Proactive defense: How managed risk enhances vulnerability management
The unprecedented pace of change in the modern workplace — cloud computing, working from home, BYOD devices and the Internet of Things — has made many of the old ways of guarding an organization’s digital assets obsolete. Firewalls, network perimeters and VPNs are no longer enough. New tools and new procedures can fill the gap, […]
Five Eyes agencies offer security advice for small businesses
Five of the most prominent intelligence agencies in the world are teaming up to help small businesses (SMBs) become more secure. The United States intelligence community, along with its counterparts in the UK, Canada, Australia and New Zealand (collectively known as the Five Eyes) issued a set of guidelines aimed at helping SMBs shore up […]
Windows Update takeover lets an attacker revive a patched flaw
Microsoft typically operates under the assumption that if an attacker has administrative privileges, gaining kernel-level code execution doesn’t cross a defined security boundary and therefore they don’t consider it a critical vulnerability needing immediate remediation. In an Oct. 26 blog post, SafeBreach researchers argued that Microsoft’s narrow definition leaves systems vulnerable to deploying custom rootkits […]
Federal probe into Chinese hack of US telcos launched after election-related targeting reports
Similar targeting was also reported by CBS News and Reuters to have been done by Salt Typhoon against the campaign of Vice President Kamala Harris. Source link
Audit+Beyond Conference: AI at the heart of compliance, IT security
Last week I attended AuditBoard’s Audit + Beyond, a two-day conference in Las Vegas that brought together audit and compliance professionals, as well as IT security pros. It wasn’t the first time these constituencies shared a conference attendee list. However, for me it was a first when it came to hammering home the point that […]
SonicWall SSL VPN accounts targeted by Akira, Fog ransomware gangs
At least 30 intrusions involving the exploitation of the critical SonicWall SSL VPN access control bug, tracked as CVE-2024-40766, have been conducted by the Akira and Fog ransomware gangs against several industries since August, with the former responsible for 75% of the incidents, reports BleepingComputer. Most of the attacks — which share the same infrastructure, indicating […]
Microsoft Teams exploited in latest Black Basta attacks
Intrusions commenced with the delivery of malicious emails and subsequent contacting of targets in Microsoft Teams under the guise of corporate IT help desk staff. Source link
New expansive TeamTNT attack campaign detailed
After being targeted through masscan and ZGrab, unauthenticated Docker API endpoints have been exploited by TeamTNT. Source link
Audit+Beyond Conference: AI at the heart of compliance, IT security
Last week I attended AuditBoard’s Audit + Beyond, a two-day conference in Las Vegas that brought together audit and compliance professionals, as well as IT security pros. It wasn’t the first time these constituencies shared a conference attendee list. However, for me it was a first when it came to hammering home the point that […]
Massive CrowdStrike outage prompts lawsuit from Delta Air Lines
CNN reports that Delta Air Lines has filed a lawsuit against CrowdStrike alleging the cybersecurity firm’s negligence in forcing “untested and faulty” updates for its Falcon platform that resulted in a global IT service outage that incurred over $500 million in losses for the carrier. “If CrowdStrike had tested the faulty update on even one computer before deployment, […]
© Copyright 2024 CNB Tel. All rights reserved