channels to look for signs of emerging fraudulent practices, says Chase Cunningham, chief strategy officer at …Read More Stopping Stock Manipulation Fraud
Following the cyberattack on Accellion’s FTA file transfer service, Transport for NSW, which is the main transport and roads agency in New South Wales, Australia, and the state’s ministry of health, is the latest government entity to be entrapped in th…Read More Worldwide Accellion Data Breach Impacted Transport for NSW
Salt is one of the largest open source communities in the world, based on automation and Infrastructure management. A vulnerability, named CVE-2020-28243, was identified as a privilege escalation bug impacting SaltStack Salt minions. This allowed an un…Read More A Minion Privilege Escalation Exploit was Fixed in SaltStack Project
The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says.Read More Attacker Expands Use of Malicious SEO Techniques to Distribute Malware
According to Gallup, nearly two-thirds of U.S. workers who have been working remotely during the pandemic would like to continue to do so. To break that down a bit further, 35 percent of remote workers would simply prefer to continue working remotel…Read More V2 Cloud is the simplest cloud desktop for a distributed workforce
Veracode urges more regular scanning of applicationsRead More Quarter of Healthcare Apps Contain High Severity Bugs
Learn more about the latest Azure Active Directory innovations that will allow you deliver a secure and seamless experience to your users and help you stay prepared for whatever comes next.
The post Identity at Microsoft Ignite: Strengthening Zero Trust defenses in the era of hybrid work appeared first on Microsoft Security.Read More Identity at Microsoft Ignite: Strengthening Zero Trust defenses in the era of hybrid work
Microsoft is collaborating with partners to expand Secured-core to Windows Server, Azure Stack HCI, and Azure-certified IoT devices.
The post Microsoft brings advanced hardware security to Server and Edge with Secured-core appeared first on Microsoft Security.Read More Microsoft brings advanced hardware security to Server and Edge with Secured-core
Today we’re excited to share with you several new innovations across four key areas—identity, security, compliance, and skilling—to give you the holistic security protection you need to meet today’s most challenging security demands.
The post 4 ways Microsoft is delivering security for all in a Zero Trust world appeared first on Microsoft Security.Read More 4 ways Microsoft is delivering security for all in a Zero Trust world
Learn how Microsoft is taking the next step in unifying experiences and delivering enhanced tools and intelligence to stop advanced attacks.
The post Microsoft unifies SIEM and XDR to help stop advanced attacks appeared first on Microsoft Security.Read More Microsoft unifies SIEM and XDR to help stop advanced attacks
New Microsoft compliance capabilities enable you to extend data protection and governance across apps, endpoints, and platforms to keep your people collaborative and productive, while ensuring your most valuable asset—your data—remains secure and compliant wherever it lives.
The post Securing and governing data in a new hybrid work reality appeared first on Microsoft Security.Read More Securing and governing data in a new hybrid work reality
Group will propose concrete solutions tools to improve the security of cyberspaceRead More Kaspersky to Co-Chair Working Group of the Paris Call
Microsoft announced the addition of Threat Analytics for Microsoft 365 Defender customers and the roll-out of Microsoft 365 Insider Risk Management Analytics, both in public preview. […]Read More Microsoft 365 Defender Threat Analytics enters public preview
Microsoft adds new security, privacy, and compliance features to the Microsoft Teams chat and collaboration solution, including end-to-end encryption support for one-on-one calls. […]Read More Microsoft Teams adds end-to-end encryption (E2EE) to one-on-one calls
Microsoft says that Windows Server 2022 will come with security improvements and will bring Secured-core to the Windows Server platform for added protection against a wide range of threats. […]Read More Microsoft announces Windows Server 2022 with new security features
When a search result looks too good to be true – it IS too good to be true!Read More Search crimes – how the Gootkit gang poisons Google searches
Later this year, Cisco will add bidirectional translation to and from 70 languages.
The post Cisco Webex introduces real-time translation to meetings first appeared on IT World Canada.
