Whitepapers – WindowsTechs.com

Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse

Posted on November 23, 2022 by Ryan Naraine

Security researchers at Proofpoint are calling attention to the discovery of a commercial red-teaming tool called Nighthawk, warning that the command-and-control framework is likely to be abused by threat actors.
read more Continue reading Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse→

CrowdStrike to Buy Reposify, Invests in Salt Security

Posted on September 20, 2022 by Ryan Naraine

Endpoint detection and response pioneer CrowdStrike is elbowing its way into new security markets with a planned acquisition of attack surface management startup Reposify and a strategic investment in API security vendor Salt Security.
read more Continue reading CrowdStrike to Buy Reposify, Invests in Salt Security→

Drupal Patches ‘High-Risk’ Third-Party Library Flaws

Posted on June 13, 2022 by Ryan Naraine

The Drupal security team has released a “moderately critical” advisory to call attention to serious vulnerabilities in a third-party library and warned that hackers can exploit the bugs to remotely hijack Drupal-powered websites.
read more

Continue reading Drupal Patches ‘High-Risk’ Third-Party Library Flaws→

Experts Warn Defenders: Don’t Relax on Log4j

Posted on April 1, 2022 by Kevin Townsend

It’s been four months since the Log4j issue exploded onto the internet. All the major software vendors affected by it have by now released patches – but even where companies have patched, it would be wrong to relax.
read more

Continue reading Experts Warn Defenders: Don’t Relax on Log4j→

New Modem Wiper Malware May be Connected to Viasat Hack

Posted on March 31, 2022 by Ryan Naraine

A pair of security researchers at SentinelLabs have intercepted a piece of destructive wiper malware hitting routers and modems and found digital breadcrumbs suggesting a link to the devastating Viasat hack that took down wind turbines in Germany.
read… Continue reading New Modem Wiper Malware May be Connected to Viasat Hack→

Law Enforcement Blowback, Cyber Insurance Renewals Powering Anti-Ransomware Success

Posted on February 8, 2022 by Ryan Naraine

Continue reading Law Enforcement Blowback, Cyber Insurance Renewals Powering Anti-Ransomware Success→

CISA Releases Final IPv6 Security Guidance for Federal Agencies

Posted on January 21, 2022 by Ionut Arghire

The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the final version of its IPv6 security guidance for federal agencies.
read more

Continue reading CISA Releases Final IPv6 Security Guidance for Federal Agencies→

Exploits Swirling for Major Security Defect in Apache Log4j

Posted on December 10, 2021 by Ryan Naraine

Enterprise security response teams are bracing for a hectic weekend as public exploits — and in-the-wild attacks — circulate for a gaping code execution hole in the widely used Apache Log4j utility.
read more

Continue reading Exploits Swirling for Major Security Defect in Apache Log4j→

Zoho Confirms New Zero-Day, Ships Exploit Detector

Posted on December 6, 2021 by Ryan Naraine

The security problems at enterprise software provider Zoho continue to multiply with confirmation of a new critical authentication bypass vulnerability — the third in four months — being exploited in the wild by advanced threat actors.
read more
… Continue reading Zoho Confirms New Zero-Day, Ships Exploit Detector→

Mandiant Attributes Ghostwriter APT Attacks to Belarus

Posted on November 16, 2021 by Ionut Arghire

The Belarusian government is at least partially responsible for the Ghostwriter disinformation campaign, according to security researchers at the Mandiant Threat Intelligence team.
read more

Continue reading Mandiant Attributes Ghostwriter APT Attacks to Belarus→