#DSbD: UK Could Face a “Cyber Disaster” on its Current Security Trajectory
DSbD initiative aims to put more responsibility in the hands of those who build it, creating a culture of secure by defaultRead More: https://www.infosecurity-magazine.com/news/uk-cyber-disaster-security/
Car Dealership Employees Begin Legal Case Following Breach
Law firm says clients have been left in the dark for over six monthsRead More: https://www.infosecurity-magazine.com/news/car-dealership-employees-breach/
Chinese APT41 Group Compromises Six US Government Networks
Group exploited Log4Shell “within hours,” says MandiantRead More: https://www.infosecurity-magazine.com/news/chinese-apt41-group-compromises/
Microsoft Fixes 71 Bugs Including Three Zero Days
None were reported as being exploited in the wildRead More: https://www.infosecurity-magazine.com/news/microsoft-fixes-71-bugs-including/
UPS flaws allow for remote code execution and remote fire-based interruptions
Image: Armis Security researchers at Armis have detailed a trio of vulnerabilities in so-called Smart-UPS devices sold by Schneider Electric subsidiary APC that allow for unnoticeable remote code execution, replacing
In-the-wild DDoS attack can be launched from a single packet to create terabytes of traffic
Security researchers from Akamai, Cloudflare, Lumen Black Lotus Labs, Mitel, Netscour, Team Cymru, Telus, and The Shadowserver Foundation have disclosed denial-of-service attacks with an amplification ratio that surpasses 4 billion
Cloudflare and Akamai refuse to pull services out of Russia
Cloudflare and Akamai have each confirmed they will continue to operate in Russia, despite being urged to do otherwise. Both companies have argued that if they were to pull their
New Nokoyawa Ransomware Possibly Related to Hive
Trend Micro – Hive, which is one of the more notable ransomware families of 2021, made waves in the latter half of the year after breaching over 300 organizations in
Identity Theft Statistics You Need to Know in 2022
Identity theft has become a defining threat in the virtual sphere and with the rate cybercrime is surging things may only get worse for unsuspecting victims. Over the past two
Microsoft's latest Windows patches fix the bug causing user data not to be erased
Microsoft’s latest round of Patch Tuesday fixes includes a fix for a bug that could result in some user data not being erased after a Windows 10 or Windows 11
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug. Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday
Access:7 Supply Chain Flaws Impact ATMs, Medical, IoT devices
Three out of the seven flaws were rated as critical, while the remaining four were medium to high severity vulnerabilities. The IT security researchers at CyberMDX health care security firm,
Utah inches closer to becoming fourth state to pass privacy law
Last week, the Utah House of Representatives unanimously passed a consumer privacy bill — the Utah Consumer Privacy Act — moving it one step closer to becoming the fourth state
Microsoft March 2022 Patch Tuesday: 71 vulnerabilities fixed
Microsoft has released 71 security fixes for software, including 41 patches for Microsoft Windows vulnerabilities, five vulnerabilities in Microsoft Office and two in Microsoft Exchange. Three of the vulnerabilities are
How to Give Your Apple Devices a Cybersecurity Review
Online threats like malware and ransomware attacks against Apple devices especially MacBook are surging and require attention like never before. Cybersecurity is a growing concern in 2022 for everyone –
Microsoft Patch Tuesday for March 2022 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Edmund Brumaghin. Microsoft released another relatively light security update Tuesday, disclosing 71 vulnerabilities, including fixes for issues in Azure and the Office suite of products. March’s
The Cyberspace Solarium Commission pushed some major policies into law. So what now?
Written by Tim Starks Mar 8, 2022 | CYBERSCOOP A little more than a year removed from its role in advancing some of the most significant cybersecurity legislation ever enacted,
Prison for Man Who Scammed US Government to Buy Pokémon Card
US locks up COVID Relief fraudster who spent thousands on collectible trading cardRead More: https://www.infosecurity-magazine.com/news/pokemon-card-covid-scammer/
Chronicles Of Mandiant: Google put a ring on it
Like a cybersecurity version of “The Bachelor,” Mandiant gives its final rose to Google. The idea of a standalone Mandiant, re-obtaining the prestige it once held in the cybersecurity industry,
Within hours of the Log4j flaw being revealed, these hackers were using it
A prolific and likely state-backed hacking group repeatedly targeted several US state governments by using software vulnerabilities in web applications and then later scanning for Log4j vulnerabilities within hours of
Oklahoma Hospital Data Breach Impacts 92,000 People
Patient and employee data in care of Duncan Regional Hospital exposed in security incident Read More: https://www.infosecurity-magazine.com/news/oklahoma-hospital-data-breach/
Against backdrop of Russian-Ukraine war, researchers witness flurry of nation-aligned hacking
Written by AJ Vicens Mar 8, 2022 | CYBERSCOOP Hackers believed to be associated with the governments of Russia, Belarus and China are targeting Ukraine, Poland and European governments, researchers
Google to Acquire Mandiant
Google announces intent to buy cybersecurity firm for approximately $5.4bnRead More: https://www.infosecurity-magazine.com/news/google-to-acquire-mandiant/
The Uncertain Future of IT Automation
While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks. The majority of today’s cybersecurity breaches stem
Attackers can Exploit Dirty Pipe Linux Vulnerability to Overwrite Data
