Released: April 2021 Exchange Server Security Updates - Microsoft Tech Community

Why are there security updates two months in a row? Microsoft regularly releases Exchange Server security updates on 'patch Tuesday'. We are always ...

Posted on 14 April 2021 | 6:13 am

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws concerns an insufficient validation of untrusted input in its V8 JavaScript rendering engine (

Posted on 14 April 2021 | 6:05 am

NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers

In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that's said to be

Posted on 14 April 2021 | 5:19 am

Get your firm to say goodbye to password headaches

Passwords are problematic. They can be costly and burdensome for businesses to manage, can cause poor user experience, and they are easily compromised. It’s no wonder, then, that many enterprises are expected to shift to passwordless authentication for users as part of an overall digital transformation. A passwordless solution The introduction of passwordless authentication throws out any reliance on passwords and delivers a better user experience, less headaches for the IT guys and better levels … More

The post Get your firm to say goodbye to password headaches appeared first on Help Net Security.

Posted on 14 April 2021 | 5:09 am

Get your firm to say goodbye to password headaches

True mobility for your fee-earners means removing the need for a PC in order to reset passwords, for example. Enhanced security. Mobile devices now ...

Posted on 14 April 2021 | 5:03 am

DDoS attack activity: 10 million-plus attacks and 22% increase in attack frequency

Netscout announced findings from its bi-annual Threat Intelligence Report, punctuated by a record-setting 10,089,687 DDoS attacks observed during 2020. Cybercriminals exploited vulnerabilities exposed by massive internet usage shifts since many users were no longer protected by enterprise-grade security. Attackers paid particular attention to vital pandemic industries such as e-commerce, streaming services, online learning, and healthcare generating a 20% year-over-year increase in attack frequency over 2019 plus a 22% increase in the last six months of … More

The post DDoS attack activity: 10 million-plus attacks and 22% increase in attack frequency appeared first on Help Net Security.

Posted on 14 April 2021 | 5:00 am

DDoS attack activity: 10 million-plus attacks and 22% increase in attack frequency

Mirai malware continued to thrive during the pandemic. Adversaries using Mirai malware and its variants took advantage of shifts away from enterprise- ...

Posted on 14 April 2021 | 4:52 am

Antivirus Software Market 2021 Is Booming Across the Globe by Share, Size, Growth, Segments ...

Industry Growth Insights (IGI) has rolled out a novel report on the Global Antivirus Software Market. The report is filled with imperative insights on the ...

Posted on 14 April 2021 | 4:52 am

FBI operation removes malware from US computers

... Exchange servers that enabled access to email accounts and allowed for the installation of malware on computers that permitted long-term access.

Posted on 14 April 2021 | 4:51 am

Detection capabilities improve, but ransomware surges on

A FireEye report outlines critical details on trending attacker techniques and malware, the proliferation of multifaceted extortion and ransomware, preparing for expected UNC2452 / SUNBURST copycat threat actors, growing insider threats, plus pandemic and industry targeting trends. Global median dwell time drops below one month for first time Over the past decade, Mandiant has observed a trending reduction in global median dwell time (defined as the duration between the start of a cyber intrusion and … More

The post Detection capabilities improve, but ransomware surges on appeared first on Help Net Security.

Posted on 14 April 2021 | 4:30 am

Qualys : Introducing “This Month in Patches” Webinar Series

Just today Microsoft released security updates for Microsoft Exchange servers ... Given the hacking spree that followed after the disclosure of ProxyLogon ... consolidates vulnerability assessment, threat prioritization and remediation, ...

Posted on 14 April 2021 | 4:30 am

61% of Factories Have Faced a Cybersecurity Incident [Report]

As factories continue to become “smarter” through utilizing the Internet of Things, automation, and general interconnectivity, the role of cybersecurity ...

Posted on 14 April 2021 | 4:30 am

WEBCAST: DOD OFFICIALS DISCUSS CYBERSECURITY AT SENATE HEARING

A Senate Armed Services Cybersecurity subcommittee holds a hearing on future cybersecurity architectures in Washington, April 14, 2021. Testifying ...

Posted on 14 April 2021 | 4:07 am

Antivirus Software Market – History, Present, Future And Global Forecast (2021-2027)

Antivirus Software Market Research leaves an exclusive and methodical industry perspective, articulated post intensive study activities across ...

Posted on 14 April 2021 | 4:07 am

WEBCAST: DOD OFFICIALS DISCUSS CYBERSECURITY AT SENATE HEARING

Testifying are: David McKeown, Defense Department senior information security officer and deputy chief information officer for cybersecurity; Robert ...

Posted on 14 April 2021 | 4:07 am

FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers

FBI agents executed a court-authorized cyber operation to delete malicious web shells from hundreds of previously hacked Microsoft Exchange servers in the United States, unbeknownst to their owners, the U.S. Department of Justice (DoJ) said Tuesday.

read more

Posted on 14 April 2021 | 4:03 am

330 million people across 10 countries were victims of cybercrime in 2020

Over the past year, 65% of people around the world report spending more time online than ever before, likely a result of the COVID-19 pandemic. As we connected to the internet for everything from work and school to entertainment, social connection and even groceries, cybercriminals took advantage and launched coordinated attacks and convincing scams. NortonLifeLock revealed that in the past year nearly 330 million people across 10 countries were victims of cybercrime and more than … More

The post 330 million people across 10 countries were victims of cybercrime in 2020 appeared first on Help Net Security.

Posted on 14 April 2021 | 4:00 am

Utah Creates Safe Harbor for Companies Facing Data-Breach Litigation

Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80), an amendment to Utah's data breach notification law, creating several ...

Posted on 14 April 2021 | 3:56 am

Utah Creates Safe Harbor for Companies Facing Data-Breach Litigation

In mid-March, Utah Gov. Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80), an amendment to Utah's data breach ...

Posted on 14 April 2021 | 3:56 am

Utah Creates Safe Harbor for Companies Facing Data-Breach Litigation

The written cybersecurity programs must satisfy several requirements to warrant the act's protection. In part, such programs must provide administrative, ...

Posted on 14 April 2021 | 3:56 am

Rundown: 5 cellphone viruses Filipinos should avoid and how to recognize them

Trojans as “malware disguised as legitimate software that hackers and cyber thieves use to get into a user's system to spy on them or steal from them.”.

Posted on 14 April 2021 | 3:45 am

At Least 100 Million Devices Affected by "NAME:WRECK" DNS Flaws in TCP/IP Stacks

Popular TCP/IP stacks are affected by a series of Domain Name System (DNS) vulnerabilities that could be exploited to take control of impacted devices, researchers with IoT security firm Forescout reveal.

read more

Posted on 14 April 2021 | 3:40 am

97% of organisations experienced a mobile threat in 2020 — report

In many cases, cyber attackers spread mobile malware, including Mobile Remote Access Trojans (MRATs), banking trojans, and premium dialers, often ...

Posted on 14 April 2021 | 3:33 am

Despite higher workloads, risk managers have high levels of job satisfaction

A majority of risk managers are optimistic about the profession’s outlook, with COVID-19 and economic uncertainty amplifying the need for strong organizational risk management, a report from the Global Association of Risk Professionals (GARP) reveals. Sixty-nine percent of all survey respondents — comprised of 2,100 GARP Members across 101 countries — said they expect their risk career opportunities to increase over the next 18 months, while nearly one-third said they anticipate a significant increase in … More

The post Despite higher workloads, risk managers have high levels of job satisfaction appeared first on Help Net Security.

Posted on 14 April 2021 | 3:30 am

S. Korea experts concern over accuracy of self-test kits

... Seoul mayor Oh Se-hoon has been pushing the implementation of the self-test kits as part of efforts to roll out tailored antivirus measures. He said ...

Posted on 14 April 2021 | 3:22 am

Europe data center market to grow steadily by 2026

The data center market in Europe is expected to grow at a CAGR of over 4% during the period 2021-2026, according to ResearchAndMarkets. The market is expected to grow due to the growing procurement of renewable energy sources. Over 25 European cloud and data center operators, including AWS, Google, Equinix, Interxion, OVH Cloud, Scaleway, Aruba, and 17 other industry associations have signed an agreement to make their facilities carbon neutral via 100% renewable energy sources … More

The post Europe data center market to grow steadily by 2026 appeared first on Help Net Security.

Posted on 14 April 2021 | 3:00 am

Cybersecurity training may be broken - report

Cybersecurity training during the pandemic have proven to be insufficient, according to a new survey from TalentLMS. The survey, conducted by ...

Posted on 14 April 2021 | 3:00 am

Sapien Cyber and Honeywell tackle Aus cybersecurity market

The collaboration integrates Sapien's OT Cybersecurity Threat Management System with Honeywell's building and digital video management systems, ...

Posted on 14 April 2021 | 3:00 am

Home » News » Protecting Your Electronic Health Records (EHR) With Continuous Monitoring

As such, this critical information needs to be secured completely from cyber-attacks, insider threats and unintentional mistakes in order to secure the ...

Posted on 14 April 2021 | 3:00 am

Major firms disclose breaches in the wake of SolarWinds attack

Article by Bitglass senior director of marketing Jonathan Andresen. In recent weeks, Russian hackers acquired emails from Homeland Security officials ...

Posted on 14 April 2021 | 3:00 am

Flashpoint helps enterprises and govt agencies mitigate fraud and protect against physical and cyber threats

Flashpoint announced two new product offerings in the past two weeks: Flashpoint Brand Protection and Flashpoint Card Fraud Mitigation. These two new products from Flashpoint further extend the capabilities that enterprises and government agencies have at their disposal to mitigate fraud and protect against physical and cyber threats anywhere online. Neutralize phishing threats with Flashpoint Domain Monitoring and Takedowns Now with Flashpoint Brand Protection—which is comprised of two core capabilities Flashpoint Domain Monitoring and Flashpoint … More

The post Flashpoint helps enterprises and govt agencies mitigate fraud and protect against physical and cyber threats appeared first on Help Net Security.

Posted on 14 April 2021 | 2:30 am

How do you solve a problem like customer data protection?

While IT professionals ranked protection of customer information as the most important reason for encryption, the study found customer information ...

Posted on 14 April 2021 | 2:15 am

Bridging the cybersecurity skills gap in Malaysia

With a lack of cybersecurity talent and insufficient budget in many Malaysian companies, this pain point may be a loophole that opens the door to cyber ...

Posted on 14 April 2021 | 2:03 am

Sontiq Secure Identity Vault delivers digital file security for COVID-19 vaccination cards and medical files

Despite warnings from the CDC and news media, many vaccinated individuals are putting themselves at risk by posting images of their vaccine cards online, or unknowingly storing unsecure digital images on their devices. Sontiq announced that consumers can gain increased peace of mind and further protection of their sensitive medical files by placing the images into a Secure Identity Vault, which is included as part of Sontiq’s identity protection products. “Since it’s unclear how vaccine … More

The post Sontiq Secure Identity Vault delivers digital file security for COVID-19 vaccination cards and medical files appeared first on Help Net Security.

Posted on 14 April 2021 | 2:00 am

Data Leak: Route Mobile investigating claims; data of Tata Communications, Bharti Airtel and DBS ...

Cyber security researcher Rajshekhar Rajaharia said the data does not seem to have been leaked from Tata Communications but the alleged breach ...

