RSS_Virtulization

Dubbed Modipwn, the vulnerability affects a wide variety of Modicon programmable logic controllers used in manufacturing, utilities, automation and other roles. Image: metamorworks, Getty Images/iStockphoto A vulnerability discovered in Schneider Electric’s Modicon programmable logic controllers, used in millions of devices worldwide, could allow a remote attacker to gain total and undetectable control over the chips, leading to remote code execution, malware installation and other security compromises. Discovered by security researchers at asset visibility and security…

Proofpoint security analysis details the latest attack that uses the lure of speaking at a conference to steal credentials. Image: iStock/OrnRin SpoofedScholars is a new credential phishing attack that uses a University of London website to steal information from researchers who specialize in the Middle East, according to new analysis from Proofpoint. Proofpoint reports that senior think tank analysts, journalists focused on Middle Eastern affairs and professors are the targets in this latest attack.  The…

President Joe Biden expressed concerns about ransomware attacks carried out by Russian gangs during a phone call with President Vladimir Putin. The recent wave of ransomware attacks carried out by Russian gangs like REvil and Darkside worries US authorities and was discussed by Presidents Biden and Putin during a phone call. The ransomware attacks against Colonial Pipeline, JBS, and Kaseya are just the tip of the iceberg, Russian criminal gangs are targeting organizations worldwide causing…

Messaging apps are becoming some of the most popular smartphone programs in the world, and that means more attempts to phish their users, Kaspersky finds. Image: iStock/weerapatkiatdumrong New data from Kaspersky reveals that messaging apps for Android devices are wildly popular targets for phishing scammers. Of all the phishing attempts on Android messaging platforms between December 2020 and May 2021, WhatsApp led the pack with a whopping 89.6% of detected attacks. SEE: How to manage…

The latest guidance in the Executive Order on Improving the Nation’s Cybersecurity (EO), Section 2, discusses removing the barriers to sharing threat information. It describes how security partners and service providers are often hesitant or contractually unable to share information about a compromise. The EO helps ensure that security partners and service providers can share intelligence with the government and requires them to share certain breach data with executive level departments and agencies responsible for investigating…

VMware Cloud on AWS has been helping customers migrate, extend and protect their vSphere workloads to the AWS Cloud in a fast, yet cost-effective manner. And once in the cloud, customers can modernize applications as per their needs with minimal disruption to their business. Many customers across different industries and geographies are using VMware Cloud on AWS to accelerate their hybrid cloud journey. e.g. GFK, a global leader in data and analytics for the consumer…

Tripwire’s June 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Cacti, Docker, Adobe, and Microsoft. First on the patch priority list this month are patches for Microsoft SharePoint (CVE-2021-31181), Cacti (CVE-2020-14295), and Docker (CVE-2019-5736). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible. Up next are patches for Adobe Reader and Acrobat that resolve five issues including out-of-bounds read and…