Author: Admin

Dr. Peter Stephenson It’s been a bit over a year since I published my review of Attivo BOTSink and today the company’s product suite does not look at all the same. Of course, one would expect that from a company selected as one of ten Black Unicorns by “Cyber Defense Magazine”, but the differences, while perhaps surprising in some ways, are intuitively logical if one examines the problem Attivo is solving. A year ago my…

Jack Wallen makes his case for Android users to switch from Chrome as their default browsers. He also shows you how. Image: rafapress/Shutterstock I’m going to be honest here, I don’t use a web browser very often on Android. Most often I stick with specific applications. Now, I get that some of those applications are Single Page Web apps that are probably using bits of Chrome under the hood. But as far as using a…

Microsoft patched 55 CVEs in the November 2021 Patch Tuesday release, including six rated as critical, and 49 rated as important. Elevation of privilege (EoP) vulnerabilities accounted for 36.4% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 27.3%. CVE-2021-42321 | Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-42321 is a RCE vulnerability in Microsoft Exchange Server. The flaw exists due to the improper validation of command-let (cmdlet)…

A full 95% of professionals surveyed by Tripwire believe the government should play a bigger role in securing non-governmental companies. Image: istock/BCFC In response to the recent wave of high-profile ransomware attacks, the U.S. government has been taking a more active role in the battle against cybercrime. Beyond going after ransomware gangs and recovering money stolen from victims, the feds have been announcing new initiatives and pushing federal agencies to better secure themselves. But is…

Small and mid-sized businesses (SMBs) were today granted free access to a virtual security awareness training program. The program was put together by six-year-old security awareness training company Curricula, which is based in Atlanta, Georgia. In a statement released Tuesday, Curricula said: “Our team at Curricula is proud to announce a free security awareness training program designed to help protect organizations with up to 1,000 employees build a security culture at no cost.” Under the training project, any…

  Amandeep Kaur was given a life-changing opportunity to leave her small village and move to the United Kingdom to stay with her aunt and uncle and study Information Security and Computer Forensics at a university of her choice. She followed her passion and, as a result, was able to start a new career in cybersecurity. But, for many women, opportunities like these are hard to find. In this edition of our blog, Amandeep explains…

The security company expects these attacks to keep rising through the end of the year. Image: Igor Stevanovic, Getty Images/iStockphoto Q3 beat every record in terms of daily number of DDoS attacks, according to a new report from Kaspersky. On August 18, Kaspersky observed 8,825 attacks, with more than 5,000 on both August 21 and 22. The total number of DDoS attacks was up 24% compared to Q3 2020 while the number of advanced, “smart”…

This month brings us yet another critical RCE (Remote Code Execution) bug found in the RDP (Remote Desktop Protocol) Client which has also been ported to the Hyper-V Manager “Enhanced Session Mode” feature. User interaction is a prerequisite since the vulnerability lies within the RDP client, requiring a victim to connect to a malicious RDP server. Vulnerability Analysis: CVE-2021-38666 This RCE bug is very closely related to CVE-2021-34535 and to CVE-2020-1374 , where there is a…