Microsoft Office apps are vulnerable to IDN homograph attacks

Microsoft Office apps – including Outlook and Teams – are vulnerable to homograph attacks based on internationalized domain names (IDNs). In practice, this means that users hovering above a link in a phishing email, a Word or Excel document… Continue reading Microsoft Office apps are vulnerable to IDN homograph attacks

Bitdefender Identity Theft Protection helps prevent criminals from stealing or using personal information

Bitdefender unveiled Bitdefender Identity Theft Protection, a new U.S. consumer service delivering identity threat detection and alerts, 24/7 credit and financial account monitoring, and dedicated recovery services in the event of successful identity t… Continue reading Bitdefender Identity Theft Protection helps prevent criminals from stealing or using personal information

Should businesses be concerned about APT-style attacks?

As we enter 2022, organizations are re-evaluating their cybersecurity strategies to lower risks and best defend against potential threats. Through budget, risk tolerance, compliance and more, organizations have varying priorities for their security nee… Continue reading Should businesses be concerned about APT-style attacks?

Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. Johannes Ullrich, Dean of Research at the SANS Technology Institute, recently not… Continue reading Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

CISA probes scope, potential fallout of Log4j vulnerability

A top government cyber official said Tuesday that the Cybersecurity and Infrastructure Security Agency hasn’t seen hackers compromise federal agencies by exploiting the Apache Log4j vulnerability — but the agency’s still fearful of widespread attacks stemming from it. Most of all, CISA’s Eric Goldstein said during a phone call Tuesday evening, the government is eager for help from the public in assembling a comprehensive list of all the products that might be susceptible to hackers using the vulnerability, known as Log4Shell in the widely deployed logging library, which the agency expects could affect hundreds of millions of devices or more. CISA and private sector cybersecurity investigators have struck exceptionally dire notes about the potential fallout that have not, as of yet, come to fruition. It’s that unknown potential, however, that has prompted CISA to try to get organizations to patch their systems and take other steps to secure them. “Certainly […]

The post CISA probes scope, potential fallout of Log4j vulnerability appeared first on CyberScoop.

Continue reading CISA probes scope, potential fallout of Log4j vulnerability

Everyday cybersecurity practices inadequate among many online consumers

Bitdefender released a report which reveals how consumers across various age groups and socio-demographic backgrounds behave on popular platforms, applications and devices, affecting cybersecurity risk. Findings show basic practices for securing data, … Continue reading Everyday cybersecurity practices inadequate among many online consumers

Bitdefender expands marketing leadership with two key appointments

Bitdefender announced two key additions to its marketing leadership. Dennis Goedegebuure joins the Consumer Solutions Group as Vice President of Global New Customer Acquisition, while Amy Blackshaw joins the Business Solutions Group as Vice President o… Continue reading Bitdefender expands marketing leadership with two key appointments

Automation is not here to close the cybersecurity skills shortage gap, but it can help

In this interview with Help Net Security, Daniel Clayton, VP Global Security Services and Support at Bitdefender, talks about the cybersecurity skills shortage gap and the role of automation in improving the work of cybersecurity professionals. It is c… Continue reading Automation is not here to close the cybersecurity skills shortage gap, but it can help