Microsoft warns zero-day in SolarWinds Serv-U software being exploited by Chinese threat group
Microsoft said it discovered a damaging zero-day vulnerability affecting SolarWinds software, and they have evidence a hacking group tied to China has been actively exploiting it in the wild.
The flaw, which Microsoft said it discovered in Microsoft 365 Defender...
CMS interoperability rule enacted: How providers should tackle API security
On July 1, the Centers for Medicare and Medicaid Services began the enforcement of its Interoperability and Patient Access final rule, designed to fuel data sharing between providers and to support patients’ rights to access their protected health information,...
Ransomware captures attention of business leaders, as losses become real
A new Cybereason survey found that more than four out of five respondents from various business sectors – some 81% – said they are “highly” or “very concerned” about the risk of ransomware attacks.
The survey’s authors said the response...
Strata automation tool looks to simplify cloud migration projects
Strata Identity on Wednesday launched Maverics Identity Discovery, a free software tool that automates the manual process of auditing and cataloging on-premises identity environments.
In a press release, Strata claims that the tool reduces cloud migration project times from months...
AWS offers free online training for cloud architects
Amazon Web Services this week launched a new free online training series on Twitch that aims to build up the skills of cloud developers.
The new series, the AWS Power Hour: Architecting, kicked off on Monday, July 12 and will...
Websites repeatedly stalked by fraudulent copycats, say researchers
New research has shed some light on just how constantly corporate brands are bombarded by fraudulent attempts to impersonate their website domains. In its new “Impersonating Domains Report,” researchers at Digital Shadows found that over a four-month span this year,...
New open data project looks to gauge success, failure of ransomware policy
The FBI notes in its annual IC3 report that ransomware is uniquely underreported, and its statistics can’t really be trusted. Various blockchain analysis groups have the means to compile ransomware statistics, but only for a price.
That is unfortunate,...
Microsoft fixes 117 vulnerabilities, four exploited in the wild
Microsoft on Tuesday picked up the pace on patching for July and released fixes for 117 vulnerabilities, four of which are being actively exploited in the wild.
July represents a dramatic shift from the relatively light releases security researchers have...
Fashion brand Guess hacked, DarkSide ransomware group the likely culprit
Following news that noted fashion brand Guess suffered a data breach in which personal information may have been stolen, cybersecurity experts on Tuesday said that retailers should take this case as motivation to lock down their cyber defenses.
News of...
Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems
A major vulnerability in Schneider Electric’s Modicon programmable logic controllers can be chained with others to allow for remote code execution. A comprehensive patch is not expected until fourth quarter, according to the company, which expects to deliver short-term...
Report: Cyberattacks drive 185% spike in health care data breaches in 2021
More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from the same time period last year where just 7.9 million individuals were affected according to a...
Non-profit Global Business Alliance launches supply chain subsidiary
The Global Business Alliance, a non-profit devoted to raising foreign investment in U.S. industry, announced Tuesday a subsidiary to help international companies manage supply chain concerns.
GBA Sentinel will assist international companies operating in the U.S. that face a growing understanding...
Could allowlisting reduce the impact of ransomware, cyberattacks on health care?
A recent IDC report confirmed the health care sector is more vulnerable to the consequences of cyberattacks than other industries and the most likely to suffer application downtime, with 53% of covered entities reporting downtime after an attack.
Health care...
EDR (alone) won’t protect your organization from advanced hacking groups
Endpoint detection and response systems can often serve as a frontline defense for many organizations, collecting and storing telemetry from dispersed employee devices and using it to detect malicious activities or behaviors. However, a recent experiment by academic researchers at the...
Colorado’s new law ups need for privacy awareness training
Following in the footsteps of California and Virginia, Colorado last week became the third U.S. state to officially pass a comprehensive consumer privacy law. In doing so, the state added yet another layer of complexity for consumer-facing organizations striving...
China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks
FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.…
150 People Arrested in US-Europe Darknet Drug Probe
Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday.
read more
Free Tool Helps Security Teams Measure Their API Attack Surface
Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.
SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike
Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.
North Korea's Lazarus Group Turns to Supply Chain Attacks
State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.
