Collaborate Disseminate
Around the world, organizations are facing a tremendous increase in cyber risk. A recent research reveals that 31% of companies now experience a cyberattack at least once a day, a trend that’s expected to skyrocket as cybercriminals employ AI and autom… Continue reading How do I select an attack detection solution for my business?
Another group of state-sponsored hackers has exploited the ubiquity of SolarWinds software to target US government agencies, Reuters reported on Tuesday. State-sponsored hackers have a taste for SolarWinds? Unlike the alleged Russian attackers who inse… Continue reading SolarWinds Orion exploited by another group of state-sponsored hackers
Researchers at security firm Trustwave on Wednesday disclosed two critical vulnerabilities in the same software that suspected Russian spies have exploited to infiltrate multiple U.S. government agencies. One of the bugs could offer an attacker a similar level of control over the software made by federal contractor SolarWinds that the alleged Russians enjoyed, the researchers said. The analysis of SolarWinds’ Orion software platform — which is used by numerous Fortune 500 firms — illustrates the greater scrutiny the firm is under since disclosing the supply-chain hack. But it also shows the security benefits of having more outside researchers sift through Orion’s code. “As people were patching against the implant backdoor [used in the espionage campaign], this would provide the ability to get back into those systems, even though the backdoor had been removed,” Trustwave’s Karl Sigler said of one of the vulnerabilities, which could allow an attacker to remotely execute […]
The post SolarWinds issues patches for two new critical bugs found in Orion software appeared first on CyberScoop.
Continue reading SolarWinds issues patches for two new critical bugs found in Orion software
The vast majority of attackers are opportunist criminals looking for easy targets to maximize their profits. If defenses are sufficiently fortified, finding a way through will be so difficult and time consuming that all but the most elite nation-state … Continue reading Addressing the lack of knowledge around pen testing
The vast majority of attackers are opportunist criminals looking for easy targets to maximize their profits. If defenses are sufficiently fortified, finding a way through will be so difficult and time consuming that all but the most elite nation-state … Continue reading Addressing the lack of knowledge around pen testing
From increasingly sophisticated threats to the mad concoction of on-premise and cloud solutions that comprise most organizations’ IT infrastructure and the plethora of new IoT devices and a highly distributed workforce, enterprises and government agenc… Continue reading Security automation: Time for a new playbook
The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers. Continue reading Android Messenger App Still Leaking Photos, Videos
Security problems in Schneider Electric programmable logic controllers allow compromise of the hardware, responsible for physical plant operations. Continue reading Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks
Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave. Continue reading Survey: Cybersecurity Skills Shortage is ‘Bad,’ But There’s Hope
Trustwave released a report which depicts how technology trends, compromise risks and regulations are shaping how organizations’ data is stored and protected. Data protection strategy The report is based on a recent survey of 966 full-time IT professio… Continue reading How tech trends and risks shape organizations’ data protection strategy