Posted on 14 April 2021 | 1:41 am

Aruba announces set of cross-portfolio edge-to-cloud security integrations for Aruba ESP

Aruba, a Hewlett Packard Enterprise company announced an expansive set of cross-portfolio edge-to-cloud security integrations for Aruba ESP (Edge Services Platform). The new advancements include the integration of the ClearPass Policy Manager secure network access control platform with the Aruba EdgeConnect SD-WAN edge platform, formerly Silver Peak, the integration of Aruba Threat Defense with the EdgeConnect platform, and the expansion of the Aruba ESP multivendor security partner ecosystem, providing enterprise customers with the freedom to … More

The post Aruba announces set of cross-portfolio edge-to-cloud security integrations for Aruba ESP appeared first on Help Net Security.

Posted on 14 April 2021 | 1:30 am

TOYO NetEyez simplifies network monitoring and helps to ensure enterprise network quality

TOYO announces NetEyez, a new network monitoring solution that visualizes entire networks including end-to-end communication using an intuitive and simple to use interface. NetEyez empowers network engineers to perform effective network monitoring. For problems and issues that are detected, NetEyez helps accelerate time to resolution. This TOYO-developed solution has been nominated as a Finalist for the Best of Show Award at Interop Tokyo 2021. Due to the increasing complexity of the IT environment in enterprises … More

The post TOYO NetEyez simplifies network monitoring and helps to ensure enterprise network quality appeared first on Help Net Security.

Posted on 14 April 2021 | 1:15 am

Scammers targeting job seekers with hidden malware

Malware is being hidden in links for employment opportunities, according to law enforcement. Job seekers will receive a message about an employment ...

Posted on 14 April 2021 | 1:07 am

Scammers targeting job seekers with malware attacks

The Lee County Sheriff's Office is warning residents about a new unemployment scam. Malware is being hidden in links for employment opportunities, ...

Posted on 14 April 2021 | 1:07 am

Tulips fill out the patch

Tulips fill out the patch Tuesday at Shelter Gardens in Columbia. According to Amsterdam Tulip Museum Online, there are 15 different groups of tulips.

Posted on 14 April 2021 | 1:07 am

Seoul Robotics Partners With Macnica for Distribution of SENSR™ in Japanese Market

The 3D computer vision company expands the availability of its breakthrough ... across a range of industries including smart cities, retail, and security.

Posted on 14 April 2021 | 12:56 am

Financial Fraud Prevention

Traditional data breach tactics have been replaced by schemes leveraging artificial intelligence, malicious bots and synthetic identities to snag valuable ...

Posted on 14 April 2021 | 12:33 am

Google Releases Security Updates for Chrome

Original release date: April 13, 2021

Google has updated the stable channel for Chrome to 89.0.4389.128 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome release and apply the necessary changes.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 14 April 2021 | 12:23 am

What if we could vote online?

It is sponsored by Wasilla Republican Senator Mike Shower. ... However, secure online voting is an idea that could be used for voting in 3-5 years.

Posted on 14 April 2021 | 12:22 am

Data Privacy 2021: How Data Privacy is Becoming a Strategic Priority

Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and ...

Posted on 14 April 2021 | 12:11 am

FBI launches effort to remove malware from computers in US

A court in Texas has authorized the FBI to fix malware in hundreds of hacked servers in the U.S. running certain versions of Microsoft Exchange Server ...

Posted on 13 April 2021 | 11:48 pm

The 5 best credit monitoring apps of 2021, according to experts

Credit monitoring services don't prevent your information from being stolen in data breaches, fix errors found in your credit report, freeze your credit in ...

Posted on 13 April 2021 | 11:48 pm

Home » News » VERT Threat Alert: April 2021 Patch Tuesday Analysis

Borin Larin of Kaspersky Lab discovered this vulnerability being actively used for exploitation and suspects that it is tied to the BITTER APT group. Larin ...

Posted on 13 April 2021 | 11:37 pm

Hackers Recently Broke Into Illinois Attorney General's Computer Network

- Also new at 5:00, hackers broke into the Illinois Attorney General's computer network. [INAUDIBLE] [? Raul ?] says workers noticed the breach Saturday ...

Posted on 13 April 2021 | 11:32 pm

History Made: Government Hacks Your Systems To Remove Malware

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders ...

Posted on 13 April 2021 | 11:26 pm

RMV extending grace period for expired inspection stickers after malware attack

Applus Technologies, a vendor for the inspection system, experienced a malware attack across several states on March 30, and inspections haven't ...

Posted on 13 April 2021 | 11:26 pm

Microsoft Patch Tuesday, April 2021 Edition

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server -- the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.

Posted on 13 April 2021 | 11:12 pm

Microsoft Patch Tuesday, April 2021 Edition

Microsoft today released updates to plug at least 110 security holes in its · Windows operating systems and other products. · Microsoft Exchange Server — ...

Posted on 13 April 2021 | 11:03 pm

Capcom Releases New Statement on Cyberattack

Capcom Group has officially confirmed a ransomware attack that has affected personal and corporate information from Japanese and US offices. By ...

Posted on 13 April 2021 | 10:52 pm

SWFL public defender says 'no evidence' info was compromised in malware attack

While systems aren't fully back to normal yet, Smith told WINK News the cybersecurity team hired to handle the malware intrusion is making progress. As ...

Posted on 13 April 2021 | 10:52 pm

Why Network Detection and Response Belongs in Your 2021 Strategy

The lessons learned during this transition year should be applied to your future strategy. To help inform your security efforts in 2021, you can download ...

Posted on 13 April 2021 | 10:49 pm

Google Patches More Under-Attack Chome Zero-days

Google’s problems with in-the-wild Chrome browser zero-days appear to be multiplying by the month.

read more

Posted on 13 April 2021 | 10:46 pm

Capcom: Ransomware gang used old VPN device to breach the network

Capcom has released a fianl update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, ...

Posted on 13 April 2021 | 10:41 pm

US directs agencies to apply patches to Microsoft servers

WASHINGTON (Reuters) - The top cybersecurity official in the White House on Tuesday directed all government agencies to urgently apply new ...

Posted on 13 April 2021 | 10:41 pm

Crosspoint raises a $1.3 billion mega-fund focused just on cybersecurity

Crosspoint raises a $1.3 billion mega-fund focused just on cybersecurity. By Investable UniverseApril 13, 2021No Comments.

Posted on 13 April 2021 | 10:41 pm

China Poses Biggest Threat to US, Intelligence Report Says

While much of the report describes traditional national security challenges, it also gives far more attention to climate change and global health than ...

Posted on 13 April 2021 | 10:30 pm

Kansas Remote Tampering Case Raises Water Treatment Concerns

The incident, and others like it, raise serious cybersecurity concerns. by Jonathan Shorman and Steve Vockrodt, The Kansas City Star / April 13, 2021.

Posted on 13 April 2021 | 10:30 pm

BookTrib's BookBites: Hollywood, Cybersecurity, History and Classical Greek

Cyberjutsu is an approachable and enlightening guide to modern cyber security and espionage, based on secret techniques shared in ancient ...

Posted on 13 April 2021 | 10:18 pm

This security flaw affects both Google Chrome and Microsoft Edge

While this zero-day vulnerability has already been publicly disclosed, it has not yet been patched in the latest version of Chrome or Edge. Security ...

Posted on 13 April 2021 | 10:18 pm

This security flaw affects both Google Chrome and Microsoft Edge

A security researcher has published a proof-of-concept (PoC) exploit on Twitter ... Security researcher Rajvardhan Agarwal created the PoC exploit for a ... code execution vulnerabilities from launching programs on a host computer.

Posted on 13 April 2021 | 10:18 pm

Hillicon Valley: Microsoft (re)patch requested | International cyber threats growing | New York ...

Today: Federal agencies urged organizations running a Microsoft email application to immediately patch their systems to prevent hackers from exploiting ...

Posted on 13 April 2021 | 9:56 pm

Cyber Attack Shuts Down Hillsborough School System Computer Network

"Our technology team continues to work methodically with cybersecurity experts and law enforcement to establish a timetable for the completion of the ...

Posted on 13 April 2021 | 9:56 pm

Cyber Attack Shuts Down Hillsborough Schools Computer Network

HILLSBOROUGH, NJ - A cyber attack shut down the entire township school system on Monday with local and federal investigators working to pinpoint ...

Posted on 13 April 2021 | 9:56 pm

Cyber Attack Shuts Down Hillsborough Schools Computer Network

HILLSBOROUGH, NJ - A cyber attack shut down the entire township school system on Monday with local and federal investigators working to pinpoint ...

Posted on 13 April 2021 | 9:56 pm

Cyber Attack Shuts Down Hillsborough School System Computer Network

Due to the nature of the cyber attack and potential instability of the network, posting to virtual is not possible at this time. Therefore, all schools will be ...

Posted on 13 April 2021 | 9:56 pm

Cyber Attack Shuts Down Hillsborough School System Computer Network

"Our technology team continues to work methodically with cybersecurity experts and law enforcement to establish a timetable for the completion of the ...

Posted on 13 April 2021 | 9:56 pm

Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange ...

Through January and February 2021, certain hacking groups exploited ... “Combatting cyber threats requires partnerships with private sector and ...

Posted on 13 April 2021 | 9:45 pm

Video: 10 Minute IT Jams - SonicWall VP on the cybersecurity lessons learned from the last 12 ...

This is our seventh IT Jam with SonicWall, the cybersecurity company specialising in firewall, network security, cloud security and more. Returning for ...

Posted on 13 April 2021 | 9:45 pm

Sonrai Among Identity Management Organizations of the Year

About National Cyber Security Alliance (NCSA)The National Cyber Security ... safe and secure online and encourage a culture of cybersecurity.

Posted on 13 April 2021 | 9:45 pm

Sonrai Among Identity Management Organizations of the Year

The awards are part of today's first-ever Identity Management Day, hosted by the IDSA in partnership with the National Cyber Security Alliance (NCSA) ...

Posted on 13 April 2021 | 9:45 pm

Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange ...

This operation removed one early hacking group's remaining web shells ... Additionally, the FBI and the Cybersecurity and Infrastructure Security ...

Posted on 13 April 2021 | 9:45 pm

Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt

Over the weekend, Sonatype spotted a rather unique malware sample published to the npm registry, within a day of its release on npm. The malware ...

Posted on 13 April 2021 | 9:45 pm

Experts see 'unprecedented' increase in hackers targeting electric grid

The cybersecurity of the electric grid has been an area of increasing ... had the ability to "launch cyber attacks that, at a minimum, can cause localized, ...

Posted on 13 April 2021 | 9:36 pm

ABA, Financial Groups Raise Concerns about Cyber Incident Notification Proposal

The proposal defines a computer-security incident as an occurrence that results in actual or potential harm to the confidentiality, integrity or availability ...

Posted on 13 April 2021 | 9:29 pm

Trove of Online LinkedIn User Data Fuels LinkedIn's Anti-Scraping Position

Throughout the litigation and most recently in its Counterclaims filed against hiQ in the case, LinkedIn has outlined the data privacy considerations and ...

