eSecurity Planet

APRIL 5, 2023

Effective vulnerability management is about knowing what you own and prioritizing what you need to fix. Researchers at cybersecurity firm Rezilion found more than 15 million instances in which systems are vulnerable to the 896 flaws listed in the U.S.

Ransomware 112

Ransomware Cybersecurity Firmware Healthcare 112

Security Affairs

MAY 2, 2023

FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. At this time, the vendor has yet to release security patches to address the flaw.

Authentication 98

Authentication Retail Surveillance Education 98

BH Consulting

JANUARY 16, 2024

BH Consulting Celebrates 20 Years in Business We are thrilled to announce and celebrate a significant milestone in our journey – 20 years of dedicated service in the field of cyber security and data protection. Please join us in celebrating this milestone as we raise a toast to 20 years of shared success with our customers.

Ransomware 69

Ransomware Penetration Testing InfoSec Cybersecurity 69

eSecurity Planet

OCTOBER 21, 2022

Patch management is a critical aspect of IT security. If patches are not deployed in a timely manner, vulnerabilities remain exploitable by the bad guys. See the Best Patch Management Software & Tools. Steps to Effective Patch Management. Patch Management Best Practices. Asset discovery.

Risk 107

Risk Backups Cybersecurity Software 107

eSecurity Planet

DECEMBER 15, 2021

Nation-state cyber threat groups and ransomware attackers are moving in to exploit a critical flaw found in the seemingly ubiquitous Apache Log4j open-source logging tool, as attacks spread just days after the vulnerability that could affect hundreds of millions of devices was made public late last week. Expanding Log4j Attacks.

Ransomware 123

Ransomware Software DNS Internet 123

Security Boulevard

OCTOBER 14, 2022

Older, Unpatched ERP Vulnerabilities Continue to Haunt Organizations. This Halloween, don’t let unpatched vulnerabilities be a problem for your organization. Earlier this year, researchers from Sygnia’s Incident Response team released a report detailing the activities of a threat group Elephant Beetle. maaya.alagappan.

Risk 72

Risk Internet Internet Cybersecurity 72

DoublePulsar

DECEMBER 3, 2023

Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp — used by double digit number of other credit unions across the United States. AlphV ransomware group also claimed them: Fidelity National Financial also patched CitrixBleed late. You can read about some of the fallout here.

Ransomware 100

Ransomware Cybersecurity Healthcare Government 100

Malwarebytes

JUNE 21, 2021

Remember when we told you to patch your VPNs already? According to South Korean officials a North Korean cyber-espionage group managed to infiltrate the network of South Korea’s state-run nuclear research institute last month. The weapon: a VPN vulnerability. The crime: time and place. The suspect: Kimsuky.

VPN 76

VPN Cyber Attacks Engineering Government 76

eSecurity Planet

JUNE 21, 2023

Compared to other operating systems, Linux patch management is unique because of its open-source nature, which enables a sizable community of developers and security professionals to find vulnerabilities, examine the code, and submit patches.

Software 93

Software Backups Risk System Administration 93

Malwarebytes

OCTOBER 17, 2023

“The work of the CRI supports the implementation of the endorsed UN framework for responsible state behavior in cyberspace, specifically the voluntary norm that States should cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats.”

Government 87

Government Backups Ransomware Malware 87

Security Boulevard

JUNE 8, 2021

In the third installment of our series, Protecting Industrial Control Systems Against Cyberattacks , we explore additional risk factors and vulnerabilities facing ICS SCADA systems. Vulnerable Points in the SCADA Structure. . Vulnerabilities are present in all parts of the SCADA systems - HMIs, PLCs and RTUs. Memory corruption.

Ransomware 102

Ransomware Software Healthcare Risk 102

Malwarebytes

APRIL 16, 2021

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have jointly released a Cybersecurity Advisory called Russian SVR Targets U.S. Vulnerabilities. Remarkable mentions in the cybersecurity advisory. General mitigation strategy.

VPN 111

VPN Internet Internet Accountability 111

Malwarebytes

MARCH 12, 2021

The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking on a ransomware twist. Depending on how the uptake in patching goes, this could well evolve again. The danger of this pivot to ransomware is the sheer number of potential targets.

Ransomware 120

Ransomware Backups Encryption Internet 120

Security Boulevard

DECEMBER 8, 2022

Onapsis turned 13 this year and by all accounts, 2022 was a pretty memorable year as we continue our mission of protecting the applications businesses rely on. We look forward to continuing to innovate our platform and expanding our reach to more customers in the years to come. Joint Research With SAP: ICMAD Vulnerabilities .

Small Business 52

Small Business Cybersecurity Technology Education 52

Webroot

AUGUST 18, 2021

If you attended Black Hat this year, you couldn’t avoid the topic of supply chain attacks. From keynotes to vendor messaging to booth presentations, they were a ubiquitous topic in Las Vegas this year. Black Hat founder Jeff Moss even began this year’s conference with a few words about software supply chains. SolarWinds.

InfoSec 131

InfoSec Backups Software Small Business 131

Approachable Cyber Threats

AUGUST 10, 2022

Category Awareness, Case Study, Vulnerability. In the modern age, nation states are expanding the battlefield with targeted cyber attacks on their adversaries. Nation states have always sought advantages to increase their geopolitical power and secure their interests both domestically and abroad. Risk Level.

DDOS 98

DDOS Cyber Attacks Government Hacking 98

eSecurity Planet

JANUARY 5, 2023

After a year that saw massive ransomware attacks and open cyber warfare, the biggest question in cybersecurity for 2023 will likely be how much of those attack techniques get commoditized and weaponized. The ongoing war in the Ukraine has led to more nation-state sponsored attacks that tend to have societal and economic impacts.

Ransomware 143

Ransomware CISO Software Cybercrime 143

Malwarebytes

SEPTEMBER 29, 2021

Microsoft offers to help you with patching Exchange servers, CISA offers an insider threat tool, and together with the NSA they offer advice on how to choose and harden your VPN. These initiatives from major parties aim to help organizations assess and manage their security needs. Microsoft Exchange Emergency Mitigation service.

VPN 65

VPN Risk Education Cybersecurity 65

eSecurity Planet

FEBRUARY 22, 2022

Most attacks make would-be victims click to install malware or redirect them to a phishing page to steal their credentials. They can compromise the targeted device despite a victim’s good security hygiene and practices. Also read: Best Patch Management Software for 2022. Zero-click attacks remove this hurdle.

Spyware 114

Spyware Software Government Social Engineering 114

Security Boulevard

FEBRUARY 22, 2021

After many decades as security professionals, it is depressing to have the same issues repeatedly. Of course, we all live in an asymmetrical world when it comes to security. The most basic advice we give to anyone building a security program is to make sure you do the fundamentals well. Visibility for every asset.

Risk 90

Risk Accountability Engineering Internet 90

The Last Watchdog

AUGUST 19, 2021

This stolen booty reportedly included social security numbers, phone numbers, names, home addresses, unique IMEI numbers, and driver’s license information. This stolen booty reportedly included social security numbers, phone numbers, names, home addresses, unique IMEI numbers, and driver’s license information.

Mobile 306

Mobile Data breaches Authentication Accountability 306

SC Magazine

APRIL 6, 2021

Multiple hackers are actively targeting SAP installations that have not updated in nearly a year or use poor account management. The warning, which came from the Department of Homeland Security, SAP and Onapsis, is based on research documenting activity in the wild. SAP is among the most popular software providers in the world.

Accountability 67

Accountability Software Media Information Security 67

Krebs on Security

JANUARY 9, 2023

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. All that was needed was the person’s name, address, birthday and Social Security number. Annualcreditreport.com begins by asking for your name, address, SSN and birthday.

Identity Theft 334

Identity Theft Accountability Authentication Web Fraud 334

eSecurity Planet

JULY 23, 2021

A pair of vulnerabilities in the Linux kernel disclosed this week expose major Linux operating systems that could let a hacker either gain root privileges on a compromised host or shut down the entire OS altogether. Further reading: Top Vulnerability Management Tools for 2021. Red Hat, Others Confirm Flaws. A Silver Lining.

