News

The days immediately following the discovery of SolarWinds breach were chaotic, confusing and marked by more than a few strokes of good luck. During an RSA Conference webcast Thursday, the group of executives from CrowdStrike, KPMG, DLA Piper and, of course, SolarWinds spoke about the immediate response to the 2020 supply chain heist on the

A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm’s Insikt Group said it identified ties between a group it tracks

What is ping sweep (ICMP sweep)? A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers). Whereas a single ping will tell whether one specified host computer exists on the network, a ping sweep consists

South Korea’s state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called “Supply chain Levels for Software Artifacts” (SLSA, and pronounced “salsa”), the end-to-end framework aims to secure the software

The Clop ransomware gang has potentially taken a major blow, as six alleged members were arrested by Ukrainian Police in a joint law enforcement operation between Ukraine, the United States and South Korea. Ukraine’s National Police issued a press release Wednesday that it and the Ukrainian Cyberpolice conducted the local investigation via 21 searches of

A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory requirements. Companies in the EU must have password policies

2020 was a roller coaster of major, world-shaking events. We all couldn’t wait for the year to end. But just as 2020 was about to close, it pulled another fast one on us: the SolarWinds hack, one of the biggest cybersecurity breaches of the 21st century. The SolarWinds hack was a major event not because

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek’s software development kit (SDK) that could be abused by an adversary to gain improper access to audio and video streams. “Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as

Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. The latest update, iOS 12.5.4, comes with three security fixes, including a memory corruption issue in the ASN.1 decoder (CVE-2021-30737) and two flaws concerning the WebKit browser engine that could

By objective measures, enterprises just aren’t getting their money’s worth out of their cybersecurity spending. In a fast-paced economic and cyber threat landscape, organizations often buy new technology solutions without being able to fully assess their efficacy and then are forced to move on to new issues and problems before they can make the tools

The cyber assault on Air India that came to light last month lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state threat actor called APT41. Group-IB dubbed the campaign “ColunmTK” based on the names of the command-and-control

What is a meet-in-the-middle attack? Meet-in-the-middle is a known plaintext attack that can greatly reduce the number of brute-force permutations required to decrypt text that has been encrypted by more than one key. Such an attack makes it much easier for an intruder to gain access to data. A meet-in-the-middle attack targets block cipher cryptographic

Multiple critical security flaws have been disclosed in Samsung’s pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users’ consent and take control of the devices. “The impact of these bugs could have allowed an attacker to access and edit the victim’s contacts, calls, SMS/MMS, install arbitrary apps

Google’s upcoming plans to replace third-party cookies with a less invasive ad targeted mechanism have a number of issues that could defeat its privacy objectives and allow for significant linkability of user behavior, possibly even identifying individual users. “FLoC is premised on a compelling idea: enable ad targeting without exposing users to risk,” said Eric

When buying a Secure Access Service Edge platform, comparing features is the easiest part of the purchasing process. A well-designed comparison table and a bit of vendor honesty — or exasperation on the buyer’s part — will provide an overview of the various SASE vendors’ capabilities. The bigger challenge in selecting a SASE platform is

A seven-year-old privilege escalation vulnerability discovered in the polkit system service could be exploited by a malicious unprivileged local attacker to bypass authorization and escalate permissions to the root user. Tracked as CVE-2021-3560 (CVSS score: 7.8), the flaw affects polkit versions between 0.113 and 0.118 and was discovered by GitHub security researcher Kevin Backhouse, who

What is threat intelligence? Threat intelligence, also known as cyber threat intelligence (CTI), is information gathered from a range of sources about current or potential attacks against an organization. The information is analyzed, refined and organized and then used to minimize and mitigate cybersecurity risks. The main purpose of threat intelligence is to show organizations

Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month. “In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no

Microsoft on Tuesday released another round of security updates for Windows operating systems and other supported software, squashing 50 vulnerabilities, including 6 zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V,

The U.S. Cybersecurity and Infrastructure Security Agency has opened up a first of its kind vulnerability disclosure program. The new program, launched with BugCrowd and Endyna, will see the Department of Homeland Security’s cybersecurity branch partner up with the two infosec companies to make it easier for hackers to find and report potential security issues

The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now, a new research study points to a new, human-led direction. ‍The following discusses insights derived

When organizations assess their security strategies, they sometimes overlook IT/OT convergence security, particularly the operational side. With the adoption of IoT devices that connect operational technology to the IT component of IT/OT convergence, this aspect of security must not be forgotten. IT/OT convergence is the integration of IT, both the hardware and digital processes used

The U.S. Department of Justice (DoJ) on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware. The woman in question, Alla Witte, aka Max, 55, who resided in Paramaribo, Suriname, was arrested in Miami, Florida on February 6. Witte has been charged with

Code-hosting platform GitHub Friday officially announced a series of updates to the site’s policies that delve into how the company deals with malware and exploit code uploaded to its service. “We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits,” the Microsoft-owned company said. “We understand that many security

As the effects of the COVID-19 pandemic begin to ebb in the United States, the hybrid workforce is fast becoming the primary operating model for many organizations. As a result, establishing a secure hybrid workforce has become top priority. Let’s look at five steps you should take to make sure your network is protected as

Google is tightening the privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The change will go into effect sometime in late 2021. The development, which mirrors Apple’s move to enable iPhone and iPad users to opt-out of

Amazon Trust Services is a certificate authority created and operated by Amazon Web Services. Amazon Trust Services works with the AWS Certificate Manager service to simplify certificate management and ensure secure communication between a client and a server. The AWS Certificate Manager can help an IT team overcome the complex, error-prone manual tasks involved with

Google on Thursday said it’s rolling new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago. To this end, the search giant said it will now offer additional protections when users attempt to install a new extension from the Chrome

A top Russian-language underground forum has been running a “contest” for the past month, calling on its community to submit “unorthodox” ways to conduct cryptocurrency attacks. The forum’s administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private