Posted on 13 April 2021 | 9:22 pm

Virginia Becomes Second State to Enact Comprehensive Data Privacy Law

The VCDPA shares common features with the CCPA, but its terminology more closely resembles the European Union's General Data Protection ...

Posted on 13 April 2021 | 9:22 pm

SolarWinds spends $18 mn in 3 months after cyber attack

SolarWinds has hired cybersecurity company CrowdStrike Holdings and professional services firm KPMG to help it investigate the intrusions.

Posted on 13 April 2021 | 9:22 pm

SAP Releases April 2021 Security Updates

Original release date: April 13, 2021

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the SAP Security Notes for April 2021 and apply the necessary updates.
 

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 13 April 2021 | 9:09 pm

Capcom shares results of ransomware investigation, reveals what data was and wasn't accessed

Capcom today issued its final report on the security breach it suffered back in November 2020, detailing what it has learned about the attack following ...

Posted on 13 April 2021 | 9:00 pm

Parking app used across metro says data breach accessed info including license plates, addresses

ATLANTA — A popular app used to pay for public parking across the metro says it has been the victim of a data breach. On its website, ParkMobile ...

Posted on 13 April 2021 | 9:00 pm

Optus creates senior leadership role spanning national and cyber security ops

In preparation for government's critical infrastructure reforms. Optus is creating a new senior leadership role to integrate its cyber security and national ...

Posted on 13 April 2021 | 8:48 pm

Top Graduate Business Schools in Metro Detroit

Graduate programs: MBA program is offered both online and on campus with concentrations in business analytics, cybersecurity, finance, information ...

Posted on 13 April 2021 | 8:48 pm

The Biggest Breaches and Data Leaks of 2020

Looking ahead to 2021 and beyond it???s critical that organizations continue to pivot and improve their security; with the right combination of secure ...

Posted on 13 April 2021 | 8:37 pm

The Biggest Breaches and Data Leaks of 2020

Looking ahead to 2021 and beyond it???s critical that organizations continue to pivot and improve their security; with the right combination of secure ...

Posted on 13 April 2021 | 8:37 pm

Tension between antitrust and privacy law? Industry input to software security rules sought. A right ...

"Palo Alto Networks commends the nominations of Chris Inglis as National Cyber Director, Jen Easterly as Director of the Cybersecurity and ...

Posted on 13 April 2021 | 8:26 pm

APT27 continues targeting the gambling industry. New APT34 activity. Malicious code in APKPure ...

Malware campaign abuses contact forms. New Lazarus backdoor. New APT34 activity. Check Point says the Iranian threat actor APT34 (also known as ...

Posted on 13 April 2021 | 8:26 pm

Report on Patient Privacy Volume 21, Number 4. Privacy Briefs: April 2021

A Texas Medicaid subcontractor has been terminated after a data breach caused by a ransomware attack originating from Russia exposed the personal ...

Posted on 13 April 2021 | 8:26 pm

DOWNLOAD torrent

EXE, it means that the file was removed by your Antivirus or Windows Defender. Antivirus does not like cracking; so disable it while downloading and ...

Posted on 13 April 2021 | 8:26 pm

Lawsuit accuses Berks-based drug treatment program of failing to protect patient information from ...

"PAATC's (Pennsylvania Adult & Teen Challenge's) use of outdated and insecure computer systems and software that are easy to hack, and its failure to ...

Posted on 13 April 2021 | 8:26 pm

Federal agencies urge groups to patch systems over new Microsoft vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) updated its emergency directive issued in March after the first Exchange Server ...

Posted on 13 April 2021 | 8:23 pm

BCPS takes responsibility for data breach that affected teachers

More than 2,500 of Baltimore County Public School system employees have had their personal information compromised and the district said it's their ...

Posted on 13 April 2021 | 8:15 pm

Microsoft 365 Data Protection – It's Not Just Backup

The state-of-the-art security infrastructure and processes protecting Microsoft 365 datacenters make them virtually impossible to breach directly.

Posted on 13 April 2021 | 8:15 pm

McAfee: COVID-Related Threats, PowerShell Attacks Lead Malware Surge

Researchers measured 648 new malware threats every minute during Q4 2020. Surging numbers of COVID-themed attacks, PowerShell trojans, along ...

Posted on 13 April 2021 | 8:15 pm

Why You Need a Clear Phishing Prevention Plan for Your Business

Can it actually help mitigate an attack? When we discuss cybersecurity, perhaps because of its already storied history, we tend to think of viruses ...

Posted on 13 April 2021 | 8:15 pm

Microsoft Patch Tuesday fixes five zero-day flaws — update now

Microsoft has fixed five "zero-day" flaws with its latest Patch Tuesday updates released today (April 13), including one that is actively being exploited ...

Posted on 13 April 2021 | 8:14 pm

emt Distribution adds Orchestra Group to cybersecurity portfolio

Orchestra Group's cybersecurity offerings include the Harmony IoT platform, which is able to detect and prevent airborne threats through attack ...

Posted on 13 April 2021 | 8:06 pm

IC warns that US adversaries are ramping up cyber attacks

IC warns that U.S. adversaries are ramping up cyber attacks. By Justin Katz; Apr 13, 2021. global cyberattacks (ioat/Shutterstock.com). In its first publicly ...

Posted on 13 April 2021 | 8:03 pm

Deer Isle Man Pleads Guilty to Possessing Child Pornography

Investigators seized the devices, including cell phones and a computer, ... Homeland Security Investigations and the Maine State Police Computer ...

Posted on 13 April 2021 | 8:03 pm

Deer Isle Man Pleads Guilty to Possessing Child Pornography

... 38, possessed electronic devices containing child exploitation material. Investigators seized the devices, including cell phones and a computer, from ...

Posted on 13 April 2021 | 8:03 pm

IC warns that US adversaries are ramping up cyber attacks

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle ...

Posted on 13 April 2021 | 8:03 pm

Montefiore Issues Letters to Patients About Security Breach & Potential Identity Theft

NEW YORK, April 13, 2021 /PRNewswire/ -- Today, Montefiore Medical Center is notifying some patients about a security breach involving information ...

Posted on 13 April 2021 | 7:52 pm

Size isn't everything when it comes to banks' cybersecurity: Fitch

“Larger banks are more likely to have complex and also legacy IT infrastructure compared to smaller banks, which could increase cybersecurity risk if ...

Posted on 13 April 2021 | 7:52 pm

Russia launched over a million cyber attacks in three months

Unit 42 security researchers looked at network attack trends from last winter and found 1.3 million — a large majority of them — seemed to originate ...

Posted on 13 April 2021 | 7:41 pm

Third-party breaches affect crypto exchange and healthcare system. The ShinyHunters return. Data ...

The firm says it is improving its security procedures and is contacting all ... has been compromised. , , Upstox, hacking, data breach, cyber security, ...

Posted on 13 April 2021 | 7:41 pm

Third-party breaches affect crypto exchange and healthcare system. The ShinyHunters return. Data ...

Data breaches reported at Indian companies. Summary. By the CyberWire staff. At a glance. Third-party breach affects cryptocurrency exchange.

Posted on 13 April 2021 | 7:41 pm

Third-party breaches affect crypto exchange and healthcare system. The ShinyHunters return. Data ...

Security researcher Rajshekhar Rajaharia discovered the breach when he encountered the data for sale on the dark web. The thieves claim they used ...

Posted on 13 April 2021 | 7:41 pm

Davis Wright Tremaine adds cyber vet to head information security group

Davis Wright Tremaine has nabbed cybersecurity veteran Michael Borgia to lead its information security group, adding to a practice area that has seen ...

Posted on 13 April 2021 | 7:40 pm

Davis Wright Tremaine adds cyber vet to head information security group

Davis Wright Tremaine has nabbed cybersecurity veteran Michael Borgia to lead its information security group, adding to a practice area that has seen ...

Posted on 13 April 2021 | 7:40 pm

Audit: Unemployment fraud likely higher than $647 million

The office said it had identified $4.5 billion of potentially fraudulent payments to people who used the same Social Security numbers to apply in different ...

Posted on 13 April 2021 | 7:37 pm

Swedish Sports Body Hacked by Russians, Officials Say

The organization that oversees Sweden’s national sports federations was hacked by Russian military intelligence in 2017-18, officials said Tuesday, in a data-breaching campaign that also affected some of the world’s leading sporting bodies, including FIFA and the World Anti-Doping Agency.

read more

Posted on 13 April 2021 | 7:34 pm

Agencies Have Till Midnight April 15 to Apply New Microsoft Exchange Patches

"Cybersecurity is national security,” NSA Cybersecurity Director Rob Joyce said in an email linking to a Microsoft blog post on the vulnerabilities ...

Posted on 13 April 2021 | 7:34 pm

Thycotic and Centrify Merge to Become a Leading Cloud Privileged Identity Security Vendor

PAM, one of the fastest-growing areas in cyber-security today, is expected to double from $2.2B to $5.4B by 2025, according to KuppingerCole.

Posted on 13 April 2021 | 7:30 pm

Thycotic and Centrify Merge to Become a Leading Cloud Privileged Identity Security Vendor

PAM, one of the fastest-growing areas in cyber-security today, is expected to double from $2.2B to $5.4B by 2025, according to KuppingerCole.

Posted on 13 April 2021 | 7:30 pm

Risk startup LogicGate confirms data breach

LogicGate says its Risk Cloud can also help find security vulnerabilities before they are exploited by malicious hackers. The credentials “appear to have ...

Posted on 13 April 2021 | 7:30 pm

NIWC Atlantic 'team of teams' receives prestigious award for accelerated cloud migration

A Naval Information Warfare Center (NIWC) Atlantic team received a ... Cyber Security Division, and Program Resource Management Division.

Posted on 13 April 2021 | 7:18 pm

Strong cybersecurity to build trust in a digital world

Rising digitisation is increasing the risks posed by cyber threats. If governments cannot ensure secure and trusted digital connectivity in a data driven ...

Posted on 13 April 2021 | 7:18 pm

Statement from Deputy National Security Advisor for Cyber & Emerging Technologies Anne ...

Cybersecurity is a top priority for the Biden Administration and we're committed to sharing actionable and timely information to help the American ...

Posted on 13 April 2021 | 7:18 pm

Statement from Deputy National Security Advisor for Cyber & Emerging Technologies Anne ...

Cybersecurity is a top priority for the Biden Administration and we're committed to sharing actionable and timely information to help the American ...

Posted on 13 April 2021 | 7:18 pm

Strong cybersecurity to build trust in a digital world

However, Bangladesh's cybersecurity was compromised as recently as this week, when over 200 organisations in Bangladesh suffered cyberattacks, ...

Posted on 13 April 2021 | 7:18 pm

Iran Seeking Vengeance For Alleged Cyber Attack By Israel, Could Have Been Catastrophic

Iran is livid at an attack done at their underground nuclear site last Apr. 11. The cyberattack was reportedly carried out by eternal enemy Israel and ...

Posted on 13 April 2021 | 7:18 pm

New Possibilities for UMD's Original Science Building

“SCSE students work with and learn from our faculty who are doing amazing research in areas such as robotics, cyber security, virtual reality, drug ...

