Collaborate Disseminate
Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently started after Positive Technologies researchers shared proof-of-concept (PoC) e… Continue reading Cisco security devices targeted with CVE-2020-3580 PoC exploit
On this June 2021 Patch Tuesday: Microsoft has fixed 50 security vulnerabilities, six of which are actively exploited zero-days Adobe has delivered security updates for Acrobat and Reader, After Effects, Photoshop, and other products Intel has patched … Continue reading June 2021 Patch Tuesday: Microsoft fixes six actively exploited zero-days
VMware has patched two vulnerabilities (CVE-2021-21985, CVE-2021-21986) affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible. “All environments are … Continue reading VMware fixes critical vCenter Server RCE vunerability, urges immediate action (CVE-2021-21985)
Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser. Continue reading Microsoft Patch Tuesday, May 2021 Edition
The FBI on Monday said that a cybercriminal enterprise behind a ransomware variant known as DarkSide was responsible for the hack that prompted one of the country’s largest pipeline operators to temporarily shut down. The FBI statement came as Colonial Pipeline, which says it transports some 45% of all fuel consumed on the East Coast, said that it was aiming to “substantially” restore its pipeline operations by the end of the week. In a private advisory to U.S. companies obtained by CyberScoop, the FBI said that it had been tracking the DarkSide ransomware variant since October. “Darkside has impacted numerous organizations across various sectors including manufacturing, legal, insurance, healthcare and energy,” the FBI advisory said. The authors of DarkSide lease their hacking tools to other criminals in a “ransomware-as-as-service” model that splits the proceeds among the perpetrators, the bureau added. The Colonial Pipeline incident, which began Friday, is one of […]
The post FBI blames DarkSide ransomware operators for Colonial Pipeline incident appeared first on CyberScoop.
Continue reading FBI blames DarkSide ransomware operators for Colonial Pipeline incident
Attackers have been exploiting several old and one zero-day vulnerability (CVE-2021-22893) affecting Pulse Connect Secure (PCS) VPN devices to breach a variety of defense, government, and financial organizations around the world, Madiant has warned on … Continue reading Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)
Over nearly a decade, cybersecurity-related philanthropic giving has constituted a fraction of one percent of the billions of dollars devoted to peace and security causes. An open letter Friday signed by trade associations, non-profits, charitable foundations, think tanks and well-known cybersecurity professionals aims to change that trend as part of what could be a series of future steps. “We believe that private philanthropy is ideally suited to support the development of an emerging field of theorists and practitioners across cybersecurity domains,” reads the letter. “Anyone who cares about national security, innovation, economic development, personal privacy, or civil liberties should care about cybersecurity. Private philanthropy is a critical missing piece to meet this urgent need.” The William Flora and Hewlett Foundation, Craig Newmark Philanthropies, and Gula Tech Foundation led the effort to organize the letter, signed by 30 different organizations and individuals. They include former White House cyber coordinator and current […]
The post A push for cybersecurity philanthropic giving launches appeared first on CyberScoop.
Continue reading A push for cybersecurity philanthropic giving launches
Tenable.io is one of K2’s technology partners, and K2’s vulnerability detection can enhance the testing results generated by a Tenable.io WAS test. K2’s Security Platform is a complementary addition to Tenable.io WAS that offers 3 significant benefits… Continue reading Enhancing Tenable.io Web Application Scanner Results
A ransomware incident earlier this year temporarily shut down production for two days at a pair of manufacturing facilities in Italy, incident responders at security firm Kaspersky said Wednesday. Kaspersky did not publicly identify the victim organization. But Vyacheslav Kopeytsev, a researcher with the firm’s ICS-CERT unit, said in an email that the victim was a multinational firm headquartered in Germany that has factories in Italy. “The servers with the databases required for production were encrypted,” he added. The hackers disguised a nascent strain of ransomware called Cring as the victim organization’s anti-virus product before encrypting the computer servers that would cause the organization the greatest damage, Kopeytsev and his colleagues said in a report. The attackers catered their hacking tools to the victim’s infrastructure, the researchers said. It is only the latest example of how ransomware incidents are increasingly affecting the operations of industrial suppliers. Of 500 manufacturing sector […]
The post Ransomware disrupted production at two manufacturing sites in Italy, investigators say appeared first on CyberScoop.
Optiv Security unveiled its Enterprise Internet of Things (IoT) Lab in response to a growing and ever-present pain point for client security leaders – the proliferation of IoT devices on organizational networks. Chief information security officers (CIS… Continue reading Optiv Security Enterprise IoT Lab helps identify, assess, and mitigate IoT device security challenges