Having announced more than 50 planned innovations at its WebexOne event in December, Cisco’s Webex is rolling out another of those capabilities today: real-time language translation. The feature will be available in Webex as a preview starting this …Read More Cisco continues to overhaul Webex, now with real-time language transcription
Many people were cheering for the Kansas City Chiefs during Super Bowl LV. Not because they were Chiefs fans, and not because they didn’t like the Tampa Bay Buccaneers. They wanted KC to win because they wanted, more than anything else, for Tom Brad…Read More When emotions run high: Protecting your network infrastructure from reputational attacks
Recorded Future researchers uncovered a campaign conducted by Chinese APT41 group targeting critical infrastructure in India. Security researchers at Recorded Future have spotted a suspected Chinese APT actor targeting critical infrastructure operators in India. The list of targets includes power plants, electricity distribution centers, and seaports in the country. The attacks surged while relations between […]
The post Alleged China-linked APT41 group targets Indian critical infrastructures appeared first on Security Affairs.Read More Alleged China-linked APT41 group targets Indian critical infrastructures
Following a brief refresher on classic scenario planning, hosts Jim Love, CIO of ITWC, and Doug Sparkes, a lecturer at the Conrad School of Entrepreneurship and Business, riff collegially on how to avoid functional fixedness while identifying and devel…Read More Deeper Dive: Ready, Set, Go (Eps.5)
Amid the coronavirus, 2020 was unpredictable in more ways than anyone would have expected. But one thing that stayed fairly constant was the steady flow of mergers and acquisitions (M&A) across the tech sector.Global tech M&A deals last year…Read More Noteworthy technology acquisitions 2021
Amit Majithia, Vice President and Country Head for Wipro Limited Canada, joins co-hosts Jim Love, CIO of ITWC, and Doug Sparkes, a lecturer at the Conrad School of Entrepreneurship and Business, for this podcast episode that delves deeply into back-cas…Read More Deeper Dive: Freeing the corporate imagination (Eps.4)
Co-hosts Jim Love, CIO of ITWC, and Doug Sparkes, a lecturer at the Conrad School of Entrepreneurship and Business, open the eight-minute program with an extended football metaphor to describe how things break down – both on the sports field and in bus…Read More Deeper Dive: You need a new playbook (Eps.1)
Controversial cryptocurrency developer Tether says it will not give in to extortionists who are demanding a 500 Bitcoin ransom payment (currently worth approximately US $24 million).Read More Crypto firm Tether says it won’t pay $24 million ransom after being threatened with document leak
Google has introduced a Workspace tier for front-line jobs such as retail, hospitality, and healthcare workers. The company today also unveiled new features around time management and productivity-tracking for the core Workspace — formerly G Suite —…Read More Google Workspace targets front-line workers with new tier
Google has introduced a Workspace tier for front-line jobs such as retail, hospitality, and healthcare workers.The company today also unveiled new features around time management and productivity-tracking for the core Workspace — formerly G Suite — …Read More Google Workspace rolls out features for front-line workers
According to a recent UHS earnings report, the Ryuk ransomware attack from last September resulted in about $67 million in lost operating income, labor expenses, and overall recovery costs. The incident, which came amidst a wave of suspected Ryuk attac…Read More Ryuk Ransomware Attack Cost UHS $67M in Lost Revenue
It’s all the tech news that’s popular right now. Welcome to Hashtag Trending! It’s Tuesday, March 2, and I’m your host Baneet Braich.
The post Hashtag Trending – Coinbase goes public; A tech titan royal rumble; Dealing with Zoom fatigue first appeared …
This is weird:
Read More Mysterious Macintosh Malware
Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.
Also curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question of why the mechanism exists…
Researchers at the National Institute of Standards and Technology (NIST) have developed a new, interactive spreadsheet that will help the U.S. military extinguish aircraft and vehicle fires using the latest environmentally friendly chemicals. While it …Read More NIST Tool Will Help Military Vehicles Fight Fires Using Less Harmful Chemicals
Healthcare giant latest big name hit by financial tsunamiRead More Universal Health Services Estimates $67 Million in Ransomware Losses
Lawyers probe WhatsApp for more technical detailsRead More DoJ Steps Up Investigation into NSO Group – Report
A popular jailbreaking tool called “unc0ver” has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited i…Read More New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0 – 14.3
JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. JFC International, a major distributor and wholesaler of Asian food products, announced it has recently suffered a ransomware attack. The ransomware attack only impacted JFC International’s Europe Group, the malware caused the disruption of some of its IT […]
The post Distributor of Asian food JFC International hit by Ransomware appeared first on Security Affairs.Read More Distributor of Asian food JFC International hit by Ransomware
Who is and what did Emil Apreda do? Emil Apreda, previously known as Emil A., a 33-year-old Italian that lives in Berlin, known to have a strong background in computing was accused of sending threatening emails to NHS starting April to June 2020. In th…Read More Berlin Resident Pronounced Guilty of Threatening to Bomb a Hospital
Also known as SIM splitting, simjacking, SIM hijacking, and port-out scamming, SIM swapping is a type of fraud that targets your personal information so that cybercriminals can pass themselves off as you and access your bank accounts. In short, the fra…Read More What is SIM Swapping?
