Boosted by the rush to remote work brought on by last year’s pandemic, Zoom generated $2.6 billion revenue in 2020, a 317% increase year-on-year that made it one of the fastest growing apps of the pandemic. The number of meeting participants jumped …
Read More Zoom eyes new video needs in a hybrid workplace worldThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert regarding more than a dozen malware samples that were found on exploited Pulse Secure devices and that can go undetected by antivirus products. Pulse Secure devices at U…
Read More A Stealthy Malware Found on Hacked Pulse Secure DevicesResearchers from ReversingLabs have released a report detailing a threat referred to as NPM malware they found in NPM packages that targets credentials by means of the Google Chrome Recovery Tool. How Does the NPM Malware Operate? The NPM Malware file …
Read More NPM Malware Poses a Threat to Passwords in Google ChromeA report finds French President Emmanuel Macron was targeted by Pegasus spyware, Venmo removes a puzzling feature, and DuckDuckGo has announced an email protection service. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Thursday, July 22, and I’m your host, Tom Li. The BBC is reporting that French President […]
The post Hashtag Trending July 22 – Macron Targeted by Pegasus; Venmo removes a controversial feature; DuckDuckGo introduces email protection first appeared on IT World Canada.
Read More Hashtag Trending July 22 – Macron Targeted by Pegasus; Venmo removes a controversial feature; DuckDuckGo introduces email protectionXLoader Malware, a popular virus known for stealing private information from Windows systems has been changed into a new strain, which is capable to also target Apple’s macOS operating system. Cybercriminals are currently selling the XLoader malw…
Read More XLoader Malware Now Upgraded to Target MacOS SystemsAround a third of cybersecurity professionals have had personal experience of harassment online (32%) and in-person (35%), according to a study from Respect in Security — a new initiative set up to support victims and encourage coordinated industry act…
Read More Did you know a third of cybersecurity pros have experienced harassment?When defining what is a botnet, we need to take into consideration that since it’s one of the most sophisticated types of modern malware, botnets are an immense cybersecurity threat to governments, enterprises, and individuals alike. What Is A Bo…
Read More What Is a Botnet & How to Prevent Your PC From Being EnslavedOracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system.
Chief among them is CVE-2019-272…
Who will you call when your organisation has been compromised? Having a cyber incident response team ready to go can save your organisation from disaster. There’s no escaping the threat of cyber security incidents. Criminals are constantly poised to exploit vulnerabilities, and employees use complex IT systems where mistakes are bound to happen. Investing in cyber defences can reduce those risks, but organisations need to be ready for threats they can’t prevent. A CIR (cyber incident response) plan does just that, outlining strategies for identifying and responding to security breaches. An effective plan can quickly stop disruption from turning into
The post How to build a cyber security incident response team (CSIRT) appeared first on IT Governance UK Blog.
Read More How to build a cyber security incident response team (CSIRT)Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code …
Read More Atlassian asks customers to patch critical Jira vulnerabilityAnyone with an interest in information security will have encountered ISO 27001, the international standard that describes best practice for an ISMS (information security management system). However, you might not be as familiar with ISO 27002. It’s a supplementary standard that provides advice on how to implement the security controls listed in Annex A of ISO 27001. Although ISO 27001 is the more well-known standard – and the one that organisations certify to – neither can be considered in isolation. This blog explains why that’s the case, helping you understand how each standard works and the differences between them. What
The post ISO 27001 vs. ISO 27002: What’s the difference? appeared first on IT Governance UK Blog.
Read More ISO 27001 vs. ISO 27002: What’s the difference?A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts.
Joseph O’Connor, 22, has been charged with intentionally accessing…
Data breaches and ransomware attacks aren’t just still occurring. They’re also becoming more frequent. According to ZDNet, the number of ransomware attacks detected and blocked by one security firm grew 715% year-over-year in 2020 alone. Another securi…
Read More A Cure for a Disheartened Cybersecurity ProfessionalA database belonging to TicketClub Italy, a company providing coupons platform for offline purchases, is available for sale on darkweb hacking forums. TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases. Their clients include Burger King, McDonald’s, Cinecittà World, Rainbow Magicland, and many other enterprises having coupon and loyalty programs. The […]
The post TicketClub Italy Database Offered in Dark Web appeared first on Security Affairs.