Posted on 13 April 2021 | 7:15 pm

Breaches Detected Faster, But Ransomware Surge a Major Factor: FireEye

Data from FireEye’s Mandiant incident response division shows that the time it takes organizations to detect a malicious hacker attack continues to drop, but it’s not only due to better threat detection capabilities. 

read more

Posted on 13 April 2021 | 7:08 pm

NSA discovers critical Exchange Server vulnerabilities, patch now

"Cybersecurity is national security. Network defenders now have the knowledge needed to act, but so do adversaries and malicious cyber actors," Rob ...

Posted on 13 April 2021 | 7:07 pm

Over Half of Malware Delivered via Cloud Applications

Malware actors aren't struggling to adapt their attack campaigns to cloud applications. If they were, then they probably wouldn't have sent 61% of their ...

Posted on 13 April 2021 | 7:07 pm

NSA discovers critical Exchange Server vulnerabilities, patch now

"Don't give them the opportunity to exploit this vulnerability on your system." Exploitation is likely. The flaws affect on-premise Exchange Server versions ...

Posted on 13 April 2021 | 7:07 pm

Massachusetts RMV extends inspection sticker grace period through May as vendor still hasn't ...

The state has been unable to issue new inspection stickers since March 30 after a malware attack on the state's vendor, Applus Technologies, caused ...

Posted on 13 April 2021 | 6:56 pm

Cybersecurity Services Market to be Worth $192.7bn

The proliferation of smartphones and the continued rollout of high-speed internet networks is also expected to boost the cybersecurity services market by ...

Posted on 13 April 2021 | 6:56 pm

Cybersecurity Services Market to be Worth $192.7bn

Factors expected to drive the growth of the market size include the predicted continuance of cybersecurity breaches impacting enterprises and ...

Posted on 13 April 2021 | 6:56 pm

Former DHS Leader Shares Details on SolarWinds Attack

Ferguson is the managing editor for the news desk at Information Security Media Group. He's been covering the IT industry for more than 13 years.

Posted on 13 April 2021 | 6:45 pm

Cyber-Attack Shutters Half of Tasmania's Casinos

Federal Group has launched an internal investigation into the attack and recruited third-party cybersecurity experts to help determine the extent of the ...

Posted on 13 April 2021 | 6:45 pm

Cyber-Attack Shutters Half of Tasmania's Casinos

Federal Group has launched an internal investigation into the attack and recruited third-party cybersecurity experts to help determine the extent of the ...

Posted on 13 April 2021 | 6:45 pm

RMV Extends Grace Period For Expired Inspection Stickers

Baker said that "to the best of our knowledge" no consumer information has "ended up anywhere in the public domain" as a result of the cyber attack, ...

Posted on 13 April 2021 | 6:33 pm

RMV Extends Grace Period For Expired Inspection Stickers

The Massachusetts Registry of Motor Vehicles on Tuesday extended a grace period for certain extended inspection stickers after a malware attack on ...

Posted on 13 April 2021 | 6:33 pm

MS Patch Tuesday: NSA Reports New Critical Exchange Flaws

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks.

read more

Posted on 13 April 2021 | 6:26 pm

Microsoft releases Windows 10 builds 19042.928, 18363.1500 - here's what's new

Today is Patch Tuesday, meaning that it's the second Tuesday of the month and that it's time for Microsoft to push out a ton of updates. Indeed, every ...

Posted on 13 April 2021 | 6:22 pm

Windows 10 April Patch Tuesday [DIRECT DOWNLOAD LINKS]

Each version of Windows 10 has a different cumulative update, each with its own changelog. We will be providing you with these changelogs, as well as ...

Posted on 13 April 2021 | 6:22 pm

Biden makes key cyber security nominations at Homeland Security

Jen Easterly is his choice for the Cybersecurity and Security Agency director, while John Tien is his pick for deputy secretary at the DHS. Easterly ...

Posted on 13 April 2021 | 6:22 pm

How Financial Advisors Can Combat The Growing Risk Of Hacking

Over the past few years, financial firms have been investing more to protect themselves from cyberattack, with a 15% increase in 2020. But with the ...

Posted on 13 April 2021 | 6:22 pm

Tax Phish Swims Past Google Workspace Email Security

A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. The campaign is ...

Posted on 13 April 2021 | 6:22 pm

New Linux, macOS malware hidden in fake Browserify NPM package

Moreover, as of today, the ELF malware contained with the component has a zero detection rate by all leading antivirus engines. Spawns a persistent, ...

Posted on 13 April 2021 | 6:11 pm

The April Patch Tuesday updates focus on Exchange Server attacks

Patch Tuesday comes once a month bringing security updates to all versions of Windows 10. The April Patch Tuesday Updates mainly address the ...

Posted on 13 April 2021 | 6:11 pm

NSA says it found new critical vulnerabilities in Microsoft Exchange Server

The National Security Agency on Tuesday said it alerted Microsoft to a fresh batch of critical vulnerabilities that hackers could exploit to remotely ...

Posted on 13 April 2021 | 6:01 pm

Massachusetts Registry of Motor Vehicles extends expired inspection sticker grace period

... a grace period for some motor vehicle inspections, as the company it contracts with continues to experience issues following a malware attack.

Posted on 13 April 2021 | 5:52 pm

Adobe Patches Critical Code Execution Vulnerabilities in Photoshop, Bridge

Adobe on Tuesday announced patches for vulnerabilities in four of its products, including critical code execution flaws affecting Photoshop and Bridge.

read more

Posted on 13 April 2021 | 5:51 pm

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days

There are also five zero-day vulnerabilities patched today that were publicly disclosed, with one known to be used in attacks. To make matters worse, ...

Posted on 13 April 2021 | 5:37 pm

'Counter Strike' Bug Allows Hackers to Take Over a PC With a Steam Invite

Hackers could take control of victims' computers just by tricking them into clicking on a Steam invite to play Counter Strike: Global Offensive, according ...

Posted on 13 April 2021 | 5:37 pm

'Do not download': Android users warned of malware via fake Netflix app

The National Information Technology Board on Tuesday warned Android users of a malware threat via a fake Netflix app named "FlixOnline". "Do not ...

Posted on 13 April 2021 | 5:37 pm

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days

Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities.

Posted on 13 April 2021 | 5:37 pm

Intel Report: Global Fallout From Pandemic Will Be Devastating

The 2020 report, known as the Annual Threat Assessment, was released ... threat. And the report notes how a Russian supply chain hacking operation ...

Posted on 13 April 2021 | 5:37 pm

Clubhouse Denies Data Breach but API Does Mean User Information is Public

Clubhouse has denied a breach caused data for 1.3 million users to appear online, but it seems the app's API leaves customer information exposed.

Posted on 13 April 2021 | 5:35 pm

C-DAC announces new cyber security centre, software solutions to aid development for ...

The cyber security centre — Cyber Security Operation Centre (CSoC) — is a 6000 square feet centre in Thiruvananthapuram, that the government ...

Posted on 13 April 2021 | 5:26 pm

Cybersecurity Vendor Darktrace Eyes IPO Amid Surging Sales

British cybersecurity firm Darktrace reveals growing revenue, fluctuating losses, and a significant channel sales motion in its IPO filings, with partners ...

Posted on 13 April 2021 | 5:26 pm

C-DAC announces new cyber security centre, software solutions to aid development for ...

It will include a centralized security monitoring system that will aim to respond to all cybersecurity incidents and provide advanced threat detection for ...

Posted on 13 April 2021 | 5:26 pm

C-DAC announces new cyber security centre, software solutions to aid development for ...

It will include a centralized security monitoring system that will aim to respond to all cybersecurity incidents and provide advanced threat detection for ...

Posted on 13 April 2021 | 5:26 pm

Detecting the "Next" SolarWinds-Style Cyber Attack

The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual

Posted on 13 April 2021 | 5:21 pm

Biden's National Security Team Lists Leading Threats, With China At The Top

The Biden administration is expected to keep this focus as well but is also expected to devote more attention to threats that include cybersecurity, ...

Posted on 13 April 2021 | 5:15 pm

SAFR facial recognition integrated with Geutebrück G-Core VMS for security monitoring

Brad Donaldson, VP, Computer Vision and GM at SAFR said: “Manual monitoring is expensive and inefficient. AI can perform real-time, automated ...

Posted on 13 April 2021 | 5:15 pm

Fortune 500s Hit by MS Exchange Breach Maybe Still Unaware

Jonathan Cran, founder and CEO of Intrigue, a cybersecurity startup based in Austin, Texas, used his company's network security tools to compile a list ...

Posted on 13 April 2021 | 5:15 pm

WPI Announces New Master's in Cyber Security; Program Targets Global Shortage of Cyber ...

In its ongoing effort to help combat a global shortage in cyber security professionals, Worcester Polytechnic Institute (WPI) has created a Master's in ...

Posted on 13 April 2021 | 5:03 pm

Professional School of Industrial Cybersecurity Now Offered in English

Summary · T01. Workshop Maturity Assessment of Cybersecurity Process in Industrial Organizations (6 hours – Online) · ​T02. Workshop of Diagnosis of ...

Posted on 13 April 2021 | 5:03 pm

Illinois attorney general's office investigating hack of its computer network

The Illinois attorney general's office is investigating a hack of its computer network that was discovered over the weekend, officials said Tuesday.

Posted on 13 April 2021 | 5:03 pm

WPI Announces New Master's in Cyber Security; Program Targets Global Shortage of Cyber ...

In its ongoing effort to help combat a global shortage in cyber security professionals, Worcester Polytechnic Institute (WPI) has created a Master's in ...

Posted on 13 April 2021 | 5:03 pm

WPI Announces New Master's in Cyber Security; Program Targets Global Shortage of Cyber ...

In its ongoing effort to help combat a global shortage in cyber security professionals, Worcester Polytechnic Institute (WPI) has created a Master's in ...

Posted on 13 April 2021 | 5:03 pm

Seclore Achieves Phenomenal Growth in Data-Centric Security Adoption, Expands Executive Team

“The need for data-centric security has never been greater as organizations look to meet privacy regulations for personal data in the cloud”. Tweet this.

Posted on 13 April 2021 | 5:03 pm

WPI Announces New Master's in Cyber Security; Program Targets Global Shortage of Cyber ...

In its ongoing effort to help combat a global shortage in cyber security professionals, Worcester Polytechnic Institute (WPI) has created a Master's in ...

Posted on 13 April 2021 | 5:03 pm

Illinois Attorney General computer system breached early Saturday morning

Data breaches outside the state network lead to fraud in the Illinois Department of Employment Security last year. Many residents received ...

Posted on 13 April 2021 | 5:00 pm

Apply Microsoft April 2021 Security Update to Mitigate Newly Disclosed Microsoft Exchange Vulnerabilities

Original release date: April 13, 2021

Microsoft's April 2021 Security Update mitigates significant vulnerabilities affecting on-premises Exchange Server 2016 and 2019. An attacker could exploit these vulnerabilities to gain access and maintain persistence on the target host. CISA strongly urges organizations to apply Microsoft's April 2021 Security Update to mitigate against these newly disclosed vulnerabilities. Note: the Microsoft security updates released in March 2021 do not remediate against these vulnerabilities.

In response to these the newly disclosed vulnerabilities, CISA has issued Supplemental Direction Version 2 to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities. ED 20-02 Supplemental Direction V2 requires federal departments and agencies to apply Microsoft's April 2021 Security Update to mitigate against these significant vulnerabilities affecting on-premises Exchange Server 2016 and 2019.

