RSS_Virtulization

We live in a world that thrives on digital connectivity. According to We Are Social, Canadians are now spending half a day more a month online than they did a year ago. Also, 33 million Canadians logged on to the internet at least once a month in 2020. As more people every year are spending hours upon hours online, they are knowingly (and sometimes unknowingly) unsafely releasing their personal information into the digital ether, making them vulnerable to all sorts of…

We live in a world that thrives on digital connectivity. According to We Are Social, Canadians are now spending half a day more a month online than they did a year ago. Also, 33 million Canadians logged on to the internet at least once a month in 2020. As more people every year are spending hours upon hours online, they are knowingly (and sometimes unknowingly) unsafely releasing their personal information into the digital ether, making them vulnerable to all sorts of…

Fixing a serious security hole in the Windows Print spooler service, the patch is available for almost all versions of Windows, even Windows 7. Image: iStockPhoto/maxkabakov Microsoft has deployed a patch for a vulnerability so critical that even older, unsupported versions of Windows are receiving it. On Tuesday, the company rolled out a fix for the PrintNightmare flaw, a problem that could allow an attacker to take over a compromised computer to install software, modify…

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing, on its own, cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis, and are required by standards such as PCI, HIPAA, ISO 27001, etc. Vulnerability Scanning vs. Penetration Testing Penetration testing exploits a vulnerability in your system architecture while vulnerability…

Security researchers have discovered over 170 Android apps that have scammed tens of thousands of cryptocurrency enthusiasts into paying for non-existent services. Lookout Threat Lab revealed that 25 of the fraudulent apps were even listed on the official Google Play marketplace. It separated them into two groups, BitScam and CloudScam, although all use similar business models and the same coding and design. Both families of scam apps promise the user access to cryptocurrency mining services, capitalizing on a recent…

State-backed Russian hackers reportedly breached the Republican National Committee (RNC) last week, although the party denies any data was stolen. Two people familiar with the matter told Bloomberg of the attack, which is thought to have come from APT29 (Cozy Bear), a notorious Kremlin hacking group that was blamed for the 2016 info-stealing raid on the Democratic National Committee (DNC). The group was also pegged for the SolarWinds campaign and separate raids targeting IP related to COVID-19…

The corporate network can be a busy place with devices connecting, reconnecting and disconnecting every day. With the ever-growing landscape of today’s corporate networks, the difficulty of knowing and understanding what is on an enterprise network has highlighted the importance of effective asset discovery. So what does asset discovery involve? Asset discovery involves keeping a check on the active and inactive assets on a network. For many modern corporations, this will now include cloud, virtual,…

The White House has issued another strongly worded warning to the Putin administration: the US will take action against cyber-criminals living in Russia if the Kremlin doesn’t. Press secretary Jen Psaki explained that the two countries are continuing “expert-level” talks in the wake of the meeting between Presidents Biden and Putin last month. Another talk focused on ransomware is scheduled for next week. “I will just reiterate a message that these officials are sending,” she added….

Executive Summary Ryuk is a ransomware that encrypts a victim’s files and requests payment in Bitcoin cryptocurrency to release the keys used for encryption. Ryuk is used exclusively in targeted ransomware attacks. Ryuk was first observed in August 2018 during a campaign that targeted several enterprises. Analysis of the initial versions of the ransomware revealed similarities and shared source code with the Hermes ransomware. Hermes ransomware is a commodity malware for sale on underground forums…