Read More TicketClub Italy Database Offered in Dark WebBoards of directors and executives seem increasingly interested in understanding their companies’ security posture. And why wouldn’t they be? The ransomware threat posed by organized crime groups is considerable, and its impact can be devastating and t…
Read More Questions that help CISOs and boards have each other’s backExperts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum. The author of the post claims that the data was acquired from […]
The post Thousands of Humana customers have their medical data leaked online by threat actors appeared first on Security Affairs.
Read More Thousands of Humana customers have their medical data leaked online by threat actorsAsset inventory management is critical to any company’s planning and accounting process. Having an accurate, up-to-date view of every asset (all devices, equipment, vehicles, and properties) that your organization owns means that you can better optimiz…
Read More Asset inventory management: What’s the ROI?Vade released its Phishers’ Favorites report for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billi…
Read More Financial services accounting for nearly 40% of all phishing URLsVenafi announced the findings of a global survey that evaluates the impact of software supply chain attacks like SolarWinds/SUNBURST, CodeCov and Kaseya/REvil on how development organizations are changing their approach to securing software build and d…
Read More Who is responsible for improving security in the software development environment?Telia Carrier has announced the findings of a report with a perspective on today’s cyber threats from traffic data. The report investigates changes in attack vector, size and frequency, and reveals a staggering 50% increase in peak attack traffic compa…
Read More DDoS attacks are up, with ever-greater network impactMicrosoft’s Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the ope…
Read More New Windows and Linux Flaws Give Attackers Highest System PrivilegesDigital.ai released a report detailing notable trends and issues in Agile adoption and practice as identified by more than 1,380 global respondents. This year’s findings highlight a strong increase in Agile adoption within both IT and non-IT teams as w…
Read More Agile adoption increasing within both IT and non-IT teamsThe surging number of applications being deployed on the cloud in several industries, rapid improvements being made in the internet of things (IoT) domain, advancements in numerous smart applications, and growing popularity of AI software are the major…
Read More Edge AI software market to expand significantly by 2030Skyflow launched PII Data Privacy Vault, a zero trust data vault for securely handling sensitive customer information (known as personally identifiable information, or PII). The PII Data Privacy Vault includes the new Skyflow Data Governance Engine, wh…
Read More Skyflow PII Data Privacy Vault ensures regulatory compliance for sensitive dataWipro announced the launch of Wipro FullStride Cloud Services and its commitment to invest $1 billion in cloud technologies, capabilities, acquisitions and partnerships over the next three years. As the cloud opportunity accelerates, Wipro FullStride C…
Read More Wipro invests $1B in cloud transformation capabilities and launches Wipro FullStride Cloud ServicesHow does the enterprise efficiently respond to threats (thereby reducing risk) to common attacks without breaking the bank? The answer is XioGuard, the managed security service for 360-degree cybersecurity coverage. With XioGuard, lack of visibility an…
Read More XioGuard delivers visibility and response capabilities across the entire attack surfacePresident Joe Biden and members of his national security team plan to meet next month with business executives about cybersecurity, an official said Wednesday.
read more
Styra announced new cloud infrastructure support via Terraform, extending Styra Declarative Authorization Service (DAS) guardrails to storage, network and compute resource configuration in public clouds including AWS, GCP and Azure. With this addition,…
Read More Styra DAS extends OPA policy-as-code guardrails to public, private and hybrid cloud configurationsMicrochip Technology announced the Adaptec Smart Storage PCIe Gen 4 NVMe Tri-Mode SmartRAID 3200 RAID Adapters, and Adaptec SmartHBA 2200 and Adaptec HBA 1200 Host Bus Adapters. These adapters enable next-generation NVMe and 24G SAS connectivity and ma…
Read More Microchip Smart Storage adapters enable NVMe and 24G SAS connectivity and manageabilitySpy software known as Pegasus has been used to carry out surveillance on the smartphones of journalists, activists, and political leaders. Can a “Freedom Phone” be trusted? And a ransomware-hit law firm demonstrates how not to keep its cust…
Read More Smashing Security podcast #237: NuNa, NuNu, NaNaTP-Link announced the expansion of the TP-Link Omada business line with the introduction of two new 10G switches and one transceiver— 8-Port 10G Desktop/Rackmount Switch TL-SX1008, the JetStream 8-Port 10GE SFP+ L2+ Managed Switch TL-SX3008F, and 10GBa…
Read More TP-Link expands Omada business line with two 10G switches and one transceiverSANS Security Awareness blog post promoting the 2021 SANS Security Awareness Planning Kit
Read More 2021 SANS Security Awareness Planning KitPing Identity announced two of its Identity and Access Management (IAM) solutions have been added to the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Approved Products List (APL). The CDM program, which was spotligh…
Read More Ping Identity adds its IAM solutions to the Department of Homeland Security CDM APLScale Computing announced a collaboration with IBM that will help organizations adopt an edge computing strategy designed to enable them to move data and applications seamlessly across hybrid cloud environments, from private data centers to the edge. S…
Read More Scale Computing collaborates with IBM to help enterprises adopt an edge computing strategyIntel and Airtel announced a collaboration to drive network development of 4G and 5G virtualized radio access network (vRAN) and open radio access network (RAN) technology to transform Airtel’s networks to reap the full possibilities of 5G for its cust…
Read More Intel collaborates with Airtel to drive network development of 5G technologyOrganizations of all sizes can now access the highest level of e-signature security services under European and Swiss law following the launch of SIGNIUS, a new remote qualified e-signing platform. SIGNIUS is powered in the back end by Cryptomathic’s e…
Read More SIGNIUS and Cryptomathic launch qualified e-signature platform to a broad range of organizationsDialpad launched a new integration with Miro, an online whiteboard and innovation platform for teams around the world. This partnership brings together Dialpad’s scalable and reliable video conferencing solution, Dialpad Meetings, with Miro’s collabora…
Read More Dialpad partners with Miro to enable the fluidity of work that surrounds remote meetingsUnbound Security announced its partnership with HashiCorp to deliver a fully integrated encryption key management solution for enterprises. “This integration streamlines guarding secrets and key management and offers customers a seamless solution…
Read More Unbound Security partners with HashiCorp to offer integrated encryption key management solutionCybereason announced the acquisition of empow, a security analytics company based in Tel Aviv. The empow acquisition adds innovative predictive response technology, a library of out-of-the-box data integrations, and top-tier engineering and product tal…
Read More Cybereason acquires empow to enhance its XDR featuresSysdig announced intent to acquire Apolicy to shift security further left and expand the Sysdig offering to include Infrastructure as code (IaC) security. Sysdig customers secure the DevOps cycle from build through production. Apolicy complements these…
Read More Sysdig acquires Apolicy to help customers secure Infrastructure As Code and automate remediationBugcrowd announced the United States Patent & Trademark Office has granted the company two patents for its proprietary systems and methods for identifying vulnerabilities in IT assets utilizing a crowdsourcing approach. U.S. Patent No. 10,972,494 a…
Read More U.S. Patents and Trademark Office grants two patents for Bugcrowd’s proprietary systems and methodsTo address growing cybersecurity concerns, the U.S. Department of Defense (DoD) has introduced the Cybersecurity Maturity Model Certification (CMMC) requirement for federal contractors. To help federal contractors prepare for their Level 1 – 3 as…
Read More Black & Veatch Management Consulting achieves accreditation as a RPO from CMMC-ABUnisys Corporation announced a four-year contract to support a range of services for the European Union. In partnership with Uni Systems and Wavestone, the Unisys-led consortium will consult on the design of major European IT systems to support eu-LISA…
Read More Unisys announces a four-year contract to improve data security and travel for the European UnionHypori announced appointment of Jim Cushman, a trusted high-tech industry visionary and leader, as President of Commercial Markets and Chief Product Officer. Cushman will lead Hypori’s strategic growth and expansion into commercial markets such a…
Read More Hypori appoints Jim Cushman as President of Commercial Markets and CPOOpen Systems announced the appointment of noted cybersecurity expert Tom Corn as its new Chief Product Officer (CPO). He will be responsible for driving the vision and development of the company’s solutions, leveraging his more than 20 years of cyberse…
Read More Open Systems appoints Tom Corn as CPOionir announced Mike Wall as its new chief executive officer. The move comes as the company experiences rapid growth in North America and globally, accelerated by the launch of its CI/CD pipeline acceleration solution. Wall, who has extensive experienc…
Read More ionir announces Mike Wall as CEOAvanan announced the appointment of Chris Riley as Vice President of Enterprise Sales. The addition of Riley to the leadership team further accelerates the company’s rapid growth in bringing the top-rated cloud security solution to the enterprise marke…
Read More Chris Riley joins Avanan as VP of Enterprise SalesSAP announced its financial results for the second quarter ended June 30, 2021. “We’re seeing strong adoption of our cloud portfolio as customers select SAP for their business transformation. Our strategy is working; This is the third strai…
Read More SAP unveils its financial results and increases revenue, profit outlookCloudflare announced that it is now listed in the FedRAMP marketplace, the federal government’s rigorous cloud security assessment program. Reaching this final step before full FedRAMP authorization will allow more federal agencies to adopt Cloudflare’…
Read More Cloudflare reaches final step before full FedRAMP authorizationOffice 365 and Microsoft 365 subscribers always have the latest version of Microsoft Office — currently Office 2019. They also get more frequent software updates than those who have purchased Office 2019 without a subscription, which means subscribe…
Read More Office 365: A guide to the updatesA fourth suspect has been arrested today for his role in the Twitter hack last year that gave attackers access to the company’s internal network exposing high-profile accounts to hijacking. […]
Read More TikTok, Snapchat account hijacker arrested for role in Twitter hackMeasure Requires Reporting Certain Cyber Incidents to CISA Within 24 Hours of DiscoveryA bipartisan group of senators introduced a federal breach notification bill Wednesday that would require federal agencies, federal contractors and organizations tha…
Read More Senators Introduce Federal Breach Notification BillThis hardy device comes with a swappable battery and storage.
The post Panasonic releases the Toughbook G2 modular rugged PC first appeared on IT World Canada.
Read More Panasonic releases the Toughbook G2 modular rugged PCDeals Focus on Bolstering Security CapabilitiesCybereason, Rapid7 and Microsoft announced acquisitions this week designed to boost their security capabilities. Meanwhile, DevOps security firm Sysdig made a move to add infrastructure-as-code security to…
Read More Cybereason, Rapid7 and Microsoft Announce AcquisitionsPlus, White House Says MFA, Encryption to Be Widely Deployed in Federal NetworksNew guidance from the National Institute of Standards and Technology spells out security measures for “critical software” used by federal agencies and minimum standards for…
Read More NIST Publishes ‘Critical Software’ Security GuidanceA 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that lead to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.
Read More Serial Swatter Who Caused Death Gets Five Years in PrisonMicrosoft Defender Application Guard protects your networks and data from malicious applications running in your web browser, but you must install and activate it first.
Read More How to activate Microsoft Defender Application Guard in Windows 10Google Cloud this week announced a new set of services aimed at help federal, state, and local government organizations in the United States to implement Zero Trust architecture.
read more
Saudi Arabia’s state oil giant acknowledged Wednesday that leaked data from the company — files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand — likely came from one of its contractors.
read more
…
Read More Saudi Aramco Facing $50M Cyber Extortion Over Leaked DataWhen the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. What was deemed especially newsworthy was the presence of email addresses in
Read More Your Work Email Address is Your Work’s Email AddressA senior official of the US Catholic Church has resigned after a blog revealed it had cellphone data that showed he was a regular user of the gay dating app Grindr.
Read More No, your Grindr activity is not necessarily private – just ask the senior Catholic priest who was outed and lost his jobThe average person in the Philippines spends more time on the Internet than any other country in the world. Filipinos are online over 11 hours each day, compared to a global average of just six hours. Indeed, with a total population of more than 100…
Read More BrandPost: Banking Giant BDO and Huawei Collaborate to Provide Inclusive Financial Services for FilipinosThe average person in the Philippines spends more time on the Internet than any other country in the world. Filipinos are online over 11 hours each day, compared to a global average of just six hours. Indeed, with a total population of more than 100…
Read More BrandPost: Banking Giant BDO and Huawei Collaborate to Provide Inclusive Financial Services for FilipinosThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. […]
Read More CISA warns of stealthy malware found on hacked Pulse Secure devicesThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. […]
Read More CISA warns of hacked Pulse Secure devices loaded with malware in disguiseCybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money
The post Cybercriminals may target 2020 Tokyo Olympics, FBI warns appeared first on WeLiveSecurity
Seventh annual report of agency still finds problems
The post Huawei network gear again fails to meet cybersecurity quality, says UK board first appeared on IT World Canada.
Read More Huawei network gear again fails to meet cybersecurity quality, says UK boardFrench cyber-security agency ANSSI warned of an ongoing cyberespionage campaign aimed at French organizations carried out by China-linked APT31 group. The French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group. The state-sponsored hackers are hijacking home routers to set up a […]
The post France ANSSI agency warns of APT31 campaign against French organizations appeared first on Security Affairs.
Read More France ANSSI agency warns of APT31 campaign against French organizationsNSO Group Refutes Alleged Targeting List – But How Does It Know Customers’ Targets?Can NSO Group and other commercial spyware vendors survive the latest revelations into how their tools get used? The Israeli firm is again being accused of selling spywa…
Read More World Leaders Included on Alleged Spyware Targeting ListDeals Focus on Bolstering Security CapabilitiesCybereason and Rapid7 made acquisitions this week designed to boost their security capabilities. Meanwhile, DevOps security firm Sysdig made a move to add infrastructure-as-code security to its portfolio.
Read More Cybereason, Rapid7 and Sysdig Announce AcqusitionsLinux administrators are urged to watch for and install patches to fix two major vulnerabilities in the operating system. Both discovered by researchers at Qualys, one is a stack exhaustion denial-of-service vulnerability in systemd, described as a near-ubiquitous utility available on major Linux operating systems and the second is a flaw in the Linux kernel […]
The post Two Linux vulnerabilities give exploiters root privileges first appeared on IT World Canada.
Read More Two Linux vulnerabilities give exploiters root privilegesIn another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems.
Read More NPM Package Steals Passwords via Chrome’s Account-Recovery ToolVulnerability in security account manager is serious enough to recommend deletion of volume shadow copiies
The post Microsoft issues workaround for new Win10 privilege escalation problem first appeared on IT World Canada.
Read More Microsoft issues workaround for new Win10 privilege escalation problemArtificial intelligence is a powerful tool, and an expert says we had better ensure it stays just that—a useful tool.
Read More Should we use AI in cybersecurity? Yes, but with caution and human helpNorthern Rail, one of the UK’s local railway systems covering the north of England, had its new self-service ticketing machines taken off-line following a ransomware attack last week.
read more
Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change.
Read More Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers SayFrom 21 July to 20 August, PCI SSC stakeholders can participate in a Request for Comments (RFC) on PCI Card Production and Provisioning v3 Draft Standard.
Read More Request for Comments: PCI Card Production and Provisioning v3 Draft StandardAfter years of mostly sitting on the sidelines, Microsoft is starting to be aggressive with cybersecurity acquisitions.
The world’s largest software company said Wednesday it would acquire CloudKnox, a Silicon Valley startup that sells tools to help co…
Attorney Marcus Christian Describes Pitfalls to AvoidMarcus Christian, a former executive assistant U.S. attorney, implores businesses to not immediately abandon their incident response plans once it appears a suspected incident is resolved.
Read More Incident Response: Why Persistence Is VitalToday on the Official Microsoft Blog, Microsoft announced the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM). CloudKnox offers complete visibility into privileged access.
The post Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management appeared first on Microsoft Security Blog.
Read More Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement managementAs containers become a major part of many organizations’ IT workloads, it becomes crucial to consider the unique security threats that target such environments when building security solutions. The first step in this process is understanding the relevant attack landscape.
The post The evolution of a matrix: How ATT&CK for Containers was built appeared first on Microsoft Security Blog.
Read More The evolution of a matrix: How ATT&CK for Containers was builtWindows “hives” contain registry data, some of it secret. The nightmare is that these files aren’t properly protected against snooping.
Read More Windows “HiveNightmare” bug could leak passwords – here’s what to do!Cybersecurity firm raises $30 Million to support growth of its AI-based DNS threat protection system
read more
Company Says West African Group Used Homoglyph Techniques to Trick VictimsMicrosoft has announced the takedown of 17 domains that an unnamed threat group operating out of West Africa used to host fake Microsoft websites when conducting business email c…
Read More Microsoft Announces Takedown of Domains Used for BEC SchemesMisconfigured permissions for Argo’s web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.
Read More Kubernetes Cloud Clusters Face Cyberattacks via Argo WorkflowsThere is even more to space innovation than the fledgling space tourism sector. Somewhat out of the public eye, there is a fast-growing space tech industry.
Read More The space wide web is ready to launchResearchers at industrial cybersecurity firm Claroty have identified a series of vulnerabilities that have enabled them to demonstrate how malicious actors could abuse cloud-based management platforms when targeting industrial organizations.
read more
…
Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is […]
The post XLoader, a $49 spyware that could target both Windows and macOS devices appeared first on Security Affairs.
Read More XLoader, a $49 spyware that could target both Windows and macOS devicesQuick Heal Security Lab has seen a sudden increase in dotnet samples which are using steganography. Initially, in…
The post FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data appeared first…
The French national cyber-security agency today warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APP31 cyberespionage group. […]
Read More France warns of APT31 cyberspies targeting French organizationsChinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees. […]
Read More Chinese state hackers breached over a dozen US pipeline operatorsApple Apparently Pushes ‘Zero Click’ Patch, But Are Much Stronger Measures Required?Following revelations that commercial spyware vendor NSO Group was able to exploit the latest model of the Apple iPhone to install surveillance software, experts descri…
Read More Spyware Zero-Day Hits Show Apple Ecosystem’s ImperfectionsThe findings detail a complex security balancing act between IT teams and users; especially in the age of remote work and virtual collaboration at scale.
Read More Cybersecurity risk: The number of employees going around IT security may surprise youA software package available from the official NPM repository has been revealed to be actually a front for a tool that’s designed to steal saved passwords from the Chrome web browser.
The package in question, named “nodejs_net_server” and downloaded ov…
Oracle on Tuesday announced the availability of a total of 342 new security patches as part of its July 2021 Critical Patch Update (CPU). More than half of the addressed vulnerabilities could be exploited remotely without authentication.
read more
…
Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware.
Read More French Launch NSO Probe After Macron Believed Spyware TargetGoogle on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection.
read more
The term IPS stands for Intrusion Prevention System and refers to a form of network security that aims to detect and prevent identified threats. An IPS system continuously monitors a network, looking for possible malicious activity and gathering infor…
Read More What Is an Intrusion Prevention System – IPS? Definition, How Does It Work, Benefits