Month: February 2021
Microsoft makes CodeQL queries public so security pros can better understand SolarWinds attack
26 February 2021Microsoft has won praise from security researchers by making its CodeQL queries public so any organization could use the open source tools to analyze if they experienced any vulnerabilities from the SolarWinds or similar supply chain attacks. (Microsoft) Microsoft has won praise from security researchers by making its CodeQL queries public so any organization could […]
Read More
New data could help CISOs quantify the value of a strong security culture
26 February 2021Phishing warning seen on Google Chrome when visiting a website that has been recognized as phishing website. (Christiaan Colen/CC BY-SA 2.0) Building a security awareness training program to develop a strong infosec culture requires time and money, and chief information security officers frequently try to make a case for such an investment by citing return on […]
Read More
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
26 February 2021A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor’s tactics by going beyond the usual […]
Read More
Four questions all cybersecurity RFPs should ask
26 February 2021Effective security can help companies save in excess of $1 million on a nation-state attack from the likes of Vladimir Putin’s Russia. Today’s columnist, Dan Pitman of Alert Logic, says as part of the equation, companies should focus requests-for-proposals around business goals vs. looking to bring on too many products. PalaciodoPlanalto CreativeCommons Credit: CC BY […]
Read More
ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
26 February 2021Researchers have uncovered gaps in Amazon’s skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the […]
Read More
Cisco Releases Security Patches for Critical Flaws Affecting its Products
26 February 2021Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. “An attacker could exploit this vulnerability by sending a crafted request to the affected API,” the company said in an advisory published yesterday. “A successful exploit […]
Read More
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
25 February 2021Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. “The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for […]
Read More
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
25 February 2021Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. “Threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts,” Proofpoint said in an […]
Read More
As ransomware inches from economic burden to national security threat, policies may follow
25 February 2021On Wednesday – just Wednesday – news stories emerged about an airplane maker, information technology giant and computer game company all having operations disrupted by ransomware. In the last year, such attacks have swept through every sector, affected schools, hospitals, critical infrastructure, transportation and governments. Many argue that policymakers need to do something about the problem. But few solutions have been […]
Read More
The Top Free Tools for Sysadmins in 2021
25 February 2021It’s no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you’re a sysadmin seeking to simplify your workflows, you’re in luck. We’ve gathered […]
Read More