Month: April 2021
Three tips for modernizing the CISO in 2021
27 April 2021Today’s columnist, Jadee Hanson of Code42, says KPMG found that 44% of organizations will change their products, services and business models in the next few years – and that CIOs and CISOs must work together to meet this challenge. KaustavBhattacharya CreativeCommons CC BY-NC-ND 2.0 During the height of the pandemic last year, the CISO took […]
Read More
3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails
26 April 2021A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what’s one of the largest data dumps of breached usernames and passwords. In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of […]
Read More
Minnesota University Apologizes for Contributing Malicious Code to the Linux Project
26 April 2021Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project’s code, which led to the school being banned from contributing to the open-source project in the future. “While our goal was to improve the security of Linux, we now understand that it […]
Read More
Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby
26 April 2021New research has uncovered privacy weaknesses in Apple’s wireless file-sharing protocol that could result in the exposure of a user’s contact information such as email addresses and phone numbers. “As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger,” said a team […]
Read More
How to Test and Improve Your Domain’s Email Security?
26 April 2021No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to […]
Read More
Emotet Malware Destroys Itself From All Infected Computers
26 April 2021Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation. The development comes three months after a coordinated disruption of Emotet as part of “Operation Ladybird” to seize control of servers used to run and maintain the […]
Read More
Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux
24 April 2021A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users’ machines that have Homebrew installed. The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its […]
Read More
Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs
24 April 2021Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software’s update mechanism and used it to drop malware on user computers. The breach is said to have […]
Read More
Following similar move in US, Europol prepares coup de gras for Emotet’s remains
24 April 2021On Sunday, Europol will end a three-month-long process of dismantling the Emotet botnet by triggering a time-activated .dll to delete malware from the systems.. (Europol) On Sunday, Europol will end a three-month-long process of dismantling the Emotet botnet. A time-activated .dll sent to victim machines will delete malware from the systems. In advance of the […]
Read More
50 companies named trusted providers by Cloud Security Alliance
23 April 2021The Cloud Security Alliance (CSA) on Thursday announced the selection of a first round of “trusted providers” for cloud security. In a press announcement, the group said a Trusted Cloud Provider “trustmark” will get displayed on each organization’s CSA Security, Trust, Assurance & Risk (STAR) registry. The CSA hopes this will assist security teams in […]
Read More