RSS_Virtulization

Co-authored by: P, Sriram, and Deepak Setty ‘Tis the season for scams. Well, honestly, it’s always scam season somewhere. In 2020, the Internet Crime and Complaint Center (IC3) reported losses in excess of $4.1 billion dollars in scams which was a 69% increase over 2019. There is no better time for a scammer celebration than Black Friday, Cyber Monday, and the lead-up to Christmas and New Year. It’s a predictable time of the year, which…

How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.  In other words, we leave trails of data practically wherever we…

The Panasonic Corporation has disclosed a data security incident in which an undisclosed amount of data was compromised. In a statement issued Friday, the major Japanese multinational conglomerate announced that an unauthorized third party had gained access to its network on November 11.  An internal investigation was launched that determined that the intruder had accessed some data stored on a file server. Panasonic did not say how much data was compromised in the incident or whether any sensitive information…

Threat Summary This month it was disclosed that a Microsoft vulnerability that allows for local privilege elevation, previously patched in the November 2021 Patch Tuesday, is still exploitable and was not patched correctly. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network. Figure 1. MITRE ATT&CK Matrix for Windows Zero-Day in MVISION Insights The vulnerability affects all supported versions of…

The United States’ Cybersecurity and Infrastructure Security Agency (CISA) is exploring a protective email service (PES) that can be used to make Federal Civilian Executive Branch (FCEB) email safer.  In October 2017, the Department of Homeland Security took action against the spoofing of domains and organizations by mandating DMARC or domain-based message authentication, reporting and conformance standards by all federal agencies in its Binding Operational Directive 18-01.  Now, CISA is asking the cybersecurity industry for feedback…

Private equity firm Clearlake Capital Group LP has agreed to acquire Californian tech company Quest Software from its current owner, Francisco Partners.  The terms of the planned transaction have not been disclosed. However, Quest has been valued at $5.4bn, including debt, according to unnamed sources quoted by The Wall Street Journal. A statement announcing the acquisition was released earlier today. It revealed that current CEO of Quest, Patrick Nichols, will remain at the helm after the acquisition has been completed to lead the existing executive…

Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1. Image: iStock/ cyano66 Patch management is one of the trickiest but most essential tasks you can take to protect your software, systems and other assets. Cybercriminals know that organizations often fail to properly or quickly patch known vulnerabilities, leaving this a key vector for attack. Patching security holes has become even more difficult with the advent of…

Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime groups. The increased demand for exploits is fueling a millionaire market where these malicious codes are incredibly expensive. Researchers from Digital Shadows published an interesting research titled “Vulnerability Intelligence: Do you know where your flaws are?” that shed the light on how the vulnerability criminal industry…

A cyber-attack which paralyzed Iran’s gas stations last month was launched by Israeli operatives, as tension between the Middle East rivals continues to escalate, according to a new report. Two unnamed US defense officials attributed the October 26 attacks to Israel, according to the New York Times. It may have been timed to coincide with nationwide protests in Iran two years ago, which resulted from a hike in fuel prices at the pump. This time, not only…