RSS_Virtulization

Microsoft patch Tuesday security updates address four high and critical vulnerabilities in Microsoft Exchange Server that were reported by the NSA. Microsoft patch Tuesday security updates released today have addressed four critical and high severity vulnerabilities in Exchange Server (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483), some of these flaws were reported by the U.S. National Security Agency (NSA). All the vulnerabilities are remote code execution that could allow attacks to compromise vulnerable installs, for this reason, the IT giant urges…

The reports reveal an increase in requests from U.S. law enforcement agencies, and that the company received the most requests for content removal from China during this period. Image: Lucian Alecu/Getty Images Microsoft has released its latest biannual digital trust reports on the Microsoft Reports Hub. The reports consist of the Law Enforcement Requests Report, U.S. National Security Orders Report, Content Removal Requests Report and Digital Safety Content Report. The tech giant also released its…

The United States has indicted two Pakistani men on suspicion of operating an illegal online store that sold false identification documents on the dark web.  Karachi residents 34-year-old Mohsin Raza and 33-year-old Mujtaba Raza were charged in a six-count federal indictment unsealed in the District of New Jersey on April 15.  Each man is charged with conspiracy to produce and trade in false identification documents, three counts of transferring false identification documents, one count of false use of…

America has issued a cybersecurity advisory that urges organizations to patch vulnerabilities it says are being exploited by Russian Foreign Intelligence Service (SVR) actors. The warning was jointly issued on April 15 by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), as the US announced new sanctions against Russia. Titled “Russian SVR Targets US and Allied Networks,” the advisory lists five publicly known vulnerabilities and calls for network…

VMware Cloud on AWS GovCloud (US) has announced several updates over the last few quarters. VMware has been operating this service successfully for the last 15 months in AWS GovCloud (US-West) region – with Federal, Defense, State, and Local Government customers deploying hybrid cloud topologies and extending their data centers to the public cloud. Today we are pleased to announce several exciting updates to VMware Cloud on AWS GovCloud (US). The new networking and security…

By Stas Gaivoronskii, Malware Analyst at ANY.RUN Cybercriminals create new ways to make malware invisible for detection. They hide malicious indicators and behavior during analysis. Researchers need to know about different approaches to improve security. I have investigated evasion techniques that ANY.RUN service faces every day, and I would like to share my insights. Malware evasion Defense evasion is the way to bypass detection, cover what malware is doing, and determine its activity to a…

Ohio PKI-as-a-Service pioneer Keyfactor and Swedish PKI solutions provider PrimeKey have announced their intention to merge. Plans for the companies to come together under the Keyfactor brand “while committing to increased investments across all product lines” were shared on April 15.  PrimeKey was established 19 years ago by the company’s CTO, Tomas Gustavsson, who developed an interest in computer code as a child. Today the company works with partners and customers across six continents from its headquarters in Solna, Stockholm.  Describing how…

The UK data protection landscape is a lot more complex following Brexit. Many organisations are now subject to both the EU GDPR (General Data Protection Regulation) and the UK GDPR (General Data Protection). The UK version was born out of the EU GDPR, so you might think that there are only cosmetic differences and that minor actions are required to adjust your documentation and compliance practices. Unfortunately, it’s not that straightforward. If you haven’t done…

Nearly half (44%) of UK remote workers have had monitoring software installed by their employer, but the trend is pushing many into more insecure practices, Kaspersky has warned. Around a year after the pandemic forced a majority of UK employees to work-from-home, the Russian AV vendor polled 2000 full-time staff to understand levels of trust among managers and employees. Monitoring software can be an important bulwark against non-compliant and risky user behavior, especially given the…

Google has added an extra 30-day period to its vulnerability disclosure cycle to allow customers more time to fix vulnerabilities before technical details are released. The tech giant’s Project Zero team is a prolific researcher of industry vulnerabilities, and maintains a strict 90-day policy of public vulnerability disclosure after vendor notification, in order to pressure firms to issue patches quicker. “In practice however, we didn’t observe a significant shift in patch development timelines,” explained manager…