RSS_Virtulization

There are more than 10 different advanced persistent threat (APT) groups exploiting recent Microsoft Exchange vulnerabilities, according to ESET research. Last week, Microsoft released out-of-band patches to fix multiple zero-day vulnerabilities believed to be being exploited by Chinese state-sponsored group Hafnium. The step was taken to protect customers running on-premises versions of Microsoft Exchange Server. However, today (March 10), ESET claimed the number of APT groups exploiting the vulnerabilities is believed to be in double-figures,…

Employees at Fortune 500 companies were found using passwords that could be hacked in less than a second, according to NordPass. Image: iStock/sasun bughdaryan Relying on passwords for security has become increasingly problematic. Devising and remembering a complex password for every account and website is virtually impossible on your own. Yet using weak and simple passwords is a recipe for data breaches, account takeovers, and other forms of cyberattack. A report released Wednesday by password…

On February 8, the world learned about a digital attack at the water treatment plant serving the 15,000-person City of Oldsmar, Florida. An operator at the water treatment plant observed someone remotely take control of his mouse and use it to change the setting of sodium hydroxide within the water from 100 parts per million (ppm) to 11,100 ppm. This change could have endangered public health if the operator had not immediately undone the attacker’s…

Microsoft released fixes for over 80 CVEs in yesterday’s Patch Tuesday update round, including a zero-day bug and several publicly disclosed vulnerabilities. In a week dominated by the exploitation on a massive scale of four zero-day Exchange Server flaws patched out-of-band by Microsoft last week, there’s yet more to do for sysadmins. The first is yet another zero-day, this time in Internet Explorer. “CVE-2021-26411 is a memory corruption vulnerability that could allow an attacker to target…

The purpose of every security team is to provide confidentiality, integrity and availability of the systems in the organization. We call it “CIA Triad” for short. Of those three elements, integrity is a key element for most compliance and regulations. Some organizations have realized this and decided to implement File Integrity Monitoring (FIM). But many of them are doing so only to meet compliance requirements such as PCI DSS and ISO 27001. However, file integrity…

Privacy in Practice: Securing Your Data in 2021 and Beyond Technological advancements continually emerge that make our lives easier. Right? As beneficial and convenient as emerging tech is, it can pose serious risks to our online safety and privacy—risks that you might find yourself ill-prepared to handle. In fact, according to our 2021 Consumer Security Mindset research, 45% of Canadian respondents don’t feel very confident about their ability to prevent a cyberattack and believe that…