Microsoft warns zero-day in SolarWinds Serv-U software being exploited by Chinese threat group
Microsoft said it discovered a damaging zero-day vulnerability affecting SolarWinds software, and they have evidence a hacking group tied to China has been actively exploiting it in the wild.
The flaw, which Microsoft said it discovered in Microsoft 365 Defender...
CMS interoperability rule enacted: How providers should tackle API security
On July 1, the Centers for Medicare and Medicaid Services began the enforcement of its Interoperability and Patient Access final rule, designed to fuel data sharing between providers and to support patients’ rights to access their protected health information,...
Ransomware captures attention of business leaders, as losses become real
A new Cybereason survey found that more than four out of five respondents from various business sectors – some 81% – said they are “highly” or “very concerned” about the risk of ransomware attacks.
The survey’s authors said the response...
Strata automation tool looks to simplify cloud migration projects
Strata Identity on Wednesday launched Maverics Identity Discovery, a free software tool that automates the manual process of auditing and cataloging on-premises identity environments.
In a press release, Strata claims that the tool reduces cloud migration project times from months...
AWS offers free online training for cloud architects
Amazon Web Services this week launched a new free online training series on Twitch that aims to build up the skills of cloud developers.
The new series, the AWS Power Hour: Architecting, kicked off on Monday, July 12 and will...
Websites repeatedly stalked by fraudulent copycats, say researchers
New research has shed some light on just how constantly corporate brands are bombarded by fraudulent attempts to impersonate their website domains. In its new “Impersonating Domains Report,” researchers at Digital Shadows found that over a four-month span this year,...
New open data project looks to gauge success, failure of ransomware policy
The FBI notes in its annual IC3 report that ransomware is uniquely underreported, and its statistics can’t really be trusted. Various blockchain analysis groups have the means to compile ransomware statistics, but only for a price.
That is unfortunate,...
Microsoft fixes 117 vulnerabilities, four exploited in the wild
Microsoft on Tuesday picked up the pace on patching for July and released fixes for 117 vulnerabilities, four of which are being actively exploited in the wild.
July represents a dramatic shift from the relatively light releases security researchers have...
Fashion brand Guess hacked, DarkSide ransomware group the likely culprit
Following news that noted fashion brand Guess suffered a data breach in which personal information may have been stolen, cybersecurity experts on Tuesday said that retailers should take this case as motivation to lock down their cyber defenses.
News of...
Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems
A major vulnerability in Schneider Electric’s Modicon programmable logic controllers can be chained with others to allow for remote code execution. A comprehensive patch is not expected until fourth quarter, according to the company, which expects to deliver short-term...
Report: Cyberattacks drive 185% spike in health care data breaches in 2021
More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from the same time period last year where just 7.9 million individuals were affected according to a...
Non-profit Global Business Alliance launches supply chain subsidiary
The Global Business Alliance, a non-profit devoted to raising foreign investment in U.S. industry, announced Tuesday a subsidiary to help international companies manage supply chain concerns.
GBA Sentinel will assist international companies operating in the U.S. that face a growing understanding...
Could allowlisting reduce the impact of ransomware, cyberattacks on health care?
A recent IDC report confirmed the health care sector is more vulnerable to the consequences of cyberattacks than other industries and the most likely to suffer application downtime, with 53% of covered entities reporting downtime after an attack.
Health care...
EDR (alone) won’t protect your organization from advanced hacking groups
Endpoint detection and response systems can often serve as a frontline defense for many organizations, collecting and storing telemetry from dispersed employee devices and using it to detect malicious activities or behaviors. However, a recent experiment by academic researchers at the...
Colorado’s new law ups need for privacy awareness training
Following in the footsteps of California and Virginia, Colorado last week became the third U.S. state to officially pass a comprehensive consumer privacy law. In doing so, the state added yet another layer of complexity for consumer-facing organizations striving...
QuSecure Lauches Quantum-Resilient Encryption Platform
New firm launches to provide the Easy Button for implementing quantum secure encryption
The pressure to implement quantum secure encryption is increasing. This isn’t because functioning quantum computers able to crack asymmetric encryption are expected tomorrow, but because of the...
Iran, China-linked gangs join Putin’s disinformation war online
They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives...
6 Scary Tactics Used in Mobile App Attacks
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
Latest episode - listen now!
LimaCharlie Banks $5.45 Million in Seed Funding
LimaCharlie, a California company supplying tools to run an MSSP or SOC on a pay-as-you-use model, has attracted $5.45 million in seed round financing.
read more
