RSS_Virtulization

The National Institute of Standards and Technology (NIST) has published new draft guidance for organizations concerning ransomware attacks.  The Cybersecurity Framework Profile for Ransomware Risk Management features advice on how to defend against the malware, what to do in the event of an attack, and how to recover from it.  NIST’s Ransomware Profile can be used by organizations that have already adopted the NIST Cybersecurity Framework and wish to improve their risk postures. It can also help…

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Black Kingdom, Darkside, Go, Klingon Rat, Microsoft PowerApps, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed….

The United States Securities and Exchange Commission (SEC) has launched a probe to determine whether some companies failed to disclose that they had been impacted by the 2020 hacking attack that compromised the SolarWinds Orion software supply chain. The assault on SolarWinds was discovered and disclosed by researchers at FireEye in December. The advanced persistent threat (APT) group behind the attack was able to compromise nine government agencies, critical infrastructure, and hundreds of private-sector organizations. Last month, SolarWinds CEO…

The most common type of BEC campaign involves a spoofed email account or website, according to GreatHorn. Image: iStock/OrnRin Email is one of the most popular tools exploited by cybercriminals to launch attacks against organizations. It’s quick and simple and it relies on social engineering to trick the recipient into falling for whatever scam is in play. One particular tactic favored by criminals is the Business Email Compromise (BEC) in which the scammer spoofs a…

Back in September 2020, I configured a SonicWall network security appliance to act as a VPN gateway between physical devices in my home lab and cloud resources on my Azure account. As I usually do with new devices on my network, I did some cursory security analysis of the product and it didn’t take long before I had identified what looked like a buffer overflow in response to an unauthenticated HTTP request. I quickly reported…

The new offerings are aimed at integrating security data across multiple on-prem and cloud environments and vendors to improve cybersecurity decision-making, the company says. Image: Mackenzie Burke Data analytics and cybersecurity platform provider Splunk announced Tuesday Splunk Security Cloud, a cloud-based security operations platform that integrates analytics, automated security operations and threat intelligence.  “At Splunk, we believe security is a data problem and data drives better decisions, providing the foundation for security analytics,” Sendur Sellakumar,…

Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government’s IT network. Norway’s Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack that breached the government’s IT network in 2018. The attribution of the attack to the APT31 grouo is based on the results of the investigation conducted by the Norwegian intelligence. The threat actors gained administrative rights then used them…

You came, you participated, you learned. You helped us pull off another DockerCon — and, my fellow developers, it was good. How good? About 80,000 folks registered for the May 27 virtual event — on a par with last year. We threw a lot at you, from demos and product announcements to company updates and more — all of it focused on modern application delivery in a cloud-native world. But some clear favorites emerged. Here’s…

There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you.  Globally, plenty of people pull double duty with their smartphones. In Spain, one survey found that 55% of people use the same phone for a mix of personal and and work activity. The same survey…

There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you.  Globally, plenty of people pull double duty with their smartphones. In Spain, one survey found that 55% of people use the same phone for a mix of personal and and work activity. The same survey…