Although CISA Emergency Directives only apply to Federal Civilian Executive Branch agencies, CISA strongly encourages state and local governments, critical infrastructure entities, and other private sector organizations to review ED 21-02 Supplemental Direction V2 and apply the security updates immediately. Review the following resources for additional information:

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 13 April 2021 | 4:41 pm

Millions of connected devices have security flaws, study shows

Cybersecurity company Forescout and JSOF on Tuesday said they uncovered nine different bugs in several popular software tools that are used within ...

Posted on 13 April 2021 | 4:41 pm

China push for global power tops US security threats: intelligence report

It said China possesses substantial cyber-attack capabilities that, at a minimum, can cause localized, temporary disruptions to critical infrastructure ...

Posted on 13 April 2021 | 4:41 pm

Millions of connected devices have security flaws, study shows

Cybersecurity company Forescout and JSOF on Tuesday said they uncovered nine different bugs in several popular software tools that are used within ...

Posted on 13 April 2021 | 4:41 pm

China push for global power tops US security threats: intelligence report

It said China possesses substantial cyber-attack capabilities that, at a minimum, can cause localized, temporary disruptions to critical infrastructure ...

Posted on 13 April 2021 | 4:41 pm

Adobe Releases Security Updates

Original release date: April 13, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 13 April 2021 | 4:30 pm

Two Key Areas of Cybersecurity Vulnerability in Manufacturing

According to “2021 Cybersecurity: Assess Your Risk,” a new report from PMMI Business Intelligence, the first and most important step a manufacturer ...

Posted on 13 April 2021 | 4:30 pm

Two Key Areas of Cybersecurity Vulnerability in Manufacturing

According to “2021 Cybersecurity: Assess Your Risk,” a new report from PMMI Business Intelligence, the first and most important step a manufacturer ...

Posted on 13 April 2021 | 4:30 pm

Baker expects inspections vendor to compensate stations

Brookfield, Wisconsin-based Applus Technologies sustained a malware attack on March 30 and the technology platform that it operates in eight states to ...

Posted on 13 April 2021 | 4:18 pm

Cyber attack disrupts State online services

A cyber attack resulted in disruptions to some of Government's online ... and Computing (ITC) Services internationally-recognised security protocols.

Posted on 13 April 2021 | 4:07 pm

GIAC Certifications Announces New Cloud Security Essentials Certification

As enterprise and governmental organizations move to cloud solutions for their business the need to hire and train cybersecurity professionals with ...

Posted on 13 April 2021 | 4:07 pm

GIAC Certifications Announces New Cloud Security Essentials Certification

As enterprise and governmental organizations move to cloud solutions for their business the need to hire and train cybersecurity professionals with ...

Posted on 13 April 2021 | 4:07 pm

Turning Down the Noise: Adding Context to the SIEM With Modern Data Security

You don't want a team too tired and overwhelmed to do their jobs. In fact, 83% of cybersecurity experts report suffering from alert fatigue. IBM, as an ...

Posted on 13 April 2021 | 4:07 pm

GIAC Certifications Announces New Cloud Security Essentials Certification

As enterprise and governmental organizations move to cloud solutions for their business the need to hire and train cybersecurity professionals with ...

Posted on 13 April 2021 | 4:07 pm

GIAC Certifications Announces New Cloud Security Essentials Certification

As enterprise and governmental organizations move to cloud solutions for their business the need to hire and train cybersecurity professionals with ...

Posted on 13 April 2021 | 4:07 pm

Sorting out the sabotage at Natanz. NAME:WRECK DNS vulnerabilities described. W-2 Form ...

Israel Reportedly Behind Cyberattack That Caused Blackout at Iran Nuclear Facility (Slate Magazine) The apparent attack came shortly after Iran said it ...

Posted on 13 April 2021 | 4:07 pm

Intrigue Funded to Develop New Attack Surface Management Platform

Startup information security firm Intrigue on Tuesday announced a US$2 million seed round led by LiveOak Venture Partners for a new attack service ...

Posted on 13 April 2021 | 3:59 pm

DFS Enters Into $1.5 Million Consent Order With Residential Mortgage Company In Wake of ...

These measures include a cyber-security incident response plan, a cybersecurity risk assessment within 90 days of the order, and training and ...

Posted on 13 April 2021 | 3:56 pm

Healthcare Organizations: Moving to High Alert for Ransomware

What's more, funding for cybersecurity in healthcare has typically been ... There is always a better place to spend money than on computer security.

Posted on 13 April 2021 | 3:56 pm

Avast Joins Microsoft MISA

Avast's anti-malware platform protects hundreds of millions of endpoints from internet threats based on advanced analytics powered by threat ...

Posted on 13 April 2021 | 3:56 pm

DNS Flaws in Millions of IoT Devices Pose Remote Attack, Exfiltration Risk

... IoT devices pose a critical risk of hacking or remote code execution attacks, according to a new report from Forescout Research Labs and JSOF.

Posted on 13 April 2021 | 3:33 pm

Detect and remove malware in Windows 10 for free with this Microsoft tool | Technology

Among them, Microsoft Defender stands out, its free antivirus for Windows 10, although it is not the only one. A few days ago we already explained the ...

Posted on 13 April 2021 | 3:11 pm

1Password Launches Secrets Automation and Makes Acquisition to Protect Infrastructure Secrets

1Password Secrets Automation launches with a host of partnerships and integrations that will make it easy for developers and DevOps teams to ...

Posted on 13 April 2021 | 3:00 pm

China poses the biggest threat to the US, a new intelligence report says.

Visitors looking at artificial intelligence security cameras with facial recognition technology at the China International Exhibition on Public Safety and ...

Posted on 13 April 2021 | 2:45 pm

The Journalist and the Whistleblower

But for an investigative reporter, it is all-important. Yet for today's investigative reporters, particularly in the field of national security reporting, being good ...

Posted on 13 April 2021 | 2:37 pm

Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices

An exploit is now publicly available for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system.

read more

Posted on 13 April 2021 | 1:50 pm

Chrome Zero-Day Exploit Posted on Twitter

Google is expected to release a new Chrome version —including security fixes— sometime on Tuesday, though it's unclear if patches for the bug will be ...

Posted on 13 April 2021 | 1:30 pm

CISA Details Malware Found on Hacked Exchange Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week published details on additional malware identified on compromised Microsoft Exchange servers, namely China Chopper webshells and DearCry ransomware.

read more

Posted on 13 April 2021 | 1:08 pm

Technology Innovations in computer security

Cyber attacks are really strong, and attackers exploit all vulnerabilities. This option characterizes an innovation to improve digital security.

Posted on 13 April 2021 | 12:41 pm

Technology Innovations in computer security

Employers began training employees to make their home networks and devices more protected. There is antivirus software for the smooth operation of ...

Posted on 13 April 2021 | 12:33 pm

PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers

A researcher has made public a proof-of-concept (PoC) exploit for a recently discovered vulnerability affecting Chrome, Edge and other Chromium-based web browsers.

read more

Posted on 13 April 2021 | 12:32 pm

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed "NAME:WRECK" by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security

Posted on 13 April 2021 | 12:24 pm

Small Kansas Water Utility System Hacking Highlights Risks

A former Kansas utility worker has been charged with remotely tampering with a public water system’s cleaning procedures, highlighting the difficulty smaller utilities face in protecting against hackers.

read more

Posted on 13 April 2021 | 12:01 pm

Hackers Using Website's Contact Forms to Deliver IcedID Malware

Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. "The emails instruct recipients to click a link to review

Posted on 13 April 2021 | 11:51 am

Global Antivirus Tools Market 2021-2025: Symantec, Avira, McAfee, Avast Software, ESET, Trend ...

Global Antivirus Tools Market 2021-2025: Symantec, Avira, McAfee, Avast Software, ESET, Trend Micro, F-Secure, Bitdefender, G DATA Software, ...

Posted on 13 April 2021 | 10:41 am

Do You Know What The Most Common Cybersecurity Threats Are?

Nearly 155.8 million individuals and companies worldwide experienced some form of cyber-attack or threat due to inadequate digital security.

Posted on 13 April 2021 | 10:07 am

Average US Internet User Is Locked Out of 10 Accounts Per Month

Which is not a shock, since the data in this story was commissioned by SWNS/OnePoll on behalf of LastPass, one of our recommended password ...

Posted on 13 April 2021 | 9:00 am

Spain Warns It Needs Thousands MORE Professional Hackers To Protect Us From Cyber Attacks

In case you don't think cyber attacks are a threat, then consider this, everyday life could be halted by a serious cyber attack. Take a moment to consider ...

Posted on 13 April 2021 | 8:03 am

BRATA Malware Poses as Android Security Scanners on Google Play Store

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm

Posted on 13 April 2021 | 7:19 am

Kaspersky presents Cyber Immune IoT gateway at Hannover Messe

Therefore, there is no need for additional protection for the gateway and connected equipment, such as antivirus, device control, or data diode ...

Posted on 13 April 2021 | 7:07 am

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers. It is believed

Posted on 13 April 2021 | 6:33 am

Hackers Tampered With APKPure Store to Distribute Malware Apps

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In a supply-chain attack similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting

Posted on 13 April 2021 | 6:22 am

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI). Targets with successful attempts included Zoom, Apple

Posted on 13 April 2021 | 6:22 am

Get the Windows 10 April Patch Tuesday updates today

Today at 10 AM PST Microsoft is scheduled to realize their monthly Patch Tuesday updates. We will be looking at what last month's updates brought to ...

Posted on 13 April 2021 | 6:00 am

Identity Management Software Market 2021-2028 SWOT Analysis, by Key Players: OneLogin, Okta ...

... Players: OneLogin, Okta, PortalGuard, Centrify, Duo Security, PeoplePlatform, Bitium, PracticeProtect, Meldium by LogMeln, Dashlane Business.

Posted on 13 April 2021 | 6:00 am

Why Wales Residents Should Be Using a VPN

VPNs are just as important as antivirus software since they provide a direct way to protect your privacy on the internet. However, many Welsh internet ...

Posted on 13 April 2021 | 5:48 am

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim. The

Posted on 13 April 2021 | 5:39 am

Sales Agent/Client Manager

If you don't already know about domains, website hosting, SSLs, Antivirus and other related products, this position is definitely not for you!

Posted on 13 April 2021 | 5:37 am

Brokerage firm Upstox hacked, 25-30 lakh users' data at risk

However, cyber security researchers said at least 25-30 lakh users may be affected and the hacker is asking $1.2 million ransom. According to ...

Posted on 13 April 2021 | 4:07 am

Grambling Grad Getting Louisiana's 1st Cybersecurity Degree

A Grambling State University student is about to get Louisiana’s first bachelor’s degree in cybersecurity at a time when data breaches are making headlines.

Alexis White of Arcadia already has a degree in biology. She earned it in 2018 — the year Grambling won approval for the state’s only bachelor’s degree program in cybersecurity.

read more

Posted on 13 April 2021 | 3:36 am

Password Management Software Market Size 2021, by Leading Players: KeePass, LogMeIn ...

... RoboForm, 1Password, Trend Micro, TeamPassword, Enpass, LastPass, Dashlane Business, Keeper, CA Technologies, Okta, True Key, Avatier,.

