Tuesday, August 3, 2021
SC Magazine

Microsoft warns zero-day in SolarWinds Serv-U software being exploited by Chinese threat group

Microsoft said it discovered a damaging zero-day vulnerability affecting SolarWinds software, and they have evidence a hacking group tied to China has been actively exploiting it in the wild. The flaw, which Microsoft said it discovered in Microsoft 365 Defender...
SC Magazine

CMS interoperability rule enacted: How providers should tackle API security

On July 1, the Centers for Medicare and Medicaid Services began the enforcement of its Interoperability and Patient Access final rule, designed to fuel data sharing between providers and to support patients’ rights to access their protected health information,...
SC Magazine

Ransomware captures attention of business leaders, as losses become real

A new Cybereason survey found that more than four out of five respondents from various business sectors – some  81% – said they are “highly” or “very concerned” about the risk of ransomware attacks. The survey’s authors said the response...
SC Magazine

Strata automation tool looks to simplify cloud migration projects

Strata Identity on Wednesday launched Maverics Identity Discovery, a free software tool that automates the manual process of auditing and cataloging on-premises identity environments. In a press release, Strata claims that the tool reduces cloud migration project times from months...
SC Magazine

AWS offers free online training for cloud architects

Amazon Web Services this week launched a new free online training series on Twitch that aims to build up the skills of cloud developers. The new series, the AWS Power Hour: Architecting, kicked off on Monday, July 12 and will...
SC Magazine

Websites repeatedly stalked by fraudulent copycats, say researchers

New research has shed some light on just how constantly corporate brands are bombarded by fraudulent attempts to impersonate their website domains. In its new “Impersonating Domains Report,” researchers at Digital Shadows found that over a four-month span this year,...
SC Magazine

New open data project looks to gauge success, failure of ransomware policy

The FBI notes in its annual IC3 report that ransomware is uniquely underreported, and its statistics can’t really be trusted. Various blockchain analysis groups have the means to compile ransomware statistics, but only for a price. That is unfortunate,...
SC Magazine

Microsoft fixes 117 vulnerabilities, four exploited in the wild

Microsoft on Tuesday picked up the pace on patching for July and released fixes for 117 vulnerabilities, four of which are being actively exploited in the wild.   July represents a dramatic shift from the relatively light releases security researchers have...
SC Magazine

Fashion brand Guess hacked, DarkSide ransomware group the likely culprit

Following news that noted fashion brand Guess suffered a data breach in which personal information may have been stolen, cybersecurity experts on Tuesday said that retailers should take this case as motivation to lock down their cyber defenses. News of...
SC Magazine

Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems

A major vulnerability in Schneider Electric’s Modicon programmable logic controllers can be chained with others to allow for remote code execution. A comprehensive patch is not expected until fourth quarter, according to the company, which expects to deliver short-term...
SC Magazine

Report: Cyberattacks drive 185% spike in health care data breaches in 2021

More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from the same time period last year where just 7.9 million individuals were affected according to a...
SC Magazine

Non-profit Global Business Alliance launches supply chain subsidiary

The Global Business Alliance, a non-profit devoted to raising foreign investment in U.S. industry, announced Tuesday a subsidiary to help international companies manage supply chain concerns.  GBA Sentinel will assist international companies operating in the U.S. that face a growing understanding...
SC Magazine

Could allowlisting reduce the impact of ransomware, cyberattacks on health care?

A recent IDC report confirmed the health care sector is more vulnerable to the consequences of cyberattacks than other industries and the most likely to suffer application downtime, with 53% of covered entities reporting downtime after an attack. Health care...
SC Magazine

EDR (alone) won’t protect your organization from advanced hacking groups

Endpoint detection and response systems can often serve as a frontline defense for many organizations, collecting and storing telemetry from dispersed employee devices and using it to detect malicious activities or behaviors. However, a recent experiment by academic researchers at the...
SC Magazine

Colorado’s new law ups need for privacy awareness training

Following in the footsteps of California and Virginia, Colorado last week became the third U.S. state to officially pass a comprehensive consumer privacy law. In doing so, the state added yet another layer of complexity for consumer-facing organizations striving...
Google

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...

BazarCaller – the malware gang that talks you into infecting yourself

Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.