Month: January 2021

0 Comments
Over the last five years, there has been a 183% increase in the number of disclosed vulnerabilities, according to new research by Tenable. The “2020 Threat Landscape Retrospective,” released Thursday, provided an overview of key vulnerabilities disclosed or exploited throughout 2020, as well as trends that impacted the year including breaches and ransomware attacks. The
0 Comments
Apple has removed a controversial feature from its macOS operating system that allowed the company’s own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called “ContentFilterExclusionList,” it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were
0 Comments
The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent “numerous” initial access, command-and-control, and exfiltration techniques used by threat actors. “DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS
0 Comments
The Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE) yesterday announced a Memorandum of Understanding with the Women in Cybersecurity (WiCyS) Mid-Atlantic affiliate. The executed MOU creates a cooperative agreement between the two parties to partner in the furthering of their missions and objectives around the adoption, use, and expansion of CMMC-based cybersecurity practices for the
0 Comments
2020 was a tough year for cybersecurity. Security teams had to secure remote work environments in a matter of days as the COVID-19 pandemic triggered widespread, extended lockdowns. Then, they had to maintain secure operations throughout the year without physical access to the resources they typically use. Meanwhile, ransomware attacks expanded in scale and intensity,
0 Comments
Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed “Operation Spalax” — began in 2020, with the modus operandi sharing some similarities
0 Comments
ESET researchers uncover attacks targeting Colombian government institutions and private companies, especially from the energy and metallurgical industries In 2020 ESET saw several attacks targeting Colombian entities exclusively. These attacks are still ongoing at the time of writing and are focused on both government institutions and private companies. For the latter, the most targeted sectors
0 Comments
Co-authored by Sally Adam and Doug Aamoth Many pupils are starting their new school term from home rather than the classroom. For families with younger kids, home schooling is often the first time that their children have needed to use computers (rather than gaming consoles) in earnest. Whether you’re new to home schooling, going back to it after a break, or an old hand, it’s worth
0 Comments
Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker’s newly announced 11th generation Core vPro business-class processors. The hardware-based security enhancements are baked into Intel’s vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU
0 Comments
Editor’s note The pervasiveness of SolarWinds backdoor attack, the sophistication of the hackers behind it and the number of high-profile victims make it the biggest cyber attack of 2020 — and possibly the past decade. The ongoing SolarWinds breach also shines a light on how dangerous a supply chain attack can be and gives infosec
0 Comments
Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL
0 Comments
Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented