Month: February 2021

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. “An attacker could exploit this vulnerability by sending a crafted request to the affected API,” the company said in an advisory published yesterday. “A successful exploit
The Federal Bureau of Investigation and Michigan State Police are investigating a cyber-attack on a Michigan school district. District administrators at Saginaw Township Community Schools began experiencing IT issues on Sunday following what is believed to have been a ransomware attack on the district’s computer network.  Investigators are in contact with the cyber-criminals behind the attack. It
Neither clinical research into the coronavirus nor any patient data were affected by the incident Oxford University has confirmed that one of its biology laboratories that is researching ways to combat the COVID-19 pandemic has fallen victim to a cyberattack. Details about the incident at the Division of Structural Biology (Strubi) were released by Forbes.
French multinational information technology services and consulting company Atos has completed the acquisition of two cybersecurity companies.  On February 24, the self-styled decarbonization services and products pioneer announced the successful acquisition of Motiv ICT Security. Founded in 1998, Motiv is the largest independent Managed Security Services (MSS) provider in the Netherlands. In a statement released Wednesday, Atos said
New research by cybersecurity company Kaspersky has found that Russia, Brazil, and the United States of America were the countries most affected by stalkerware last year.  A new report, “The State of Stalkerware 2020,” that was released today found that 53,870 Kaspersky users were affected globally by malicious surveillance software in 2020. Russia had the most affected users
First came the breach, then came the blackmail; now the Vastaamo Psychotherapy Centre has closed its doors for good. Four months after revealing it suffered a data breach in which patient records were stolen, Finland’s largest psychotherapy center has declared bankruptcy. A significant part of the incident occurred after threat actors attempted to extort the
It is near-certain the need for security across the enterprise will never cease – only increase if year-over-year trends are any indication. We constantly see headlines with repetitive buzzwords and phrases calling attention to the complexity of today’s security operations center (SOC) with calls to action to reimagine and modernize the SOC. We’re no different here at McAfee
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. “Threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts,” Proofpoint said in an
Addressing the cyber-skills gap requires a variety of career pathways and greater collaboration between governments, academia and industry, according to experts speaking during a webinar entitled Closing The Cyber Skills Gap: Can We Make a Difference? This session involved security vendor Palo Alto Networks and academics, government members and security experts from Scotland, and took place
Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this ransomware is deployed in the network of enterprises that the criminals carefully target and compromise. Using MVISION Insights, McAfee was able
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without users’
The United States Senate’s select committee on intelligence met yesterday to hear evidence from tech executives regarding the historic hack on Texas-based company SolarWinds.  Government agencies issued emergency directives in December after cybersecurity company FireEye detected a supply-chain attack trojanizing SolarWinds’ Orion business software updates to distribute malware. Using SolarWinds and Microsoft programs, hackers believed to have been working for Russia attacked
by Paul Ducklin Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing “end-to-end encryption for things that matter.” End-to-end encryption is pretty much what it says: encryption that starts on your computer, typically inside an individual app such as when browser submits
A nation-state threat group cloned and used a U.S. government cyberweapon years before it was exposed by the Shadow Brokers in 2017. A China-based advanced persistent threat group, known as APT31 or Zirconium, utilized a Windows zero-day exploit belonging to the Equation Group — an American APT widely understood to be a part of the
An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay
A number of influential companies have formed a consortium that aims to reduce the amount of disinformation, misinformation, and fraudulent content on the internet.  The Coalition for Content Provenance and Authenticity (C2PA), a Joint Development Foundation project, has been founded by Adobe, Arm, BBC, Intel, Microsoft, and photo and video verification platform Truepic. Member organizations plan to jointly develop technical standards for certifying the