Long a part of managed services offerings, software patch management today is fraught with challenges. Applications remain a top cause of external breaches, and researchers are finding more security flaws. As a result, patch management is no longer a perfunctory service but a priority for MSPs. Nearly 99% of audited codebases contain some amount of
Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. “Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites,” Cisco Talos researcher Paul
As the crypto markets continue to trend downward, the world’s second-largest crypto exchange, FTX, remains undeterred. “Our priorities have not changed,” Mark Wetjen, head of policy and regulatory strategy at FTX, told TechCrunch. “Markets will do what they do, but the reality is that the digital asset marketplace and digital asset ecosystem, we believe, is
Vauld, a Singapore-headquartered crypto lending startup, has suspended withdrawals, trading and deposits on its eponymous platform with immediate effect as it navigates “financial challenges,” it said Monday. The startup — which counts Peter Thiel-backed Valar Ventures, Coinbase Ventures and Pantera Capital among its backers and has raised about $27 million — said it is facing
CloudSEK used its artificial intelligence (AI)-powered digital risk platform XVigil to identify a post on a cybercrime forum mentioning open source automation server platform Jenkins as one of the TTP (tactics, techniques, and procedures) used by a threat actor (TA) in attacks against IBM and Stanford University. The module reportedly has hidden desktop takeover capabilities that would be
Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. “The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties,” it said. “In under 24 hours, we worked quickly to
Hello and welcome back to Week in Review, where we recap the biggest stories from the week. If you want this in your inbox every Saturday, sign up here. Greg Kumparak is still on vacation, but not to worry! He’ll be back at the helm next week to bring you our biggest stories. Until then,
Kaspersky security experts have discovered new malware targeting Microsoft Exchange servers belonging to several organizations worldwide. Dubbed “SessionManager” and first spotted by the company in early 2022, the backdoor enables threat actors to keep “persistent, update-resistant and rather stealth access to the IT infrastructure of a targeted organization.” According to Kaspersky, once propagated, SessionManager would enable
Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its “complex multi-step attack flow” and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their
Welcome to Startups Weekly, a fresh human-first take on this week’s startup news and trends. To get this in your inbox, subscribe here. Tech innovation is a cycle, especially in the main character-driven world of early-stage venture capital and copycat nature of startups. The latest proof? Y Combinator this week announced Launch YC, a platform
Human error remains the most effective vector for conducting network infiltrations and data breaches. The SANS Institute security center issued its annual security awareness report Wednesday, which was based on data from 1,000 infosec professionals and found that employees and their lack of security training remain common points of failure for data breaches and network
Following heightened worries that U.S. users’ data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it’s taking steps to “strengthen data security.” The admission that some China-based employees can access information from U.S. users came in a letter sent to nine
An ex-Canadian government employee pleaded guilty in Florida court earlier this week to charges of involvement with the NetWalker ransomware group. Sebastien Vachon-Desjardins, 34, was accused of conspiracy to commit computer fraud and wire fraud, as well as intentional damage to a protected computer and transmitting a demand concerning damaging a protected computer. Vachon-Desjardins was extradited in March, following