The vulnerability has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102, and patches will be released soon. Researcher Max Kellermann has shared details of a new Linux kernel vulnerability
#DSbD: Embrace Change and Collaboration to Revolutionize Cybersecurity
Embracing change and collaboration are key to government-backed DSbD initiative, which aims to transform UK’s approach to cybersecurityRead More: https://www.infosecurity-magazine.com/news/dsbd-change-collaboration/
Best crypto wallet 2022: Secure your cryptocurrency
If you dabble in bitcoin or other cryptocurrencies, then you may be able to get away with storing your private keys in a software wallet. But if you are serious
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure. Three critical security vulnerabilities in widely used
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel. To go along with the “Dirty Pipe” Linux security bug coming to light, two
Breaking the Bias: Female Tech Leaders Share How They Overcame Adversity to Find Success
The theme of this year’s International Women’s Day is “Break the Bias,” a nod toward overcoming challenges associated with stereotypes and discrimination in the workplace. CompTIA has many resources to
Red Teaming: Top tools and gadgets for physical assessments
Infosec Institute – Understanding the strengths and weaknesses of physical security controls in critical infrastructures is a valuable part of cybersecurity. Because from this angle, adversaries can obtain confidential information
Okta, Airbnb, Zendesk, Asana and Snap join Whistic in forming cybersecurity consortium
Several tech firms have partnered with Whistic to create a consortium focused on sharing cybersecurity information with customers. Whistic — which created a network for assessing, publishing and sharing vendor
1Password review: Pretty close to perfect
Let me make this as simple as possible for you — everyone should be using a password manager. What is a password manager? It’s an app, or, more commonly these
Patch Tuesday March 2022 – Microsoft Releases Fixes for 21 Common Vulnerabilities
During March’s patching bout, Microsoft has made available fixes for 21 common security and non-security-related vulnerabilities. None of the exploits on the Patch Tuesday March list bore severity scores or
Cloud computing: Microsoft fixes Azure flaw that could have allowed access to other accounts
Microsoft has fixed a bug in the Azure Automation service that could have allowed one account owner to access another customer’s accounts using the same service. Azure Automation lets customers
Palo Alto: More than 100,000 infusion pumps vulnerable to 2 vulnerabilities
In an examination of more than 200,000 infusion pumps on the networks of several healthcare organizations, Palo Alto Networks security researchers discovered that more than 52% were susceptible to two
FBI warns: This ransomware group has gone after critical infrastructure firms again and again
The FBI has issued an alert over the RagnarLocker gang, a group known to use crafty techniques like running ransomware inside a virtual machine to evade antivirus detection. The law
Ragnar Locker Ransomware Breached 52 US Critical Infrastructure Organizations
Ragnar Locker is a type of ransomware that isolates files and makes them unusable until the user pays to get them back. The threat actor uses the “double extortion” tactic,
Google is buying cybersecurity company Mandiant for $5.4 billion
Google is to acquire cybersecurity company Mandiant in a deal worth $5.4 billion. The all-cash acquisition will see Mandiant join Google Cloud and deliver an end-to-end security operations suite, as
Hive Ransomware Gang Impacts Rompetrol Gas Station Network
Rompetrol is the operator of Petromidia Navodari, the largest oil refinery in Romania, with a processing capacity of more than five million tons annually. It looks like a ransomware attack
Phishing attempts from FancyBear and Ghostwriter stepping up says Google
Ukrainian flag waving over Parliament in Kyiv, Ukraine. Image: Getty Images Google’s Threat Analysis Group (TAG) has provided an update in the wake of the Russian invasion of Ukraine, saying
Celebrating Women in Cybersecurity
A Conversation with Bitdefender’s VP of Product Marketing, Amy Blackshaw, for International Women’s Day Today is International Women’s Day, a day to celebrate the achievements of women around the world,
Over 25,000 Russian-linked Cryptocurrency Addresses Have Been Blocked by Coinbase
Coinbase, a very well-known crypto exchange platform, has recently said in a statement that access to over 25,000 blockchain addresses linked to Russian individuals and entities have been blocked. All
Coinbase: We're Blocking 25,000 Russian Accounts
Crypto firms say digital currency unlikely to be used to evade sanctionsRead More: https://www.infosecurity-magazine.com/news/coinbase-were-blocking-25000/
Scores of US Critical Infrastructure Firms Hit by Ransomware
FBI reveals concerning new details of RagnarLocker campaignsRead More: https://www.infosecurity-magazine.com/news/scores-critical-infrastructure/
Dirty Pipe Exploit Rings Alarm Bells in the Linux Community
New discovery could give attackers full control over a targeted system Read More: https://www.infosecurity-magazine.com/news/dirty-pipe-exploit-rings-alarm/
Coinbase blocks 25,000 Russian-linked accounts and promotes crypto over fiat for sanctions
Image: Pigprox — Shutterstock Coinbase has come out in full-throated support of sanctions, and revealed the extent to which it works with governments, while at the same time stating it
New RURansom Wiper Targets Russia
Trend Micro – Other versions also attempt to start the process with elevated privileges. These different versions and modifications might indicate that the malware was still undergoing development at the