The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The “Regulations on the Management of Network Product Security Vulnerability” are expected to go into effect
admin
by Paul Ducklin “It never rains but that it pours,” as the old weather adage goes. That’s certainly how Microsoft must be seeing things right now, following the official announcement of yet another unpatched vulnerability in the Windows Print Spooler service. Dubbed CVE-2021-34481, this one isn’t quite as bad as the previous PrintNightmare problems, because
The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and purpose. You never can exactly tell how they will come at you, but come they will. It’s no different than fighting a kinetic foe in that, before you fight, you must choose your ground and
The newest update fixes a total of eight vulnerabilities affecting the desktop versions of the popular browser. Google has rolled out an update for its Chrome web browser that fixes a range of vulnerabilities, including a zero-day flaw that has been known to be actively exploited in the wild. The security loopholes affect the Windows,
Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of “precision attacks” to hack more than 100 journalists, academics, activists, and political dissidents globally. The spyware vendor was also formally identified as the commercial
by Paul Ducklin There’s a famous and very catchy song that starts, “It was 20 years ago today…” In the song, of course, Sergeant Pepper was busily teaching his band to play – a band, as the song assures us, that was guaranteed to raise a smile. But can you remember where you were and
What happened Microsoft has shipped an emergency security update affecting most Windows users. This update partially addresses a security vulnerability known as PrintNightmare that could allow remote hackers to take over your system. How does this affect you? PrintNightmare could allow hackers to gain control of your computer. This means hackers could perform malicious activities like installing their own apps, stealing your data, and creating new user accounts. How to fix the issue Microsoft recommends Windows
If you’ll be watching Sports Streaming events on your SmartTV, laptop, tablet or cell phone, learn the tips to keep you and your personal data safe. After a year and a half of cancelled global events, the 2021 summer season is proving to be full of major sporting events across the globe, and all sports
A sweeping and “highly active campaign” that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research. Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as “LuminousMoth,” which it
by Paul Ducklin We’ve written several times before about home delivery scams, where cybercriminals take advantage of our ever-increasing (and, in coronavirus times, often unavoidable) use of online ordering combined with to-the-doorstep delivery. Over the past year or so, we’ve noticed what we must grudgingly admit is a gradual improvement in believability on the part
Small business owners are getting a special deal on their online protection through a partnership between McAfee and Visa. With new ways of working creating online opportunities and risks for small business owners, McAfee and Visa have come together to offer comprehensive protection for a changed business landscape. Designed to help you minimize costs and unexpected interruptions to your business, McAfee® Security for Visa cardholders provides award-winning antivirus, ransomware, and malware
The latest Patch Tuesday brings a new batch of security updates addressing a total of 117 vulnerabilities The second Tuesday of the month is here, which means that Microsoft has rolled out patches for security vulnerabilities in Windows and its other products as part of its monthly Patch Tuesday bundle. This month’s batch of security updates brings
Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. The arrests were made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and Aranda
This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware using social engineering as a means for malware infection has been a dominant part of the threat landscape. Malware authors continue to evolve their techniques to evade detection. These techniques involve utilizing macro obfuscation, DDE,
Lessons to learn from the Kaseya cyberincident to protect your business’ data when doing business with a MSP. Managed service providers (MSPs) play a critical role in the IT ecosystem. By outsourcing many of their day-to-day IT requirements to these companies, smaller organizations in particular can save costs, improve service levels and focus more resources
Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor (version 1.8.13) that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws — tracked as CVE-2021-34816 and CVE-2021-34817 — were discovered and reported on June 4 by researchers from SonarSource, following which patches