Author: Asad Yaseen

Who loves tax season besides accountants? Hackers  It’s tax time in the United States, and even if you’re pretty sure you did everything right, you’re worried. Did I file correctly? Did I claim the right deductions? Will I get audited? Unfortunately, tax season brings out scammers eager to take advantage of your anxiety. The tax scam landscape First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get…

How to Spot, and Prevent, the Tax Scams That Target Elders Elder scams cost seniors in the U.S. some $3 billion annually. And tax season adds a healthy sum to that appalling figure. What makes seniors such a prime target for tax scams? The Federal Bureau of Investigation (FBI) states several factors. For one, elders are typically trusting and polite. Additionally, many own their own home, have some manner of savings, and enjoy the benefits…

Tripwire’s February 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Apache, VWware and Microsoft. First on the patch priority list this month is a patch for Apache Tomcat. The Apache Tomcat “Ghostcat” vulnerability, identified as CVE-2020-1938, has been recently added to the Metasploit Exploit Framework. Next on the list are patches for ESXi and vCenter. These patches resolve three issues including heap-overflow, SSRF, and remote code execution. Note that proof of concept exploit…

Have you ever noticed how closely your role as the CISO of your organisation resembles that of the Wizard from “The Wizard of Oz?” As the Wizard, you are expected to be all-knowing, all-seeing and all-powerful. Your role is to keep everyone safe from the evils of the world while frantically pulling levers, pressing buttons and turning dials behind the curtain. Life behind the curtain as a CISO Like Dorothy, many would be surprised about…

Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild. Background On March 2, Microsoft published out-of-band advisories to address four zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. In a blog post, Microsoft attributes the exploitation of these flaws to a state-sponsored group it calls HAFNIUM. The group has historically targeted U.S.-based institutions, which include “infectious disease researchers, law firms, higher education institutions,…

SANTA CLARA, Calif., March 2, 2021 /PRNewswire/ — Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, announced that it has completed its acquisition of Bridgecrew, a developer-first cloud security company. The acquisition will enable “shift left” security, with Prisma® Cloud becoming the first cloud security platform to deliver security across the full application lifecycle. “We are excited to welcome Bridgecrew to the Palo Alto Networks family,” said Nikesh Arora, chairman and CEO of Palo…