Accountability 144

Accountability Big data CISO Architecture 144

Security Affairs

OCTOBER 2, 2020

XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. The APT group, recently discovered by ESET, targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine, including militaries and Ministries of Foreign Affairs.

Malware 137

Malware Government Advertising Phishing 137

Malwarebytes

JUNE 14, 2023

This confirms Malwarebytes findings that LockBit is the most active Ransomware-as-a-Service operator. This confirms Malwarebytes findings that LockBit is the most active Ransomware-as-a-Service operator. In our monthly Ransomware Reviews , LockBit often ranks top for victim count, although Cl0p is a close rival.

Ransomware 71

Ransomware Backups Internet Internet 71

SecureList

DECEMBER 27, 2023

This presentation was also the first time we had publicly disclosed the details of all exploits and vulnerabilities that were used in the attack. This attachment exploits the remote code execution vulnerability CVE-2023-41990 in the undocumented, Apple-only ADJUST TrueType font instruction.

Firmware 145

Firmware Engineering Spyware Retail 145

SC Magazine

JUNE 15, 2021

Much like with businesses, many state and municipal governments can afford to allocate only a relatively small portion of their tech budgets toward cybersecurity. Additionally, vulnerability advisories will allow SLTTs to prioritize their patching activity.”. (Transferred from en.wikipedia to Commons by mblumbe r).

Government 72

Government Energy and Utilities Cyber threats Media 72

Security Affairs

NOVEMBER 25, 2021

An Iranian threat actor is stealing Google and Instagram credentials of Farsi-speaking targets by exploiting a Microsoft MSHTML bug. Most of the victims are located in the United States, threat actors use the “Corona massacre” lure, a circumstance that confirmed the attackers are targeting Iranians who live abroad.

Surveillance 89

Surveillance Social Engineering Cybercrime Phishing 89

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT 86

IoT DDOS Passwords Malware 86

SC Magazine

MAY 4, 2021

Today’s columnist, Carolyn Crandall of Attivo Networks, says preventing ransomware attackers from taking over Active Directory stops them from targeting the most valuable data. Active Directory (AD) has become a critical element of most corporate networks. arrayexception CreativeCommons CC BY-SA 2.0 Ransomware 2.0

Ransomware 85

Ransomware Accountability Encryption Malware 85

eSecurity Planet

JANUARY 6, 2022

Third-party security, ransomware , artificial intelligence (AI) and decentralized finance (DeFi) are some of the threats you can expect to see more of this year – with the potential for far worse results than we’ve seen in the past. ” US-CERT annual security vulnerabilities – high security vulnerabilities in green.

Ransomware 128

Ransomware Cybersecurity Artificial Intelligence CISO 128

Security Affairs

AUGUST 18, 2019

The best news of the week with Security Affairs. 10-year-old vulnerability in Avaya VoIP Phones finally fixed. Boffins hacked Siemens Simatic S7, most secure controllers in the industry. Boffins hacked Siemens Simatic S7, most secure controllers in the industry. Once again thank you!

Banking 54

Banking Password Management Advertising Antivirus 54

SecureList

OCTOBER 20, 2021

This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. We overview what kind of attacks are now carried out by cybercriminals and what influenced this change — including such factors as changes in vulnerability market and browser safety.

Cybercrime 137

Cybercrime Banking Malware Ransomware 137

SecureList

MARCH 31, 2021

Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. At the same time, some of the known APT (Advanced persistent threats) groups that are not generally targeting financial institutions have tried their hand at it.

Banking 118

Banking Phishing Malware Mobile 118

eSecurity Planet

JULY 7, 2023

Vulnerability scanning is critically important for identifying security flaws in hardware and software, but vulnerability scanning types are as varied as the IT environments they’re designed to protect. Agent-Server: The scanner installs agent software on the target host in an agent-server architecture.

Software 81

Software Authentication Risk Internet 81

eSecurity Planet

APRIL 7, 2023

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. Kali Linux is a popular pentesting distribution maintained by Offensive Security (OffSec), a 15-year-old private security company.

Penetration Testing 131

Penetration Testing Social Engineering Energy and Utilities Hacking 131