Posted on 13 April 2021 | 3:22 am

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that's popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Posted on 12 April 2021 | 10:18 pm

Joker Android Trojan Lands in Huawei AppGallery App Store

Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.

read more

Posted on 12 April 2021 | 10:18 pm

DoControl Emerges From Stealth With SaaS Security Platform

DoControl emerged from stealth mode on Monday with an automated data access controls platform for SaaS applications, and more than $13 million in funding.

read more

Posted on 12 April 2021 | 5:51 pm

Iran Used Fake Instagram Accounts to Try to Nab Israelis: Spy Agencies

Israeli spy agencies accused Iran on Monday of using fake social media accounts to lure citizens of the Jewish state abroad "to harm or abduct them".

read more

Posted on 12 April 2021 | 5:33 pm

IcedID Trojan Operators Experimenting With New Delivery Methods

The threat actors behind the IcedID Trojan are experimenting with various delivery methods to increase efficiency, including sending malicious messages from web-based contact forms.

read more

Posted on 12 April 2021 | 5:33 pm

Updates on Microsoft Exchange Server Vulnerabilities

Original release date: April 12, 2021

CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities.

CISA encourages users and administrators to review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 12 April 2021 | 5:19 pm

Unearthing the 'Attackability' of Vulnerabilities that Attract Hackers

Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. 

read more

Posted on 12 April 2021 | 4:48 pm

ID Verification Firm Veriff Lands $69 Million in Series B Funding

Veriff, a provider of automated identity verification technology, today announced that it has secured $69 million in Series B financing, bringing the total amount raised by the company to $92.8 million.

read more

Posted on 12 April 2021 | 4:44 pm

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users' Data

Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled

Posted on 12 April 2021 | 4:04 pm

The VC View: Data Security - Deciphering a Misunderstood Category

I’m both excited and concerned to write about data security as one of the hot trends to monitor in 2021. Data security is a tough topic to summarize and I’d argue it may be the most misunderstood category in security right now. We’re a raw industry that has been shaken up multiple times for years.

read more

Posted on 12 April 2021 | 4:02 pm

Biden Names 2 Ex-NSA Officials for Senior Cyber Positions

President Joe Biden has selected two former senior National Security Agency officials for key cyber jobs in his administration, the White House said Monday in moving to fill out a team whose role has grown more urgent after two major hacks that have consumed the government’s attention.

read more

Posted on 12 April 2021 | 3:43 pm

Microsoft to Release New Windows 10 Cumulative Updates Tomorrow

The rollout would take place as part of the April 2021 Patch Tuesday cycle and will, of course, be focused on security improvements aimed at the ...

Posted on 12 April 2021 | 2:02 pm

Brokerage firm Upstox hacked, 25-30 cr users' data at risk (Ld)

Adv. New Delhi, April 12 (IANS) Digital stockbroking firm Upstox, one of the the official partners of the Indian Premier League (IPL), has admitted a data ...

Posted on 12 April 2021 | 1:03 pm

Upstox hacked, 25-30 lakh users' data at risk

SME Times News Bureau | 12 Apr, 2021. Digital stockbroking firm Upstox, one of the official partners of the Indian Premier League (IPL), has admitted ...

Posted on 12 April 2021 | 12:33 pm

Brokerage firm Upstox hacked, 25-30 lakh users' data at risk

New Delhi: Digital stockbroking firm Upstox, one of the official partners of the Indian Premier League (IPL), has admitted a data breach, saying that the ...

Posted on 12 April 2021 | 12:33 pm

What Does It Take To Be a Cybersecurity Researcher?

Behind the strategies and solutions needed to counter today's cyber threats are—dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys.  But what drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity analysts from

Posted on 12 April 2021 | 12:22 pm

Cozy Grove PC Crashing and Black Screen Fix

Antivirus companies such as ESET and AVG have usually updated their software to improve security. There's a chance that Cozy Grove's executable file ...

Posted on 12 April 2021 | 11:15 am

Alert — There's A New Malware Out There Snatching Users' Passwords

A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development. "Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was

Posted on 12 April 2021 | 6:51 am

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices. For organizations that work along the DoD supply chain, this

Posted on 9 April 2021 | 2:37 pm

Researchers uncover a new Iranian malware used in recent cyberattacks

An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology. APT34 (aka OilRig) is

Posted on 9 April 2021 | 11:58 am

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers

Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated,

Posted on 9 April 2021 | 11:56 am

Critical Zoom vulnerability triggers remote code execution without user input

The researchers who discovered the bug have earned themselves $200,000.

Posted on 9 April 2021 | 10:15 am

Washington State educational organizations targeted in cryptojacking spree

The lucrative nature of cryptocurrency means no industry is safe.

Posted on 9 April 2021 | 9:32 am

Gigaset Android Update Server Hacked to Install Malware on Users' Devices

Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series — the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update

Posted on 9 April 2021 | 7:45 am

Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments

Original release date: April 8, 2021

Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications in Azure/Microsoft O365 environments. CISA created Sparrow to support hunts for threat activity following the SolarWinds compromise. Aviary—a Splunk-based dashboard—facilitates analysis of Sparrow data outputs.

CISA encourages network defenders wishing to use Aviary to facilitate their analysis of output from Sparrow to review CISA Alert: AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments. Note: CISA has updated the Sparrow tool section of AA21-008A with instructions on using the Aviary tool.

CISA recommends the following resources for additional information:

 

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 8 April 2021 | 7:00 pm

Cisco Releases Security Updates for Multiple Products

Original release date: April 8, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
 
CISA encourages users and administrators to review the following Cisco Advisory and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 8 April 2021 | 2:24 pm

NIST and HIPAA: Is There a Password Connection?

When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA?

Posted on 8 April 2021 | 12:47 pm

Facebook tackles deepfake spread and troll farms in latest moderation push

Updated: AI-generated images and an exiled militant group are now on Facebook's radar.

Posted on 8 April 2021 | 11:03 am

Italian man arrested after allegedly paying hitman in cryptocurrency

Europol claims he attempted to have his ex-girlfriend assassinated.

Posted on 8 April 2021 | 9:40 am

Vyveva: Lazarus hacking group’s latest weapon strikes South African freight

The backdoor is being used to spy on the activities of freight companies.

Posted on 8 April 2021 | 9:36 am

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user

Posted on 8 April 2021 | 6:07 am

Pre-Installed Malware Dropper Found On German Gigaset Android Phones

In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said. "This app is not

Posted on 8 April 2021 | 3:24 am

Android to Support Rust Programming Language to Prevent Memory Flaws

Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system

Posted on 7 April 2021 | 3:28 pm

Man jailed for trying to buy chemical weapon online able to kill ‘hundreds’ of people

Orders were made in the name of a minor.

Posted on 7 April 2021 | 11:34 am

11 Useful Security Tips for Securing Your AWS Environment

Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to learn some important AWS security tips. Use Multi-Factor authentication When setting up your AWS

Posted on 7 April 2021 | 11:22 am

WhatsApp-based wormable Android malware spotted on the Google Play Store

Cybersecurity researchers have discovered yet another piece of wormable Android malware—but this time downloadable directly from the official Google Play Store—that's capable of propagating via WhatsApp messages. Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a

Posted on 7 April 2021 | 10:36 am

New wormable Android malware poses as Netflix to hijack WhatsApp sessions

Users are lured in with the promise of a free premium subscription.

Posted on 7 April 2021 | 10:13 am

Critical Auth Bypass Bug Found in VMware Data Center Security Product

A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1.  Carbon Black Cloud Workload is a data center security product from VMware that

Posted on 7 April 2021 | 9:38 am

Data of 553m Facebook users dumped online: how to see if you are impacted

The data is old but that doesn’t mean it still can’t be used.

Posted on 7 April 2021 | 8:48 am

Experts uncover a new Banking Trojan targeting Latin American users

Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. Dubbed "Janeleiro" by Slovak cybersecurity firm ESET, the malware aims to disguise its true intent via lookalike pop-up windows that are designed to resemble

Posted on 7 April 2021 | 5:38 am

Are You One of the 533M People Who Got Facebooked?

Ne'er-do-wells leaked personal data -- including phone numbers -- for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you're a Facebook product user and want to learn if your data was leaked, there are easy ways to find out.

Posted on 6 April 2021 | 6:55 pm

SAP issues advisory on the exploit of old vulnerabilities to target enterprise applications

New research also reveals that SAP vulnerabilities, on average, are weaponized in less than 72 hours.

Posted on 6 April 2021 | 1:12 pm

Malicious Cyber Activity Targeting Critical SAP Applications

Original release date: April 6, 2021

SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management.  

On April 6 2021, security researchers from Onapsis, in coordination with SAP, released an alert detailing observed threat actor activity and techniques that could lead to full control of unsecured SAP applications. Impacted organizations could experience:

CISA recommends operators of SAP systems review the Onapsis Alert Active Cyberattacks on Mission-Critical SAP Applications for more information and apply necessary updates and mitigations. 

See CISA’s previous alerts on SAP:

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 6 April 2021 | 1:00 pm

Industries critical to COVID-19 response suffer surge in cloud cyberattacks

An increase in cloud adoption is being blamed for new security chasms.

Posted on 6 April 2021 | 10:09 am

Meet Janeleiro: a new banking Trojan striking company, government targets

The .NET Trojan’s developers don’t seem to care about staying undetected.

Posted on 6 April 2021 | 9:42 am

FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively exploited

APT groups are suspected of harnessing three bugs, two critical, for data exfiltration purposes.

Posted on 6 April 2021 | 7:17 am

Ransom Gangs Emailing Victim Customers for Leverage

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim's customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.

Posted on 5 April 2021 | 9:38 pm

Ubiquiti All But Confirms Breach Response Iniquity

For four days this past week, Internet-of-Things giant Ubiquiti failed to respond to requests for comment on a whistleblower's allegations that the company had massively downplayed a "catastrophic" two-month breach ending in January to save its stock price, and that Ubiquiti's insinuation that a third-party was to blame was a fabrication. I was happy to add their eventual public response to the top of Tuesday's story on the whistleblower's claims, but their statement deserves a post of its own because it actually confirms and reinforces those claims.

Posted on 4 April 2021 | 7:22 pm

VMware Releases Security Update

Original release date: April 2, 2021

VMware has released a security update to address a vulnerability in VMware Carbon Black Cloud Workload appliance. A remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-005 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 2 April 2021 | 3:09 pm

FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities

Original release date: April 2, 2021

The Federal Bureau of Investigation (FBI) and CISA have released a Joint Cybersecurity Advisory (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. APT actors may use these vulnerabilities or other common exploitation techniques to gain initial access to multiple government, commercial, and technology services. Gaining initial access pre-positions the APT actors to conduct future attacks.

CISA encourages users and administrators to review Joint CSA AA21-092A: APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks and implement the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 2 April 2021 | 1:35 pm

New KrebsOnSecurity Mobile-Friendly Site

Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as we hunt down the gremlins in the gears.

Posted on 1 April 2021 | 8:19 pm

DeepDotWeb dark web admin pleads guilty to gun, drug purchase kickbacks

Over $8 million was earned through affiliate marketing for illegal marketplaces.

