News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. “With over 100 available phishing templates that mimic known
0 Comments
Companies know the danger ransomware poses and that a successful attack is inevitable. If ransomware isn’t detected in time, business-critical data could be encrypted, exfiltrated and posted publicly on file-sharing sites. Once a company has received a ransom demand, it’s too late to protect its systems. The attack is done, and the company is a
0 Comments
What is COBIT (Control Objectives for Information and Related Technologies)? COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices. COBIT is the acronym for Control Objectives for Information and Related Technologies. The COBIT framework was created by ISACA to bridge the crucial gap between technical issues,
0 Comments
New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed “Seventh Inferno” (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon’s Cries (CVSS
0 Comments
A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar. Cisco Talos dubbed the malware attacks “Operation Layover,” building on previous research from
0 Comments
Bitdefender and “a trusted law enforcement partner” have created and released a universal decryptor for REvil ransomware. REvil, also known as Sodinokibi, is a prominent ransomware gang that was recently responsible for the high-profile Kaseya supply chain attack in July. Shortly after the attack — where the ransomware operators demanded a $70 million ransom from
0 Comments
What is visitor-based networking? Visitor-based networking (VBN) is a computer network with high-speed internet access provided by an organization for temporary use by visitors, guests or other users in a public area. It may also be called a guest network or a public network. These are most often provided through Wi-Fi, though wired Ethernet access
0 Comments
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as CVE-2021-41077 — concerns unauthorized access and plunder of secret environment data associated with a public open-source project
0 Comments
More than nine months after discovering a devastating nation-state attack, SolarWinds CEO Sudhakar Ramakrishna said his company has drastically overhauled its security posture and practices even as it continues to search for the root cause of the breach. In an interview with SearchSecurity, Ramakrishna discussed SolarWinds’ efforts to learn from the supply chain attacks. While
0 Comments
Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems while simultaneously embracing a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions. “The malware is downloaded from a Google advertisement published
0 Comments
Researchers on Monday took the wraps off a newly discovered Linux and Windows re-implementation of Cobalt Strike Beacon that’s actively set its sights on government, telecommunications, information technology, and financial institutions in the wild. The as-yet undetected version of the penetration testing tool — codenamed “Vermilion Strike” — marks one of the rare Linux ports,
0 Comments
Ransomware removal tools are one of the first defenses against cyber attacks. Any enterprise’s IT infrastructure should already have an antivirus or antimalware platform installed to identify attacks, block ransomware from infecting systems, remove ransomware and, ultimately, unlock any files or resources that may have been blocked by an attacker. Don’t rely on older security
0 Comments
Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service (DDoS) attack by a new botnet called Mēris. The botnet is believed to have pummeled the company’s web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second (RPS), dwarfing a recent botnet-powered attack that came
0 Comments
Large-scale IoT deployments are currently within our grasp technologically in the form of smart cities. Smart cities have promised to make our lives more efficient. With connected devices and information controlled by an intelligent system, cities will never have traffic jams again. Connected technology can also make cities energy efficient with different sensors identifying waste.
0 Comments
The Linux community was caught unprepared when, in December 2020, as part of a change in the way Red Hat supports and develops CentOS, Red Hat suddenly announced that it’s cutting the official CentOS 8 support window from ten years – to just two, with support ending Dec 31, 2021. It created a peculiar situation
0 Comments
IBM this week rolled out its first Power10-based server, containing several new security tools designed for hybrid cloud environments. The E1080 server represents a doubling down on the company’s goal of delivering a frictionless hybrid cloud computing model that extends across the infrastructure of enterprises. The new system is a direct response to corporate users
0 Comments
The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are leveraging the cloud to accelerate essential HR functions such as recruiting, onboarding, evaluating, and more. SAP is leading this HR transformation with its human capital management (HCM) solution, SAP
0 Comments
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The “successful attack,” which is believed to have occurred last week, was mounted against its Confluence
0 Comments
End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a “legally binding order from the Swiss Federal Department of Justice” related to a collective
0 Comments
A critical vulnerability in Atlassian’s Confluence Server software is now under active attack. Disclosed last week by Atlassian, CVE-2021-26084 is a remote code execution bug that is considered a critical security risk by the vendor. The flaw, which was rated a 9.8 on the CVSS scale, is due to an injection bug in the open
0 Comments
Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with “high confidence” to a threat actor operating out of China. In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U’s implementation of the
0 Comments
Apple is temporarily hitting the pause button on its controversial plans to screen users’ devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users. “Based on feedback from customers, advocacy groups, researchers, and others, we have decided