RSS_Virtulization

The Internet of Things (IoT) includes items such as smart appliances, smartwatches, and medical sensors.  For organizations to enjoy all of the benefits and convenience of IoT devices, enterprise customers must fully understand the potential risks and threats to their systems and the underlying data. IoT devices often lack built-in security controls, a situation which creates risks and threats for federal agencies and consumers.  As IoT devices proliferate, it is important for manufacturers to provide secure…

Between ransomware, cryptocurrency mining operations, and data breaches, threats to the modern cloud-native applications and workloads that enterprises use are undoubtedly on the rise. Meanwhile, attacker groups are becoming more effective and dangerous, leaving many organizations stuck between a rock and a hard place when it comes to cybersecurity. According to many practitioners, one of the greatest challenges in cybersecurity is the lack of mutual understanding between the many hats and roles within the field:…

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Babuk, Cryptocurrency, Data breach, FIN7, Proxyware, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending…

Does your company need a head of data privacy, a data breach response plan, blockchain technology or something else to keep its data safe? Here are some challenges and recommendations. Image: Lightspring/Shutterstock I wrote about Data Privacy Day to provide some tips and best practices in January, but it takes more than one day a year to properly focus upon data privacy. As a follow-up to see how things are going, I spoke to a…

Recently disclosed critical flaw in Atlassian Confluence Server is being exploited in the wild by attackers. Organizations should apply patches immediately. Background On August 25, Atlassian published a security advisory for a critical vulnerability in its Confluence Server and Data Center software. CVE Description CVSSv3 VPR* CVE-2021-26084 Confluence Server Webwork OGNL Injection 9.8 9.7 * Please note: Tenable’s…

  As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s…

Classes were canceled at a private university in Washington DC today following a cyber-attack.  Unusual activity was discovered on the Howard University (HU) network last Friday by HU’s information technology team. On Monday, the university announced that it was working with forensic experts and law enforcement to investigate a suspected ransomware attack.  While the investigation is ongoing, HU’s Enterprise Technology Services (ETS) shut down the university’s network. “The situation is still being investigated, but we are writing…

Achieving A Balance Between Public Protection and Public Privacy By Alan McConnell, Forensic Advisor, Cyan The importance of digital evidence contained on the personal devices of suspects, victims, and witnesses in assisting Law Enforcement investigate serious crime cannot be understated. However, never has the public’s awareness of their right to protect personal data on their devices (such as tablets, laptops, and smartphones) been as strong as it is today. While there appears to be a…

A British cybersecurity student has scammed an elderly woman out of thousands of dollars by pretending to be a member of Amazon’s technical support team.  Twenty-four-year-old Ramesh Karaturi contacted his victim over the phone and persuaded her to believe that cyber-attackers had compromised her Amazon account. Karaturi’s victim, who Cleveland Police said was a Scottish resident in her 60s, was then manipulated into installing what she thought was “protective anti-virus software” onto her computer. What the woman installed was a…

A couple from California who were convicted of using fake or stolen identities to claim millions of dollars in Covid-19 relief fraud fraudulently have gone on the run. Authorities said that Encino residents 37-year-old Marietta Terabelian and 43-year-old Richard Ayvazyan cut off their electronic monitoring anklets and absconded. In June, the husband and wife were found guilty of stealing $21m by using a mixture of stolen and fake identities to submit fraudulent applications to the United States’ Economic…