Posted on 1 April 2021 | 8:39 am

Google: North Korean hackers are targeting researchers through fake offensive security firm

Google TAG warns of the group using zero-day exploits after reaching out to targets on social media.

Posted on 1 April 2021 | 7:24 am

Gaming mods, cheat engines are spreading Trojan malware and planting backdoors

Mods and cheat systems for games are being exploited to deploy information-stealing malware.

Posted on 31 March 2021 | 1:07 pm

Child tweets on behalf of nuke, space mission agency US Strategic Command

The gibberish tweet left some amused, some concerned that the account had been compromised.

Posted on 31 March 2021 | 12:26 pm

VMware patches critical vRealize Operations platform vulnerabilities

Administrator credentials could be stolen by exploiting the bugs.

Posted on 31 March 2021 | 11:07 am

Pandemic threats: The common threads in COVID-19 scams and criminal schemes

Researchers explore how cybercriminals have exploited the coronavirus pandemic over the past year.

Posted on 31 March 2021 | 9:01 am

Whistleblower claims Ubiquiti Networks data breach was ‘catastrophic’

Updated: The source alleges the January security incident was severely downplayed.

Posted on 31 March 2021 | 7:38 am

Rise In Use of Cryptocurrency In Business Email Compromise Schemes

Posted on 30 March 2021 | 6:35 pm

Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.

Posted on 30 March 2021 | 6:00 pm

If You Make or Buy a Fake COVID-19 Vaccination Record Card, You Endanger Yourself and Those Around You, and You Are Breaking the Law

Posted on 30 March 2021 | 5:15 pm

Department of Homeland Security email accounts exposed in SolarWinds hack

Reports suggest Russian threat groups accessed DHS emails during the SolarWinds fiasco.

Posted on 30 March 2021 | 11:11 am

No, I Did Not Hack Your MS Exchange Server

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let's just get this out of the way right now: It wasn't me.

Posted on 28 March 2021 | 5:40 pm

Phish Leads to Breach at Calif. State Controller

A phishing attack last week gave attackers access to email and files at the California State Controller's Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.

Posted on 23 March 2021 | 6:01 pm

RedTorch Formed from Ashes of Norse Corp.

Remember Norse Corp., the company behind the interactive "pew-pew" cyber attack map shown in the image blow? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch, which for the past two years has marketed a mix of services to high end celebrity clients, including spying and anti-spying tools and services.

Posted on 22 March 2021 | 8:36 pm

Telephony Denial of Service Attacks Can Disrupt Emergency Call Center Operations

Posted on 17 February 2021 | 7:00 pm

Oracle Critical Patch Update Advisory - January 2021

Posted on 19 January 2021 | 7:30 pm

Iranian Cyber Actors Continue to Threaten US Election Officials

Posted on 15 January 2021 | 9:15 pm

Oracle Critical Patch Update Advisory - October 2020

Posted on 20 October 2020 | 7:30 pm

Oracle Security Alert for CVE-2020-14750 - 01 November 2020

Posted on 1 October 2020 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2020

Posted on 14 July 2020 | 7:30 pm

Hacking Your Psyche To Prevent Isolation Fatigue

Americans have been reporting increased feelings of depression, anxiety, loneliness, and even hopelessness at least once per week since the start of ...

Posted on 29 June 2020 | 1:41 pm

Reuters goofs up, shows innocent Delhi man as wanted Indian hacker behind global spy racket

The Reuters exclusive story published early this month identified a herbal medicine business owner as a wanted hacker. He was subsequently ...

Posted on 29 June 2020 | 1:30 pm

The World's Greatest Golf Club Without the Course Has Officially Launched Hack Mulligan – Golf's ...

Stick and Hack, the World's Greatest Golf Club, Without the Course, is thrilled to announce the official launch of their comic strip Hack Mulligan, which ...

Posted on 29 June 2020 | 12:56 pm

Indian government hack exposes 80000 coronavirus patients' data

Kerala Cyber Warriors allegedly targeted Delhi government servers to highlight security pitfalls. Indian hackers claim to have accessed more than ...

Posted on 29 June 2020 | 12:44 pm

'Offensive capability': $1.3b for new cyber spies to go after hackers

State actors are trying to hack computer networks. Prime Minister Scott Morrison will on Tuesday announce the ASD will be given more than $1 billion ...

Posted on 29 June 2020 | 12:22 pm

The New World Of Enterprise Security

As more people began working from home, we saw hacking patterns change. Hackers quickly realized that people were using virtual private networks ...

Posted on 29 June 2020 | 12:00 pm

UK judge warns Assange on US extradition hearing attendance

... indictment that alleges Assange conspired with members of hacking organizations and sought to recruit hackers to provide WikiLeaks with classified ...

Posted on 29 June 2020 | 11:48 am

How to mitigate risks due to Cyber threats to optimise your insurance premium

Chief among these are exposure to very high level of cyber threats and hacking. According to Cyber Security experts, such cases have grown ...

Posted on 29 June 2020 | 11:48 am

Make your own relaxing face masks with these creative hacks

In this series, you'll learn various tips and tricks to make gardening, grilling and even sewing easier. No matter the problem, there's a Home Hack for that!

Posted on 29 June 2020 | 11:15 am

Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards

A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal ...

Posted on 29 June 2020 | 11:15 am

Calls for reform grow louder as UK Computer Misuse Act turns 30

The UK's principal computer hacking law marks its 30th anniversary today (June 29), amid industry calls for a radical revamp. The Computer Misuse ...

Posted on 29 June 2020 | 11:03 am

Hacker Drains $500K From DeFi Liquidity Provider Balancer

Decentralized finance (DeFi) liquidity provider Balancer Pool admitted early Monday morning that it had fallen victim to a sophisticated hack that ...

Posted on 29 June 2020 | 11:03 am

Woman's Hack For Eating Sushi With Soy Sauce Goes Viral

Clearly, many people have never thought to do this as the video has proven a huge hit, amassing more than 2.6 million views. As tends to be the way on ...

Posted on 29 June 2020 | 11:03 am

DeFi Protocol Balancer Hacked Through Exploit It Seemingly Knew About

A spat between the Balancer and STA team following the $500,000 hack suggests that the DeFi protocol was aware of the weakness. 2640 Total ...

Posted on 29 June 2020 | 10:41 am

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to ...

Posted on 29 June 2020 | 10:18 am

This Melbourne mum uses her oven to dry her laundry and it's going viral

But for those of us who aren't blessed with a dryer at home, one Melbourne mum's solution may be the life hack you never knew you needed.

Posted on 29 June 2020 | 9:45 am

Russian leader of Infraud stolen ID, credit card ring pleads guilty

... to corruption charges after being accused of being one of the leaders of a carding ring trading in stolen identities, credit cards, and hacking tools.

Posted on 29 June 2020 | 9:22 am

Mum shares genius £4 hack which makes squash last twice as long

But one woman has shared a nifty hack that helps drinks last longer. Stephanie Palin, a special needs teaching assistant from Chesire, has come up ...

Posted on 29 June 2020 | 9:00 am

Australia cyberattack exploited vulnerability usually used in cryptojacking malware attacks

The Australian Cyber Security Centre revealed that hackers exploited known vulnerabilities in the Telerik user interface. Image by Gerd Altmann from ...

Posted on 29 June 2020 | 8:37 am

Hacker Drains Over $450000 from Balancer Pools

Hacker siphoned more than $450,000 in deflationary tokens on Monday from two multi-token pools on Balancer, an automated market maker protocol.

Posted on 29 June 2020 | 8:37 am

WordPress 5.4.2 Security and Maintenance Release

WordPress 5.4.2 is now available! This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions […]

Posted on 10 June 2020 | 7:19 pm

WordPress 5.4.1

WordPress 5.4.1 is now available! This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.4.1 is a short-cycle security and maintenance release. The next […]

Posted on 29 April 2020 | 7:56 pm

Oracle Critical Patch Update Advisory - April 2020

Posted on 14 April 2020 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2020

Posted on 14 January 2020 | 7:30 pm

WordPress 5.3.1 Security and Maintenance Release

WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.1 by clicking the button at the top of this page, […]

Posted on 13 December 2019 | 12:07 am

WordPress 5.2.4 Update

Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution. Simon has done a great deal of work on the WordPress […]

Posted on 19 November 2019 | 4:47 am

Oracle Critical Patch Update Advisory - October 2019

Posted on 15 October 2019 | 7:30 pm

WordPress 5.2.4 Security Release

WordPress 5.2.4 is now available! This security release fixes 6 security issues. WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan Ricafort for finding an […]

Posted on 14 October 2019 | 9:54 pm

WordPress 5.2.3 Security and Maintenance Release

WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions […]

Posted on 5 September 2019 | 1:51 am

Mitigations Against Adversarial Attacks

This is the fourth and final article in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, […]

Posted on 11 July 2019 | 6:53 am

Adversarial Attacks Against AI

This article is the third in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 6:52 am

Malicious Use Of AI

This article is the second in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 6:50 am

Bad AI

This article is the first in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 6:49 am

Security Issues, Dangers, And Implications of Smart Information Systems

F-Secure is participating in an EU-funded Horizon 2020 project codenamed SHERPA (as mentioned in a previous blog post). F-Secure is one of eleven partners in the consortium. The project aims to develop an understanding of how machine learning will be used in society in the future, what ethical issues may arise, and how those issues […]

Posted on 8 July 2019 | 9:19 am

Sockpuppies!

Yesterday, a colleague of mine, Eero Kurimo, told me about something odd he’d seen on Twitter. Over the past few days, a number of pictures of cute puppies had shown up on his timeline as promoted tweets. Here’s an example: “Mainostettu” is the Finnish word Twitter uses to denote that a tweet has been promoted. […]

Posted on 1 July 2019 | 8:14 am

Oracle Security Alert for CVE-2019-2729 - 18 Jun 2019

Posted on 18 June 2019 | 10:00 pm

Live Coverage Of A Disinformation Operation Against The 2019 EU Parliamentary Elections

I recently worked with investigative journalists from Yle, attempting to uncover disinformation on social media around the May 2019 European elections. This work was also part of F-Secure’s participation in the SHERPA project, which involves developing an understanding of adversarial attacks against machine learning systems – in this case, recommendation systems on social networks. My […]

Posted on 24 May 2019 | 5:10 pm

Spam Trends: Top attachments and campaigns

Malware authors tend to prefer specific types of file attachments in their campaigns to distribute malicious content.  During our routine threat landscape monitoring in the last three months, we observed some interesting patterns about the attachment types that are being used in various campaigns. In February and March, we saw huge spam campaigns using ZIP […]

Posted on 8 May 2019 | 12:41 pm

Oracle Security Alert for CVE-2019-2725 - 26 Apr 2019

Posted on 26 April 2019 | 5:00 pm

Oracle Critical Patch Update Advisory - April 2019

Posted on 16 April 2019 | 7:30 pm

Discovering Hidden Twitter Amplification

As part of the Horizon 2020 SHERPA project, I’ve been studying adversarial attacks against smart information systems (systems that utilize a combination of big data and machine learning). Social networks fall into this category – they’re powered by recommendation algorithms (often based on machine learning techniques) that process large amounts of data in order to […]