For the Defense Industrial Base (DIB), the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) compliance requirement is the hot news topic of 2021. In fact, across the DIB market, CMMC compliance will probably stay a focus th…Read More Preparing for the Cybersecurity Maturity Model Certification onslaught
The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform Gootloader. It is actively d…Read More Multi-payload Gootloader platform stealthily delivers malware and ransomware
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new ‘Dependency Confusion’ vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. […]Read More Malicious NPM packages target Amazon, Slack with new dependency attacks
With the voice commands “Alexa Skills,” users can load numerous extra functions onto their Amazon voice assistant. Amazon screens special voice assistant functions for security. However, scammers can circumvent this check. These Skills can often have s…Read More Alexa Skills: Security gaps and data protection problems
Mozilla last week raised the Firefox version count to 86, adding multiple picture-in-picture video viewing and bolstering the browser’s anti-tracking defenses by isolating all cookies in the sites that create them.Security engineers also patched 12 …Read More What’s in the latest Firefox upgrade? Proliferating picture-in-picture, even more anti-tracking
Make sure you have anti-virus software installed on your computer and that it is automatically updating. However, keep in mind that no anti-virus can catch all malware; your computer can still be infected. That is why it’s so important you use common…Read More Anti-Virus
The majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk, a Netskope research reveals. “Cybe…Read More Cybercriminals continue to target trusted cloud apps
I subscribe to a newsletter from Gary Burnison, CEO of Korn Ferry. His messages address a wide variety of career and personal issues in a thoughtful and educational manner. A recent Special Edition message was titled Exceeding Potential. It specificall…Read More Cybersecurity Challenges: Understanding the What, How and When of Change
Misconfigurations remain one of the most common risks in the technology world. Simply telling organisations to “fix” this problem, however, is not as easy as it might first seem because there’s a myriad of technologies at play in modern infrastructure …Read More Cloud-Based Storage Misconfigurations – Understanding the Security Risks and Responses
There is ample opportunity for financial institutions to harness the power of AI to build more meaningful connections and experiences with customers — vastly improving both retention and acquisition, according to research findings released by NTT DATA….Read More Customers willing to share personal data in exchange for personalized services
Delivering on the SailPoint vision to embed identity into the cloud enterprise’s digital fabric, SailPoint announced additional extensibility functionality to its platform. To enable customers and partners to find value with the updates, SailPoint also…Read More SailPoint extensibility helps customers secure their digital ecosystem
Proact is launching a new version of its managed disaster recovery service, which allows customers to continue operating their businesses following disruptive events, regardless of where their data is located. Proact’s new and updated disaster recovery…Read More Proact disaster recovery service protects businesses from disruptive events
Maximus announced that it completed the acquisition of the Federal division of Attain. The contracted purchase price of $430 million is subject to certain reductions and adjustments. Privately-owned Attain serves the U.S. Federal Government, with a str…Read More Maximus’ acquisition of Federal Division of Attain boosts company’s long-term corporate strategy
Innodisk is announcing new PCIe Gen 4 NVMe flash storage, DDR4-3200 DRAM, and CANbus & LAN modules. PCIe Gen 4 NVMe — twice the transfer Innodisk’s NVMe flash storage series now supports the latest PCIe Gen 4 interface with a staggering 7.88 …Read More Innodisk announced PCIe Gen 4 NVMe flash storage, DDR4-3200 DRAM, CANbus & LAN modules
Axonius announced it has raised $100 million in Series D funding, led by Stripes, a leading New York-based growth equity firm, as well as participation from existing investors Bessemer Venture Partners (BVP), OpenView, Lightspeed, and Vertex. Ken Fox, …Read More Axonius raises $100M to expand, innovate, and fuel market growth
Trulioo announced the appointment of Hal Lonas as its chief technology officer. Lonas joins Trulioo’s senior leadership team to help accelerate the company’s next stage of growth and innovation. He is a recognized innovator in cloud security and machin…Read More Hal Lonas joins Trulioo as CTO
GyanSys has hired Anand Aboti as the company’s first Chief Business Officer. Aboti will be responsible for driving global business growth, expanding referenceable customer success, and strengthening alliances with strategic partners including SAP…Read More GyanSys hires Anand Aboti as Chief Business Officer
Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. […]Read More Working Windows and Linux Spectre exploits found on VirusTotal
A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks.Read More Mobile Adware Booms, Online Banks Become Prime Target for Attacks
A Dutch e-Ticketing platform has suffered a data breach after a database was stolen from an unsecured staging server. […]Read More European e-ticketing platform Ticketcounter extorted in data breach