RSS_Virtulization

Whilst employment has taken a downward curve over the last year or so, there are a variety of approaches I use when applying for a role to help my CV stand out. One key point is knowing what the job entails before submitting my cover letter and CV. This allows me to tailor my message effectively. Additionally, it enables me to find positions that I might not have originally considered. One position I think more…

Several digital attacks against pharmaceutical companies have made news in the past few years. Back in 2017, for instance, Merck fell victim to NotPetya. The wiper malware spread to the pharmaceutical giant’s headquarters, rendered years of research inaccessible, affected various production facilities and caused $1.3 billion in damages, according to Bloomberg News. A couple of years later, European Pharmaceutical Review reported that Swiss multinational healthcare company Roche had suffered an attack at the hands of…

Use “Imaginary Enemy” methodology to mitigate APT Attack By Jamal Uddin Shaikh, Cybersecurity Architect and Technology Lead , Appxone Introduction Early in the morning, I was pulled up by the leader to analyze the FireEye incident. The entire security circle in the Moments of Friends was also boiling, but as the analysis deepened, it was found that it was a little “big-skilled”. There were no sophisticated tools and technical solutions that I wanted. They were all…

Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release. Background On April 20, Pulse Secure, which was acquired by Ivanti last year, published an out-of-cycle security advisory (SA44784) regarding a zero-day vulnerability in the Pulse Connect Secure SSL VPN appliance. In addition to the advisory, Pulse Secure also published a blog post detailing observed exploit behavior related to the zero-day as well others linked…

Men’s social networking website and online dating application Manhunt has suffered a data breach.  According to a security notice filed with the office of the Washington attorney general on April 1, the 20-year-old site was compromised in a cyber-attack that took place in February 2021. An unauthorized third party downloaded personal information belonging to some Manhunt users after gaining access to the company’s account credential database. The compromised database contained customers’ usernames, email addresses, and passwords. After discovering that…

By Alan Kakareka, InfoSec consultant to businesses, Demyo inc. The year 2020 has so far represented, the biggest change in the way we live and interact with our environment. After OSM declared a global pandemic state because of the emergence of covid-19, it is accurate to say that within all the chaos, we had to adapt ourselves to a series of changes, not only to survive the virus but to cope with those in our…

A former pro baseball player and coach turned sports psychologist believes there is much cybersecurity pros can learn from sports mental conditioning. He wants to help them hit more home runs. Illustration: Getty Images/Lisa Hornung One of the hardest things to accomplish in sports is to hit a baseball. If a professional baseball player gets a hit 30% of the times they step up to the plate, they’re likely headed for the Baseball Hall of…

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips. The new variant also implements new features for data-stealing focused on cryptocurrency apps. XCSSET is a Mac malware that was discovered by Trend Micro in August 2020,…

Map, monitor and manage your attack surface to stay a step ahead By Stijn Vande Casteele, Founder and CEO, Sweepatic All organizations rely heavily on web presence to display their brand and/or products, reach their audience and streamline their processes. They deploy assets connected to the internet to achieve these goals. The benefits of the cloud, marketing websites and online services are obvious, but there are risks associated with any online presence. So, it becomes…

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android Malware, Dependency Confusion, Ransomware, Russia, SaintBot and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber…