admin

0 Comments
Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System (CPS) that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu said the shortcomings, when chained together, can lead to “an unauthenticated attacker gaining root on these devices.” Pascom Cloud Phone System is an
0 Comments
APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included “a zero-day vulnerability in the USAHERDS application (CVE-2021-44207) as well as the now infamous zero-day in
0 Comments
The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening. Just as it wasn’t raining when
0 Comments
Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws “allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks,” Ben Seri
0 Comments
Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1. The attack vector – dubbed TP240PhoneHome (CVE-2022-26143) – has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies,
0 Comments
Yaroslav Vasinskyi, a Ukrainian national, linked to the Russia-based REvil ransomware group has been extradited to the U.S. to face charges for his role in carrying out the file-encrypting malware attacks against several companies, including Kaseya last July. The 22-year-old had been previously arrested in Poland in October 2021, prompting the U.S. Justice Department (DoJ)
0 Comments
Renowned documentarist Louis Theroux described the growing societal dangers posed by social media use during the keynote interview at the Digital Transformation EXPO Europe 2021. The session came ahead of the release of Theroux’s new three-part documentary series, exploring how tech is increasingly coalescing with human psychology. In one prominent example of this, he noted that
0 Comments
A good time to check if someone is using your identity is before it even happens.  One of identity theft’s several downsides is how people discover they’ve become a victim in the first place—by surprise. They go to rent an apartment, open a line of credit, or apply for financing, only to discover that their finances or reputation has taken a hit because of identity thief.   And those
0 Comments
Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations’ infrastructure, and technology while remaining in the dark and successfully evading security solutions. Boston-based cybersecurity company Cybereason dubbed the attacks “Operation Ghostshell,” pointing
0 Comments
The offshore assets of 35 current and former world leaders have been exposed in an unprecedented leak of financial records dubbed the Pandora Papers.  The cache of 11.9 million confidential files was leaked to the International Consortium of Investigative Journalists (ICIJ) in Washington, DC. Containing 2.94 terabytes of data, the Papers represent the largest trove of
0 Comments
by Paul Ducklin As you probably know (or, at least, as you know now!), October is Cybersecurity Awareness Month, which means it’s a great opportunity to do three things: Stop. Think. Connect. Those three words were chosen many years ago by the US public service as a short and simple motto for cybersecurity awareness. 5
0 Comments
A newly discovered data exfiltration mechanism employs Ethernet cables as a “transmitting antenna” to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research. “It’s interesting that the wires that came to protect the air-gap become the vulnerability of the air gap in this attack,” Dr. Mordechai Guri, the head of R&D in
0 Comments
A Kittitian soccer player has made a charitable donation of the compensation he received after being racially abused on social media.  Midfielder Romaine Sawyers, who is currently on loan at Stoke City Football Club from his parent club, West Bromwich Albion, was victimized by 50-year-old cyber-bully Simon Silwood of Kingswinford, West Midlands. Silwood was arrested
0 Comments
The United States Coast Guard has launched a new program that gives cyber professionals the chance to become Coast Guard Cyber Officers.  With the launch of the Direct Commission Cyber Officer (DCCO) program, the maritime security branch of the United States military is hoping to attract top cyber talent to work in cyberspace operations, information assurance, cyber
0 Comments
The long-awaited release of the new James Bond movie is being exploited by cyber-criminals, according to cybersecurity company Kaspersky.  No Time to Die is actor Daniel Craig’s fifth and final fling with the internationally renowned 007 spy character created by author Ian Fleming. Bond first entered the public consciousness in 1952 with the publication of Fleming’s
0 Comments
Crime-fighters in Europe and the UK have signed a new agreement to boost cooperation on cybercrime and other investigations. The working agreement between the UK’s National Crime Agency (NCA), which investigates serious and organized crimes, and Europol will sit under the UK-EU trade and cooperation agreement (TCA). That’s the limited post-Brexit free trade agreement between
0 Comments
The UK Cyber Security Council has announced the appointment of four new trustees, taking its total number to eight. The new trustees come with a range of backgrounds and expertise, designed to add legal, governance and education expertise to the Board of Trustees of the Council. They were appointed following a recruitment and selection process overseen by
0 Comments
Today marks the start of the 18th Annual Cybersecurity Awareness Month in America, and this year’s theme is “Do Your Part. #BeCyberSmart.” The digital safety initiative was launched back in October 2004 by the National Cyber Security Alliance and the United States Department of Homeland Security to help the public stay safe and secure while
0 Comments
The owner of two chains of American luxury department stores has warned 4.6 million Neiman Marcus customers that their personal data may have been exposed in a security incident that happened 17 months ago.  Neiman Marcus Group, which owns the Neiman Marcus and Bergdorf Goodman department stores, as well as the high-end home goods line
0 Comments
America’s head of state, Joe Biden, has announced plans to hold a meeting with representatives of 30 different countries later this month to discuss ransomware and other cybersecurity issues.  In a statement released to coincide with the first day of America’s annual Cybersecurity Awareness Month, President Biden said that the chief purpose of the confab would be to address
0 Comments
by Paul Ducklin VMware’s latest security update includes patches for 19 different CVE-numbered vulnerabilities affecting the company’s vCenter Server and Cloud Foundation products. All of the bugs can be considered serious – they wouldn’t be enumerated in an official security advisory if they weren’t – but VMware has identified one of them, dubbed CVE-2021-22005, as