Posted on 3 April 2019 | 3:39 pm

Mira Ransomware Decryptor

We investigated some recent Ransomware called Mira (Trojan:W32/Ransomware.AN) in order to check if it’s feasible to decrypt the encrypted files. Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an encrypted file into the […]

Posted on 1 April 2019 | 2:19 pm

A Hammer Lurking In The Shadows

And then there was ShadowHammer, the supply chain attack on the ASUS Live Update Utility between June and November 2018, which was discovered by Kaspersky earlier this year, and made public a few days ago. In short, this is how the trojanized Setup.exe works: An executable embedded in the Resources section has been overwritten by […]

Posted on 29 March 2019 | 2:12 pm

Analysis of LockerGoga Ransomware

We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs). Overview Compared to other ransomware variants that use Window’s CRT library functions, this new variant relies heavily […]

Posted on 27 March 2019 | 5:19 pm

Analysis Of Brexit-Centric Twitter Activity

This is a rather long blog post, so we’ve created a PDF for you to download, if you’d like to read it offline. You can download that from here. Executive Summary This report explores Brexit-related Twitter activity occurring between December 4, 2018 and February 13, 2019. Using the standard Twitter API, researchers collected approximately 24 […]

Posted on 12 March 2019 | 7:56 am

WordPress 5.1.1 Security and Maintenance Release

WordPress 5.1.1 is now available! This security and maintenance release introduces 14 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously […]

Posted on 12 March 2019 | 3:34 am

Why Social Network Analysis Is Important

I got into social network analysis purely for nerdy reasons – I wanted to write some code in my free time, and python modules that wrap Twitter’s API (such as tweepy) allowed me to do simple things with just a few lines of code. I started off with toy tasks, (like mapping the time of […]

Posted on 21 February 2019 | 1:20 pm

Oracle Critical Patch Update Advisory - January 2019

Posted on 15 January 2019 | 7:30 pm

NRSMiner updates to newer version

More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, […]

Posted on 3 January 2019 | 5:04 am

WordPress 5.0.1 Security Release

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version […]

Posted on 13 December 2018 | 3:13 am

Phishing Campaign targeting French Industry

We have recently observed an ongoing phishing campaign targeting the French industry. Among these targets are organizations involved in chemical manufacturing, aviation, automotive, banking, industry software providers, and IT service providers. Beginning October 2018, we have seen multiple phishing emails which follow a similar pattern, similar indicators, and obfuscation with quick evolution over the course […]

Posted on 26 November 2018 | 1:16 pm

Ethics In Artificial Intelligence: Introducing The SHERPA Consortium

In May of this year, Horizon 2020 SHERPA project activities kicked off with a meeting in Brussels. F-Secure is a partner in the SHERPA consortium – a group consisting of 11 members from six European countries – whose mission is to understand how the combination of artificial intelligence and big data analytics will impact ethics […]

Posted on 22 November 2018 | 8:25 am

Spam campaign targets Exodus Mac Users

We’ve seen a small spam campaign that attempts to target Mac users that use Exodus, a multi-cryptocurrency wallet. The theme of the email focuses mainly on Exodus. The attachment was “Exodus-MacOS-1.64.1-update.zip” and the sender domain was “update-exodus[.]io”, suggesting that it wanted to associate itself to the organization. It was trying to deliver a fake Exodus […]

Posted on 2 November 2018 | 5:56 pm

Oracle Critical Patch Update Advisory - October 2018

Posted on 16 October 2018 | 7:30 pm

Oracle Security Alert for CVE-2018-11776 - 31 August 2018

Posted on 1 September 2018 | 12:00 am

Value-Driven Cybersecurity

Constructing an Alliance for Value-driven Cybersecurity (CANVAS) launched ~two years ago with F-Secure as a member. The goal of the EU project is “to unify technology developers with legal and ethical scholars and social scientists to approach the challenge of how cybersecurity can be aligned with European values and fundamental rights.” (That’s a mouthful, right?) […]

Posted on 31 August 2018 | 1:20 pm

Taking Pwnie Out On The Town

Black Hat 2018 is now over, and the winners of the Pwnie Awards have been published. The Best Client-Side Bug was awarded to Georgi Geshev and Rob Miller for their work called “The 12 Logic Bug Gifts of Christmas.” Georgi and Rob work for MWR Infosecurity, which (as some of you might remember) was acquired by F-Secure […]

Posted on 14 August 2018 | 11:58 am

Oracle Security Alert for CVE-2018-3110 - 10 August 2018

Posted on 10 August 2018 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2018

Posted on 17 July 2018 | 7:30 pm

WordPress 4.9.7 Security and Maintenance Release

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads […]

Posted on 5 July 2018 | 5:00 pm

Oracle Critical Patch Update Advisory - April 2018

Posted on 17 April 2018 | 7:30 pm

WordPress 4.9.5 Security and Maintenance Release

WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented […]

Posted on 3 April 2018 | 7:56 pm

Oracle Critical Patch Update Advisory - January 2018

Posted on 16 January 2018 | 7:30 pm

Oracle Security Alert for CVE-2017-10269 - 13 November 2017

Posted on 13 November 2017 | 7:30 pm

Oracle Security Alert for CVE-2017-10151 - 27 October 2017

Posted on 27 October 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2017

Posted on 17 October 2017 | 7:30 pm

Oracle Security Alert for CVE-2017-9805 - 22 September 2017

Posted on 22 September 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2017

Posted on 18 July 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2019

Posted on 16 July 2017 | 7:30 pm

Oracle Security Alert for CVE-2017-3629

Posted on 19 June 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2017

Posted on 18 April 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2017

Posted on 17 January 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2016

Posted on 18 October 2016 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2016

Posted on 19 July 2016 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2016

Posted on 19 April 2016 | 7:30 pm

Oracle Security Alert for CVE-2016-0636 - 23 Mar 2016

Posted on 23 March 2016 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2016

Posted on 19 January 2016 | 7:30 pm

Oracle Security Alert for CVE-2015-4852 - 10 November 2015

Posted on 10 November 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2015

Posted on 20 October 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2015

Posted on 14 July 2015 | 7:30 pm

Oracle Security Alert for CVE-2015-3456 - 15 May 2015

Posted on 15 May 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2015

Posted on 14 April 2015 | 7:30 pm

Oracle Security Alert for CVE-2016-0603 - 5 February 2016

Posted on 5 February 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2015

Posted on 20 January 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2014

Posted on 14 October 2014 | 7:30 pm

Oracle Security Alert for CVE-2014-7169 - 26 September 2014

Posted on 26 September 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2014

Posted on 15 July 2014 | 7:30 pm

Oracle Security Alert for CVE-2014-0160 - 18 April 2014

Posted on 18 April 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2014

Posted on 15 April 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2014

Posted on 14 January 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2013

Posted on 15 October 2013 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2013

Posted on 16 July 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - June 2013

Posted on 18 June 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 7:30 pm

Oracle Security Alert for CVE-2013-1493 - 04 Mar 2013

Posted on 4 March 2013 | 7:30 pm

Updated Release of the Oracle Java SE Critical Patch Update - February 2013

Posted on 19 February 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - February 2013

Posted on 1 February 2013 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2013

Posted on 15 January 2013 | 7:30 pm

Oracle Security Alert for CVE-2013-0422 - 13 Jan 2013

Posted on 13 January 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 7:26 pm

Oracle Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 7:26 pm

Oracle Security Alert for CVE-2012-4681 - 30 Aug 2012

Posted on 30 August 2012 | 7:26 pm

Oracle Security Alert for CVE-2012-3132 - 10 Aug 2012

Posted on 10 August 2012 | 7:14 pm

Oracle Critical Patch Update (CPU) Advisory - July 2012

Posted on 19 July 2012 | 10:15 pm

Oracle Java SE Critical Patch Update Advisory - June 2012

Posted on 12 June 2012 | 8:00 pm

Oracle Security Alert for CVE-2012-1675

Posted on 30 April 2012 | 8:01 pm

Oracle Critical Patch Update (CPU) Advisory - April 2012

Posted on 18 April 2012 | 3:40 pm

Oracle Java SE Critical Patch Update Advisory - February 2012

Posted on 14 February 2012 | 8:00 pm

Oracle Security Alert for CVE-2011-5035

Posted on 31 January 2012 | 9:20 pm

Oracle Critical Patch Update (CPU) Advisory - January 2012

Posted on 17 January 2012 | 8:44 pm

Oracle Critical Patch Update (CPU) Advisory - October 2011

Posted on 24 October 2011 | 6:33 pm

Oracle Security Alert for CVE-2011-3192

Posted on 15 September 2011 | 9:22 pm

Oracle Critical Patch Update (CPU) Advisory - July 2011

Posted on 19 July 2011 | 10:45 pm

Oracle Java SE Critical Patch Update Advisory - June 2011

Posted on 7 June 2011 | 10:18 pm

Oracle Critical Patch Update (CPU) - April 2011

Posted on 19 April 2011 | 8:00 pm

Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011

Posted on 15 February 2011 | 10:00 pm

Oracle Critical Patch Update (CPU) - January 2011

Posted on 18 January 2011 | 7:40 pm

Oracle Critical Patch Update (CPU) - October 2010

Posted on 12 October 2010 | 4:07 pm

Oracle Critical Patch Update (CPU) - July 2010

Posted on 14 July 2010 | 7:35 pm

Oracle Critical Patch Update (CPU) - April 2010

Posted on 13 April 2010 | 9:01 pm

Oracle Security Alert for CVE-2010-0073 - February 2010

Oracle Security Alert for CVE-2010-0073

Posted on 4 February 2010 | 8:00 pm

Critical Patch Update - January 2010

Posted on 13 January 2010 | 6:05 pm

Critical Patch Update - October 2009

Posted on 20 October 2009 | 3:39 pm

Critical Patch Update - July 2009

Posted on 16 July 2009 | 1:00 am

Critical Patch Update - April 2009

Posted on 14 April 2009 | 10:40 pm

Critical Patch Update - January 2009

Posted on 14 April 2009 | 10:40 pm

Critical Patch Update - October 2008

Posted on 15 October 2008 | 6:53 pm

Critical Patch Update - July 2008

Posted on 15 July 2008 | 8:01 pm

Critical Patch Update - April 2008

Posted on 15 April 2008 | 10:13 pm

Critical Patch Update - January 2008

Posted on 15 January 2008 | 10:55 pm

Critical Patch Update - October 2007

Posted on 16 October 2007 | 8:47 pm

Critical Patch Update - July 2007

Posted on 17 July 2007 | 8:21 pm

Critical Patch Update - April 2007

Posted on 18 April 2007 | 3:57 pm

Critical Patch Update - January 2007

Posted on 16 January 2007 | 11:35 pm

Critical Patch Update - October 2006

Posted on 17 October 2006 | 6:37 pm

Critical Patch Update - April 2006

Posted on 18 April 2006 | 8:42 pm

Critical Patch Update - January 2006

Posted on 18 January 2006 | 12:20 am

Critical Patch Update - January 2005

Posted on 18 October 2005 | 10:28 pm

Critical Patch Update - April 2005

Posted on 18 October 2005 | 10:28 pm

Critical Patch Update - October 2005

Posted on 18 October 2005 | 10:25 pm

Critical Patch Update - July 2005

Posted on 12 July 2005 | 7:46 pm