Month: February 2021

Microsoft makes CodeQL queries public so security pros can better understand SolarWinds attack

26 February 2021

Microsoft has won praise from security researchers by making its  CodeQL queries public so any organization could use the open source tools to analyze if they experienced any vulnerabilities from the SolarWinds or similar supply chain attacks.  (Microsoft) Microsoft has won praise from security researchers by making its  CodeQL queries public so any organization could […]

Read More

New data could help CISOs quantify the value of a strong security culture

26 February 2021

Phishing warning seen on Google Chrome when visiting a website that has been recognized as phishing website. (Christiaan Colen/CC BY-SA 2.0) Building a security awareness training program to develop a strong infosec culture requires time and money, and chief information security officers frequently try to make a case for such an investment by citing return on […]

Read More

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

26 February 2021

A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor’s tactics by going beyond the usual […]

Read More

Four questions all cybersecurity RFPs should ask

26 February 2021

Effective security can help companies save in excess of $1 million on a nation-state attack from the likes of Vladimir Putin’s Russia. Today’s columnist, Dan Pitman of Alert Logic, says as part of the equation, companies should focus requests-for-proposals around business goals vs. looking to bring on too many products. PalaciodoPlanalto CreativeCommons Credit: CC BY […]

Read More

ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

26 February 2021

Researchers have uncovered gaps in Amazon’s skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the […]

Read More

Cisco Releases Security Patches for Critical Flaws Affecting its Products

26 February 2021

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. “An attacker could exploit this vulnerability by sending a crafted request to the affected API,” the company said in an advisory published yesterday. “A successful exploit […]

Read More

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

25 February 2021

Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. “The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for […]

Read More

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

25 February 2021

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. “Threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts,” Proofpoint said in an […]

Read More

As ransomware inches from economic burden to national security threat, policies may follow

25 February 2021

On Wednesday – just Wednesday – news stories emerged about an airplane maker, information technology giant and computer game company all having operations disrupted by ransomware. In the last year, such attacks have swept through every sector, affected schools, hospitals, critical infrastructure, transportation and governments.   Many argue that policymakers need to do something about the problem. But few solutions have been […]

Read More

The Top Free Tools for Sysadmins in 2021

25 February 2021

It’s no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you’re a sysadmin seeking to simplify your workflows, you’re in luck. We’ve gathered […]

Read More