RSS_Virtulization

According to Risk Based Security’s 2020 Q3 report, around 36 billion records were compromised between January and September 2020. While this result is quite staggering, it also sends a clear message of the need for effective database security measures. Database security measures are a bit different from website security practices. The former involve physical steps, software solutions and even educating your employees. However, it’s equally important to protect your site to minimize the potential attack…

Proof-of-concept exploit scripts for a critical remote code execution flaw, along with mass scanning activity, indicate that organizations should apply vCenter Server patches immediately. Background On February 23, VMware released a security advisory (VMSA-2021-0002) to address two vulnerabilities in vCenter Server, a centralized management software for VMware vSphere systems, as well as a vulnerability in the VMWare ESXi hypervisor. The most notable vulnerability disclosed as part of this advisory is CVE-2021-21972, a critical remote code…

A new FlexJobs survey reveals 14 of the most common–and successful–job-search scams. Here’s how to identify them and not become a victim. Image: iStock/Melpomenem Many remote workers, notably those who made the transition last year at the start of the pandemic, are at a higher risk of becoming a potential target of scammers. A year ago, there was a scramble for companies to quickly send on-premises employees to work from home and the fast-tracking put…

By Randy Reiter CEO of Don’t Be Breached So far three malware strains have been identified in the SolarWinds supply chain attack. They are the SUNBURST, SUPERNOVA, and TEARDROP malware strains. Russian hackers used the malware to potentially gain access to 18,000 government and private networks via the Solarwinds Orion network management product. Initially, it was believed that only a few dozen of the networks were gained access to by the hackers. Further investigative work…

As organizations embark on their multi-cloud journey, making sure they are cloud-ready is a critical ingredient for success. Kit Colbert said it best in his recent blog post looking at whether multi-cloud is a strategy or an inevitable outcome. In either case, having a multi-cloud plan is a must! As part of this cloud readiness, public cloud vendors have traditionally provided guidance in the form of an architectural framework. These frameworks primarily focus on the…

The United States Senate’s select committee on intelligence met yesterday to hear evidence from tech executives regarding the historic hack on Texas-based company SolarWinds.  Government agencies issued emergency directives in December after cybersecurity company FireEye detected a supply-chain attack trojanizing SolarWinds’ Orion business software updates to distribute malware. Using SolarWinds and Microsoft programs, hackers believed to have been working for Russia attacked nine federal agencies and around 100 American companies. The committee heard that both the scale and sophistication of the attack were greater…

One in four remote workers reuses work credentials on consumer sites, but IT isn’t doing them any favors by reportedly failing to provide essential protection while away from the office. Image: iStockphoto/Metamorworks Remote work has proliferated since the beginning of the COVID-19 pandemic, but nearly a year in cybersecurity hasn’t caught up, leaving businesses incredibly vulnerable. The thing is, IT software company Ivanti found, it isn’t just end users to blame for the shortcomings.  SEE: Identity…

To better combat cyberattacks, prevention is better than detection, says Check Point Software. Image: iStock/sdecoret As the world grappled with the coronavirus pandemic last year, ransomware and other forms of cyberattack shifted into high gear. Savvy cybercriminals knew just which vulnerabilities to exploit to carry out their attacks. In the face of looming cyberthreats, a report released Wednesday by cyber threat intelligence provider Check Point Research provides tips on how to better protect your organization…

Europe’s leading information security event Infosecurity Europe, originally scheduled for June 8-10 2021 at London Olympia, will now take place at a later date in the year, organizer Reed Exhibitions has announced. This is due to the current situation regarding the COVID-19 pandemic. A statement from Reed Exhibitions outlined: “Following the UK Prime Minister’s announcement on the gradual lifting of COVID-19 restrictions in England we are now working closely with our partners and venue to obtain suitable…

The former CEO of a regulated electric and natural gas public utility in South Carolina is due to plead guilty today in federal court to conspiracy to commit mail and wire fraud. Kevin B. Marsh is the ex-CEO of SCANA Corporation and former chairman of its board of directors. The Cayce-based company, which was the only Fortune 500 company in South Carolina, merged with Dominion Energy in January 2019 after an incident known as the Nukegate scandal caused its stock price…