RSS_Virtulization

Google has added an extra 30-day period to its vulnerability disclosure cycle to allow customers more time to fix vulnerabilities before technical details are released. The tech giant’s Project Zero team is a prolific researcher of industry vulnerabilities, and maintains a strict 90-day policy of public vulnerability disclosure after vendor notification, in order to pressure firms to issue patches quicker. “In practice however, we didn’t observe a significant shift in patch development timelines,” explained manager…

CSO Online | Apr 16, 2021 PwC Chief Information and Technology Officer James Shira is an expert on managing security’s big picture. With the growing focus on risk management from boards and senior leadership, James shares advice on keeping security and risk management a top priority for senior business leadership. We’ll discuss where security should be focusing efforts, risks businesses should be prioritizing, how to address the security talent shortage, and ways security leaders can…

The threat actors behind the infamous Trickbot botnet have been at work again, firing highly customized phishing emails targeting Slack and BaseCamp users with loader malware, according to Sophos. The British security vendor’s principal researcher, Andrew Brandt, explained that the campaign first appeared in January. Malicious emails contained links to malware payloads hosted on the cloud storage services provided by popular collaboration tools like Slack. “The emails also inserted the names of both the recipient…

Throw open the windows and let in some fresh air. It’s time for spring cleaning. And that goes for your digital stuff too. Whether it’s indeed spring where you are or not, you can give your devices, apps, and online accounts a good decluttering. Now’s the time. Cleaning them up can protect your privacy and your identity, because when there’s less lying about, there’s less for hackers to scoop up and exploit. The reality is…

As expected, the start of 2021 has seen unprecedented movement in the U.S. with 22 states introducing comprehensive privacy legislation and even more introducing specific-use legislation. To date, hundreds of privacy bills were introduced across the states; to give some perspective, more than 50 privacy bills were introduced in New York alone. Undoubtedly a hot topic, it seemed anyone with an idea for a privacy bill put it in writing and introduced it to their…

US Imprisons “Sadistic” Sextortionist A man from California has been sent to prison for cyberstalking two people and threatening to murder them unless they performed sex acts on him. US Judge Dolly Gee described the actions of Covina resident Carl De Vera Bennington as "sadistic" and "cruel” before handing him a custodial sentence. One of the victims of 34-year-old Bennington was just a teenager when he began targeting her. The cyberstalking took place over a period of…

Nine new DNS-related vulnerabilities have been identified across TCP/IP stacks embedded in millions of devices. Background On April 13, 2021, researchers at Forescout and JSOF published a report called NAME:WRECK. The report details the discovery of nine Domain Name System (DNS) vulnerabilities across four widely used open-source TCP/IP stacks. Conservative estimates suggest that the flaws are present in over 100 million devices. NAME:WRECK is the third TCP/IP report to stem from research conducted through PROJECT:MEMORIA;…

Jack Wallen shows you how to add an SSH tarpit to Ubuntu Server with the help of endlessh. Image: iStock/http://www.fotogestoeber.de In your never-ending quest to secure your Linux servers, you’ve probably found a lot of times the breaches happen through SSH. No matter how secure it is, it can still be cracked. That’s why you might need to consider setting up a tarpit for that service. Essentially, a tarpit will run on the standard SSH…