RSS_Virtulization

  PCI DSS requirements may apply to work-from-home (WFH) environments in different ways, depending on the entity’s business and security needs and how they have configured their infrastructure to support personnel working from home. Additionally, the job functions an individual is performing may also affect how PCI DSS applies—for example, whether an individual requires access to payment card account data or to the entity’s CDE, and the type of access required.

Storage drive maker Western Digital is telling owners of its WD My Book Live device to disconnect it from the internet after reports that some have had their data erased by malicious software. According to an advisory issued by the firm, malicious attackers are compromising the devices – commonly used to back up data such as home movies, photographs, and important documents – resulting in their entire contents being wiped in some cases. Western Digital…

Amazon Web Services (AWS) has launched an ambitious initiative to fix one million vulnerabilities and, as a result, reduce technical debt by over $100 million. The cloud giant’s principal evangelist, Martin Beeby, said its new AWS BugBust would take the idea of a bug bash to a new level. “AWS BugBust allows you to create and manage private events that will transform and gamify the process of finding and fixing bugs in your software. It…

Security researchers have warned that at least 30 million Dell computers may be at risk after discovering multiple vulnerabilities that could allow attackers to execute arbitrary code within the machines’ BIOS. Security vendor Eclypsium said 129 Dell models were affected by the chain of four bugs, which have a cumulative CVSS score of 8.4 (high). “These vulnerabilities enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state of…

A misconfigured cloud database exposed over 800 million records linked to WordPress users before its owner was notified, according to Website Planet. Security researcher Jeremiah Fowler explained that the trove was left online with no password protection by US hosting provider DreamHost. The 814 million records he found were traced back to the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In the 86GB database, there was purportedly admin and…

DarkRadiation is a new strain of ransomware implemented in Bash that targets Linux and Docker cloud containers and leverages Telegram for C2. Trend Micro researchers spotted a new strain of ransomware, dubbed DarkRadiation, which is writted in Bash script and target Linux distributions (Red Hat/CentOS and Debian) and Docker cloud containers. The ransomware uses OpenSSL’s AES algorithm with CBC mode to encrypt files and leverages Telegram’s API for C2 communications. The ransomware appends radioactive symbols…

A man has been found guilty of cyber-stalking his former girlfriend in an attempt to prevent her husband from being elected to the Nebraska Legislature.  Forty-eight-year-old Nebraskan Dennis Sryniawski obtained a sexually explicit photograph of La Vista resident Dianne Parris with her consent when the pair were in a romantic relationship more than two decades ago. However, Parris told the World-Herald that she never gave her former boyfriend consent to distribute the image. When Dianne’s husband, Jeff Parris, was…