RSS_Virtulization

The Federal Bureau of Investigation and Michigan State Police are investigating a cyber-attack on a Michigan school district. District administrators at Saginaw Township Community Schools began experiencing IT issues on Sunday following what is believed to have been a ransomware attack on the district’s computer network.  Investigators are in contact with the cyber-criminals behind the attack. It is not yet clear how the threat actors gained access to the network. “They are communicating almost daily with the…

A Chinese security researcher published a PoC code for the CVE-2021-21972 vulnerability in VMware Center, thousands of vulnerable servers are exposed online. A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972 RCE vulnerability affecting VMware vCenter servers. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. The flaw could be exploited by remote, unauthenticated attackers without…

The winners of the first Cyber Community Awards have been announced by the Scottish Business Resilience Center (SBRC) – a non-profit organization that supports and protects Scottish businesses. The SBRC-run awards – established to recognize the contributions of individuals and organizations helping to strengthen and secure Scotland’s online communities – include three main categories of Student Community Champion, Outstanding Cyber Community Event and Cyber Community Hero. The winners, announced during a virtual awards ceremony held on February 25,…

  Industry feedback is fundamental to the evolution of the PCI Data Security Standard (PCI DSS). Because of the broad impact PCI DSS has on the payment community, the Council is seeking additional feedback into the PCI DSS v4.0 validation documents. As a result of expanding stakeholder feedback opportunities to include these supporting documents, the Council is now targeting a Q4 2021 completion date for PCI DSS v4.0. The publication and availability of PCI DSS…

Cybersecurity training and certifications organization (ISC)2 has named instructor-led education provider Learning Tree International as its first global Premier Partner. The collaboration between the two companies is part of a new tiered partnership program for Official Training Providers which will see (ISC)2 and Learning Tree International work together to engage with and educate aspiring cybersecurity professionals around the world to help address the cyber-skills shortage. “In the mission to provide education for the world’s future cybersecurity…

TikTok has agreed to pay $92m to settle multiple privacy lawsuits alleging the social network took and shared user data without consent, according to reports. The proposed settlement applies to 89 million US TikTok users whose data the firm is alleged to have sold to advertisers in violation of state and federal laws. Some of these third parties are said to be China-based businesses. According to NPR, the settlement comes on the back of 21 federal…

Chinese Communist Party-backed hackers have been spying on Tibetan activists via a malicious new Firefox extension, according to Proofpoint. The security vendor explained that it had seen low-level phishing campaigns against the Tibetan diaspora since March 2020, but that these took another turn in the first two months of 2021 with the use of a customized malicious extension dubbed “FriarFox. “We attribute this activity to TA413, who in addition to the FriarFox browser extension, was…

One of the UK’s largest energy firms has been forced to deactivate its mobile app after reports emerged of a coordinated credential stuffing campaign against users. Npower has informed all of the affected customers, although it’s unclear exactly how many had their accounts hijacked by attackers. Data that may have been viewed includes personal information like: dates of birth, contact details and addresses, partial financial information including sort codes and the last four digits of bank…

EEMA has announced the appointment of David W.G. Birch as its honorary president, joining creator of the Seven Laws of Identity paper, Kim Cameron, in holding this title. Birch has been a member of the EEMA board of management for the past five years, representing the European Think Tank as a speaker, author, advisor and commentator on digital financial services and digital identity. Birch holds a number of board and advisory positions in Europe and…

“We are currently fighting not only the covid-19 pandemic, but also an epidemic that is spreading through cyberspace: ransomware,” DHS Secretary Alejandro Mayorkas said at the President’s Cup Cybersecurity Competition. Mayorkas’s comments came as DHS announced $25 million in cybersecurity grants to put cybersecurity at the top of the agency’s agenda as a part of a larger security initiative.  “With this funding, state and local grant recipients can conduct cybersecurity risk assessments, strengthen their ‘dot…