RSS_Virtulization

One month after disclosing four zero-day vulnerabilities in Exchange Server, Microsoft addresses four additional vulnerabilities discovered by the National Security Agency (NSA). Background On April 13, as part of its April 2021 Patch Tuesday release, Microsoft addressed four critical vulnerabilities in Microsoft Exchange Server. The disclosure follows last month’s out-of-band (OOB) security update which addressed four zero-day vulnerabilities in Exchange Server that were exploited in the wild by an advanced persistent threat group known as…

Microsoft addresses 108 CVEs, including CVE-2021-28310 — which has reportedly been exploited in the wild — as well as four new remote code execution vulnerabilities in Microsoft Exchange. 19Critical 88Important 1Moderate 0Low Microsoft patched 108 CVEs in the April 2021 Patch Tuesday release, including 19 CVEs rated as critical, 88 rated as important and 1 rated as moderate. This month’s Patch Tuesday release includes fixes for Azure…

A teenager from upstate New York has killed himself after experiencing cyber-bullying and online blackmail.   The family of 15-year-old Riley K. Basford say he was tricked into sharing “personal” images over social media by a scammer posing as Basford’s girlfriend.  After obtaining the sensitive images, the scammer threatened to share them online and send them to Basford’s family and friends unless the teen paid $3,500.  The teenager’s family say that Basford was “bombarded” with threats…

The global cybersecurity services market will be worth $192.7bn in seven years’ time, according to a new report by Grand View Research, Inc.  Researchers believe that the market size, valued at $91.15bn in 2020, will expand at a compound annual growth rate (CAGR) of 10.2% from 2021 to 2028.  Factors expected to drive the growth of the market size include the predicted continuance of cybersecurity breaches impacting enterprises and individuals and feeding the need to tackle vulnerabilities…

Fitch Ratings is warning that cyberattacks could pose a risk to water and sewer utilities potentially impacting their ability to repay debt. Fitch Ratings Inc. is an American credit rating agency and is one of the “Big Three credit rating agencies”, the other two being Moody’s and Standard & Poor’s. It is one of the three nationally recognized statistical rating organizations (NRSRO) designated by the U.S. Securities and Exchange Commission in 1975. Fitch Ratings published…

SecurityScorecard has partnered with credit rating firm Fitch Ratings, in a move designed to provide investors with clearer insights into companies’ cybersecurity postures. The announcement comes more than a year since the start of COVID-19 pandemic, a crisis which has led to many companies undergoing rapid digitization programs and shifting to remote working models. This has, in turn, widened the attack surface for cyber-criminals, making businesses more vulnerable to breaches. In this landscape, cyber-risk is…

A majority of the open source codebases found in commercial applications analyzed by Synopsys contained security vulnerabilities. Image: Getty Images/iStockphoto Applications that use open source code offer a host of benefits, including transparency, flexibility, cost effectiveness and community support. But how do such products fare on security? Though the community-based approach toward open source means that security flaws should be identified quickly, patching those flaws and applying the patches is another matter. SEE: Top 5 programming…

Two of Tasmania’s four casinos have been forced to close their doors following a cyber-attack. Threat actors struck the Australian island state’s sole casino operator Federal Group with ransomware on April 3. The attack affected hotel booking systems in the company’s Wrest Point and Country Club venues, sited in Sandy Bay and Launceston, respectively. The venues’ slot machines, known as pokies in Tasmania, were also impacted and have been out of service since the attack.  Federal…

A couple of weeks ago, VMware announced VMware Cloud Universal, a new flexible program that simplifies the purchase of VMware Cloud infrastructure services and management services across multi-cloud environments, providing customers with choice and flexibility in how they adopt VMware Cloud modular offerings over time and at their own pace. Today, VMware officially launches the VMware Cloud service, a multi-cloud service for all apps across data center, edge, and public cloud environments and the new…

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cobalt Group, FIN6, NetWalker, OilRig, Rocke Group, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending…