0 Comments
Nearly two-thirds (36%) of IT leaders are not disclosing breaches for fear that they may lose their job, complicating efforts to enhance security, according to new research. Keeper Security polled 1000 UK IT decision-makers at businesses of between 100 and 5000 employees to compile its 2021 Cybersecurity Census Report. It revealed that security breaches are widespread: 92%
0 Comments
A new study has revealed that nearly all security professionals operating in a multi-cloud environment believe it’s riskier than relying on a single cloud provider. The research, published today by global security and compliance solutions provider Tripwire, is based on a June 2021 survey of 314 security professionals with direct responsibility for the security of public cloud
0 Comments
Cyber-scammers are exploiting public interest in the latest Marvel movie to spread malware infections.  The eagerly anticipated premiere of Disney’s Black Widow is scheduled to take place simultaneously offline in movie theaters and online via streaming services tomorrow. However, cyber-criminals have been illegally monetizing interest in the new flick for months, according to research by
0 Comments
Hyperautomation is a process where artificial intelligence (AI), machine learning (ML), event-driven software, and other tools are used to automate as many business and IT processes as possible.  Forecasted by Gartner to reach $596.6 billion by 20221, hyperautomation and the global software market that enables it show no signs of slowing. The myriad of technologies
0 Comments
Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology (OT) devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical infrastructure sectors. The shortcomings, collectively dubbed “INFRA:HALT,” target NicheStack, potentially enabling an attacker to achieve remote code
0 Comments
Enabling Zero Trust Access with End-to-end Data Security and Continuous Risk Assessment The current business transformation and remote workforce expansion require zero trust access to corporate resources, with end-to-end data security and continuous risk assessment to protect applications and data across all locations – public clouds, private data centers, and user devices.  MVISION Private Access
0 Comments
A story of how easily hackers could hit a hole-in-one with the computer network of a premier golf club in the UK. Golf clubs and cybercrime couldn’t really sound further apart, but when it comes to cybersecurity, businesses of all sizes are targets and their owners must never assume anything is completely watertight. Golf is, however, more associated with business, so when I was recently asked to investigate and test the cybersecurity of an
0 Comments
Cybersecurity researchers on Monday disclosed a set of nine vulnerabilities known as “PwnedPiper” that left a widely-used pneumatic tube system (PTS) vulnerable to critical attacks, including a possibility of complete takeover. The security weaknesses, disclosed by American cybersecurity firm Armis, impact the Translogic PTS system by Swisslog Healthcare, which is installed in about 80% of
0 Comments
A cyber attack that derailed websites of Iran’s transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called “Meteor.” The campaign — dubbed “MeteorExpress” — has not been linked to any previously identified threat group or to additional attacks,
0 Comments
This week, McAfee took an exciting new step in our journey—we are now a pure-play consumer company. What does that mean for consumers? It means that McAfee will be able to focus 100% of our talent and expertise on innovation and development that directly enables and improves the products and services that protect you and your family.  It’s the right time to take
0 Comments
As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. “Lack of moderation and automated security controls in public software repositories allow even inexperienced
0 Comments
by Paul Ducklin [01’08”] Apple’s emergency 0-day fix. [08’51”] A new sort of Windows nightmare, this one not involving printers. [20’39”] Another new sort of Windows nightmare, also with no printers. [27’37”] Twitter hacker busted. [34’50”] Oh! No! Our very own Doug ruins a brand new TV. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.
0 Comments
Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said
0 Comments
Architected for the cloud-first and remote-first deployments, MVISION Cloud Firewall secures access to applications and resources on the internet, accessed from every remote site and location, through a cloud-native service model. The solution inspects end-to-end user traffic – across all ports and protocols, enabling unified visibility and policy enforcement across the organizational footprint. Powered by
0 Comments
There are 30 vulnerabilities listed in total; organizations would do well to patch their systems if they haven’t done so yet The leading cybersecurity and law enforcement agencies from the United States, the United Kingdom, and Australia have issued a joint cybersecurity advisory focusing on the top 30 vulnerabilities that were commonly abused by threat actors over
0 Comments
An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems. The attacks — dubbed “BazaCall” — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method
0 Comments
Summary While ransomware attacks continue to be primarily opportunistic rather than targeted, there has been an upward trend in threat groups targeting high-revenue organizations to maximize the ransom payout. Ransom demands have reportedly reached $50 million USD. Threat actors have also innovated, threatening to leak stolen data in ‘name-and-shame’ attacks as additional leverage. In some
0 Comments
Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the occasional dedicated Unix or Linux based ransomware, but cross-platform ransomware was not happening yet. However, cybercriminals never sleep and in recent months we noticed that several ransomware gangs were experimenting
0 Comments
Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option According to the data shared by Twitter in its recently released transparency report, the popular social network’s users are reluctant to adopt two-factor authentication (2FA) to bolster their account security. In fact, the report paints
0 Comments
by Paul Ducklin You might be forgiven for thinking that July 2021 was Microsoft’s month for cybersecurity vulnerabilities. First there was PrintNightmare in several guises, followed by HiveNightmare (an entirely unrelated bug that nevertheless attracted the “Nightmare” moniker), followed by PetitPotam (which went down the cute aquatic mammal naming path). Now, however, it’s Apple’s turn
0 Comments
There’s a lot of misinformation about Virtual Private Networks, what they do, and the security benefits they offer. For this article, I’d like to do some myth-busting about how a VPN actually works and why you should use one.  What is a VPN and how does it protect me?  A VPN is an app that you install on your device to help keep your personal data safe as you browse the internet   You may
0 Comments
Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported