RSS_Virtulization

Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchange exploit campaign. The SolarWinds Supply Chain Attack In mid-December 2020, the security community learned that an advanced persistent threat (APT) had targeted SolarWinds’ Orion network management software with a backdoor. Tripwire VERT warned that the those responsible for the attack…

What the Defense and Intelligence Communities Need to Know About 5G By Brian Green, Senior Vice President, Booz Allen Hamilton With the potential to revolutionize global telecommunications, fifth-generation mobile technology (5G) forges connections between physical devices and the digital world – creating new opportunities to share, compute, and act upon information with unprecedented speed and at an unheard-of scale. For the defense and intelligence communities, 5G opens myriad possibilities to address operational needs, enhance mission…

By Boyd White, Director, Technical Account Management, Tanium Endpoint management is critical as agencies try to secure the knowns and unknowns in their IT environments. As cybercriminals become more sophisticated, IT teams need to not only mitigate known cyber breaches – but also need faster visibility and control when cybercriminals adapt their techniques. The recent threat of compromised software at SolarWinds is a good example of the quick pace in which agencies were forced to…

By Nir Gaist, Nyotron, Founder Cybersecurity has gone through many phases over the last few decades. Today, we hear about a new, more volatile-than-the-last attack every day that has the potential to disrupt business. These cyber-threats are hazardous to company structure and can lead to interruptions in production and loss of revenue. While these attacks may seem unavoidable, it is important to understand that a proper cybersecurity strategy, with the right defense mechanisms in place,…

Social media giant Facebook has removed thousands of groups from its platforms over the trading of fake and misleading reviews. The cull occurred after two separate interventions by Britain’s competition watchdog, the Competition and Markets Authority (CMA). In January 2020, Facebook committed to improving its identification, investigation, and removal of groups and other pages where misleading and fake reviews were being traded, and to preventing their return. Four months later, Facebook gave a similar pledge…

The United States has imprisoned the cyberstalker of a woman who, as a child, survived a violent assault that claimed the life of her friend.  According to court records, the victim was in a Texas bedroom with another girl in December 1999 when an assailant entered and slit both the little girls’ throats. The perpetrator was later caught and convicted of the crime. Alvin Willie George of Cross City, who has no connection to the…

Canada’s leading provider of laboratory diagnostic information and digital health connectivity systems today announced the launch of a new Vulnerability Disclosure Program (VDP). LifeLabs Medical Laboratory started the VDP program with the intention of strengthening cybercrime detection technology across its online tools, apps, and solutions. “Our goal is to continue to innovate and lead the health care industry in cybersecurity, offering the best protection and customer experience when accessing digital health records,” said LifeLabs CISO Mike…

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Threat actors are actively exploiting the CVE-2018-13379 vulnerability in Fortinet VPNs to deploy a new piece of ransomware, tracked as Cring ransomware (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom), to organizations in the industrial sector. The CVE-2018-13379 is a path traversal vulnerability in the FortiOS SSL VPN web portal that could be exploited by an unauthenticated attacker to download FortiOS system…

A substantial proportion of Brits choose passwords that are easy for cyber-criminals to predict, leaving them vulnerable to hacking. This is according to an independent survey carried out on behalf of the UK’s National Cyber Security Centre (NCSC). This found that when protecting their online accounts, people regularly use predictable passwords. These include pet names (15%), family members’ names (14%), a significant date (13%) and a favorite sports team (6%). Additionally, 6% of respondents admitted…

The security lessons organizations can take from insider attack trends were discussed by Neil Daswani, Co-Founder and Co-Director, Stanford Advanced Cybersecurity Program, during a RSAC 365 webcast. Daswani, author of the recently published book Big Breaches: Cybersecurity Lessons for Everyone, began by outlining trends there have been in regard to the volume of insider data breaches. From the period 2005-2009, the average number per year was under 25, but this figure subsequently surged during 2010-2014,…