RSS_Virtulization

More than a billion records were exposed after a misconfiguration error left a CVS Health cloud database without password protection. The 240GB of unsecured data was discovered by WebsitePlanet and security researcher Jeremiah Fowler in a cooperative investigation.  Because of the security oversight by CVS Health, which owns CVS Pharmacy and Aetna, a total of 1,148,327,940 records were exposed. Information that was left publicly accessible to anyone who knew how to look for it included customers’ search histories detailing their…

  To follow up on an earlier communication, PCI SSC is now targeting a Q1 2022 publication date for PCI DSS v4.0. This timeline supports the inclusion of an additional request for comments (RFC) for the community to provide feedback on the PCI DSS v4.0 draft validation documents.

Written by Sean Lyngaas Jun 17, 2021 | CYBERSCOOP Days after Israel and Gaza-based militant group Hamas agreed to a ceasefire in May, Arabic-speaking hackers resumed an effort to break into government networks in the Middle East, according to research published Thursday. The hacking group, known as MoleRATs, sent target organizations a malware-laced PDF claiming to be a report on Hamas members meeting with the Syrian government, security firm Proofpoint said. The malicious code is…

Australians’ lives were disrupted on Thursday by a widespread internet outage that impacted the country’s mail service and multiple businesses, including banks and airlines. The outage began in the early hours and was caused by a problem at Akamai Technologies, a global content delivery network (CDN) and cybersecurity and cloud service provider.  Akamai, which is based in Cambridge, Massachusetts, has acknowledged the issue, but has not yet disclosed the cause of service disruptions to its hosting platform,…

How well can you predict, prevent and respond to ever-changing cyberthreats? How do you know that your security efforts measure up? The stakes are high if this is difficult to answer and track.  Imagine if you had one place where you found a comprehensive real time security posture that tells you exactly where the looming current cyber risks are and the impact?  Let’s consider a recent and relevant cyber threat. Take, for example, the May…

By Guy Rosefelt, Security CMO, Sangfor Technologies What is XDR? One of the latest trends in cybersecurity is Extended Detection and Response, more commonly known as XDR.  Although originally defined by Palo Alto Networks as a key capability, other security vendors have released some type of XDR functionality and of course all define and approach it differently.  Gartner defines XDR as “…a unified security incident detection and response platform that automatically collects and correlates data…

Six people alleged to be part of the notorious CLOP ransomware gang have been detained and charged by Ukrainian police, following nearly two dozen raids across the country. According to a statement released by the Ukraine’s cyber police, the hacking group is thought to have inflicted $500 million worth of damage on universities and organisations it exfiltrated data from and infected with ransomware. The arrests are said to be connected to ransomware attacks that took…

Peloton bike users could be spied on while working out, according to new research by McAfee’s Advanced Threat Research team. The team discovered a vulnerability (CVE-2021-3387) in the touchscreen of the $2,495 Bike+ that allows it to be controlled remotely by a threat actor without any interference to the equipment’s operating system. Hackers could exploit the flaw to install malicious apps that spoof Netflix or Spotify to steal personal details and login credentials.  Researchers also found that the…

The London Office for Rapid Cybersecurity Advancement (LORCA) has launched a new initiative designed to propel the growth of UK cyber startups. LORCA Ignite will see six of the most successful companies that have graduated from the LORCA accelerator program during the past three years participate in a new, intensive program, which will help them achieve rapid scale and commercial growth. LORCA is a government-backed initiative that started in 2018 to accelerate the growth of UK cyber startups….

The REvil ransomware gang made the headlines again, the group hit the US nuclear weapons contractor Sol Oriens and stole the victim’s data. US nuclear weapons contractor Sol Oriens was hit by a cyberattack carried out by the REvil ransomware operators, which claims to have stolen data. Sol Orien provides consultant services to the National Nuclear Security Administration (NNSA), it confirmed to have suffered a cyber attack via Twitter. Sol Oriens statement to us now: “In May…