Wednesday, October 27, 2021
SC Magazine

Microsoft warns zero-day in SolarWinds Serv-U software being exploited by Chinese threat group

Microsoft said it discovered a damaging zero-day vulnerability affecting SolarWinds software, and they have evidence a hacking group tied to China has been actively exploiting it in the wild. The flaw, which Microsoft said it discovered in Microsoft 365 Defender...
SC Magazine

CMS interoperability rule enacted: How providers should tackle API security

On July 1, the Centers for Medicare and Medicaid Services began the enforcement of its Interoperability and Patient Access final rule, designed to fuel data sharing between providers and to support patients’ rights to access their protected health information,...
SC Magazine

Ransomware captures attention of business leaders, as losses become real

A new Cybereason survey found that more than four out of five respondents from various business sectors – some  81% – said they are “highly” or “very concerned” about the risk of ransomware attacks. The survey’s authors said the response...
SC Magazine

Strata automation tool looks to simplify cloud migration projects

Strata Identity on Wednesday launched Maverics Identity Discovery, a free software tool that automates the manual process of auditing and cataloging on-premises identity environments. In a press release, Strata claims that the tool reduces cloud migration project times from months...
SC Magazine

AWS offers free online training for cloud architects

Amazon Web Services this week launched a new free online training series on Twitch that aims to build up the skills of cloud developers. The new series, the AWS Power Hour: Architecting, kicked off on Monday, July 12 and will...
SC Magazine

Websites repeatedly stalked by fraudulent copycats, say researchers

New research has shed some light on just how constantly corporate brands are bombarded by fraudulent attempts to impersonate their website domains. In its new “Impersonating Domains Report,” researchers at Digital Shadows found that over a four-month span this year,...
SC Magazine

New open data project looks to gauge success, failure of ransomware policy

The FBI notes in its annual IC3 report that ransomware is uniquely underreported, and its statistics can’t really be trusted. Various blockchain analysis groups have the means to compile ransomware statistics, but only for a price. That is unfortunate,...
SC Magazine

Microsoft fixes 117 vulnerabilities, four exploited in the wild

Microsoft on Tuesday picked up the pace on patching for July and released fixes for 117 vulnerabilities, four of which are being actively exploited in the wild.   July represents a dramatic shift from the relatively light releases security researchers have...
SC Magazine

Fashion brand Guess hacked, DarkSide ransomware group the likely culprit

Following news that noted fashion brand Guess suffered a data breach in which personal information may have been stolen, cybersecurity experts on Tuesday said that retailers should take this case as motivation to lock down their cyber defenses. News of...
SC Magazine

Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems

A major vulnerability in Schneider Electric’s Modicon programmable logic controllers can be chained with others to allow for remote code execution. A comprehensive patch is not expected until fourth quarter, according to the company, which expects to deliver short-term...
SC Magazine

Report: Cyberattacks drive 185% spike in health care data breaches in 2021

More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from the same time period last year where just 7.9 million individuals were affected according to a...
SC Magazine

Non-profit Global Business Alliance launches supply chain subsidiary

The Global Business Alliance, a non-profit devoted to raising foreign investment in U.S. industry, announced Tuesday a subsidiary to help international companies manage supply chain concerns.  GBA Sentinel will assist international companies operating in the U.S. that face a growing understanding...
SC Magazine

Could allowlisting reduce the impact of ransomware, cyberattacks on health care?

A recent IDC report confirmed the health care sector is more vulnerable to the consequences of cyberattacks than other industries and the most likely to suffer application downtime, with 53% of covered entities reporting downtime after an attack. Health care...
SC Magazine

EDR (alone) won’t protect your organization from advanced hacking groups

Endpoint detection and response systems can often serve as a frontline defense for many organizations, collecting and storing telemetry from dispersed employee devices and using it to detect malicious activities or behaviors. However, a recent experiment by academic researchers at the...
SC Magazine

Colorado’s new law ups need for privacy awareness training

Following in the footsteps of California and Virginia, Colorado last week became the third U.S. state to officially pass a comprehensive consumer privacy law. In doing so, the state added yet another layer of complexity for consumer-facing organizations striving...
The Register

China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks

FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.…
SecurityWeek

150 People Arrested in US-Europe Darknet Drug Probe

Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday. read more

Free Tool Helps Security Teams Measure Their API Attack Surface

Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

North Korea's Lazarus Group Turns to Supply Chain Attacks

State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.