Cybersecurity News
RSS

Beware skyrocketing ransomware

March 4, 2021

Ransomware – a cyberattack in which attackers hijack computer systems and demand payment to release them – has skyrocketed from a relative rarity a few years ago to the single biggest type of cybercrime today. And there is no end in sight to its growth trajectory. Last year, 2,354 American government entities, healthcare organizations and schools were the victims of ransomware attacks. The average ransomware payout swelled to $178,000 in the first half of 2020, up from $112,000 a year ago, according to ransomware incident response firm Coveware, and few clandestine culprits were caught.

16Shop adds phishing kit to target cash app users

March 4, 2021

The developer of the 16Shop phishing platform added a new component that targets users of popular Cash App mobile payment service, according to reports.

The Open Security & Safety Alliance announces camera cybersecurity specification and alliance council for app developers

Third specification from OSSA prescribes leading measures to mitigate cybersecurity camera threats and vulnerabilities; New app developer council involves essential entrepreneurs and small businesses in the alliance ecosystem

March 4, 2021

The Open Security & Safety Alliance (OSSA), an industry body comprised of stakeholders from all facets of the security, safety and building automation space, announced two important developments to help pave the road towards trustworthy and innovative security and safety solutions. First, a new specification is now available to members that focuses on camera cybersecurity measures. OSSA also introduces a new App Developer Council designed to attract and involve app developers in the Alliance’s ever-growing ecosystem of security and safety industry players.

Dark web takedowns up in 2021

March 4, 2021

2021 has proven to be busy for law enforcement operations already, taking down numerous high-profile dark web marketplaces and forums including Dark Market (500k users, 2.4k sellers, transactions ~ €140 million), Emotet, Netwalker, and Egregor, with some even producing arrests of site operators. Digital Shadows’ new report, “Cybercriminal law enforcement crackdowns in 2021,” highlights the impact that these takedowns have had to date.

CISA issues emergency directive and alert on Microsoft Exchange vulnerabilities

March 4, 2021

CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities could allow an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network.

Malaysian Airlines is breached

March 3, 2021

Malaysia Airlines has confirmed it has suffered a "data security incident" via a third-party IT service provider. The company also said the breach had not affected its carrier's core IT infrastructure and systems.

DoS vulnerability discovered in Eclipse Jetty

March 3, 2021

Synopsys Cybersecurity Research Center (CyRC) researchers have discovered CVE-2020-27223, a denial of service vulnerability in Eclipse Jetty, a widely used open source web server and servlet container.

Researcher discovers and patches Linux kernel vulnerabilities

March 3, 2021

Positive Technologies security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. These vulnerabilities could be exploited for local privilege escalation, as confirmed by Popov in experiments on Fedora 33 Server. The vulnerabilities, known together as CVE-2021-26708, have received a CVSS v3 base score of 7.0 (high severity).

Securing the cloud in 2021: 3 steps to cloud-based identity

March 2, 2021

Now that we’ve learned this dependency on the cloud will continue to grow, there are new challenges that organizations have to solve in the year ahead – starting with making these cloud infrastructures more secure. To do this, organizations must reroute the security perimeter to focus on identity. While cloud-based identity can be a complicated concept for a number of reasons, there are a few simple steps organizations can take to evolve their identity access management (IAM) strategies. By moving beyond “effective permissions,” they should instead focus on threats and risks, following a cloud IAM lifecycle approach.

Far-right platform Gab confirms it was hacked

March 2, 2021

CEO and co-founder of social media platform Gab said the site had suffered a data breach. WIRED reported that the far-right platform had more than 70 gigabytes of data, and 40 million posts, leaked by a hacktivist who self-identifies as "JaXpArO and My Little Anonymous Revival Project."

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

Cybersecurity News
RSS

Beware skyrocketing ransomware

16Shop adds phishing kit to target cash app users

The Open Security & Safety Alliance announces camera cybersecurity specification and alliance council for app developers

Dark web takedowns up in 2021

CISA issues emergency directive and alert on Microsoft Exchange vulnerabilities

Malaysian Airlines is breached

DoS vulnerability discovered in Eclipse Jetty

Researcher discovers and patches Linux kernel vulnerabilities

Securing the cloud in 2021: 3 steps to cloud-based identity

Far-right platform Gab confirms it was hacked

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

Cybersecurity News RSS

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

Cybersecurity News
RSS