RSS_Virtulization

Following reports of in-the-wild exploitation, Google released a patch for the third browser-based zero-day vulnerability of 2021. Background On February 4, Google published a stable channel update for Chrome for Desktop. This release contained a single security fix to address a critical zero-day vulnerability that had been exploited in the wild. Analysis CVE-2021-21148 is a heap buffer overflow vulnerability in V8, Google Chrome’s open-source JavaScript and WebAssembly engine. Its discovery is credited to Mattias Buelens, who…

1. Attackers have a plan, with clear objectives and outcomes in mind. Do you have one? Clearly this was a motivated and patient adversary. They spent many months in the planning and execution of an attack that was not incredibly sophisticated in its tactics, but rather used multiple semi-novel attack methods combined with persistent, stealthy and well-orchestrated processes. In a world where we always need to find ways to stay even one step ahead of…

Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout. ApoevAndrey, Getty Images/iStockphoto Cybercriminals who hire themselves out for DDoS (Distributed Denial of Service) campaigns are beefing up their attacks by abusing a popular media library tool. In an alert published Wednesday, network monitoring firm Netscout warned of an exploit against Plex Media Server, a media library and streaming system that…

The University of South Carolina (UofSC) has struck up a partnership with the Palmetto State to develop a statewide cyber-ecosystem aimed at making South Carolina a highly competitive player in the cyber-industry. The new alliance was announced Thursday, February 4, by South Carolina governor Henry McMaster and the University’s president, Bob Caslen. Under the ecosystem, the efforts of South Carolina’s public and private organizations operating in the cyber-field will be aligned according to one unified vision.  “The university looks…

SonicWall has released a security patch to address the zero-day flaw actively exploited in attacks against the SMA 100 series appliances. SonicWall this week released firmware updates (version 10.2.0.5-29sv) to address an actively exploited zero-day vulnerability in Secure Mobile Access (SMA) 100 series appliances. The vulnerability, tracked as CVE-2021-20016, has been rated as critical and received a CVSS score of 9.8. A vulnerability results in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product, it could…

A charity that protects and restores woodland in England, Northern Ireland, Scotland, and Wales has been targeted by a “sophisticated, high level” cyber-attack.  According to a security incident notification published by the Woodland Trust on its website, attackers gained unauthorized access to the charity’s IT systems in December.  An investigation is under way to determine what, if any, data held by the Trust was compromised. Upon learning of the incident, the charity disconnected all of its IT systems in an…

By Jody Paterson – Founder and Executive Chairman. ERP Maestro As if internal risks of fraud and data breaches were not high enough, enter in a year of new work environments and economic uncertainty that has also ushered in an even more risk-prone era. Before we even knew the word “COVID,” the frequency of fraud had tripled in the last four years, according to the Ponemon Institute’s 2020 Cost of Insider Threats report. By August…

America’s National Cyber League has announced a new set of scholarships to help financially disadvantaged students at historically black colleges and universities (HBCUs) compete in its latest competition. Last fall, the non-profit organization collaborated with HBCUs to award scholarships to more than 60 students so they could participate in the NCL games. Today, the NCL announced that it has expanded this collaboration by committing to offering 150 HBCU students scholarships to take part in its…

By Nathanael Coffing, CSO, Cloudentity It goes without saying that 2020 was an unprecedented year and the security landscape was completely transformed for cybersecurity professionals. Due to COVID-19 and the U.S. presidential election, the tumultuous year was a perfect storm for hackers to take advantage of. The sudden shift to a remote workforce in March 2020 meant that security perimeters were greatly extended and sometimes non-existent, enabling millions of employees to maintain productivity during the…

Multi-cloud is hot and happening at the moment. As companies start to consume more clouds the questions around multi-cloud become more relevant too. This article describes multi-cloud from an IT operations perspective and what is relevant to look at.   Cloud has been around more than a decade now. Over the last years we have seen cloud computing become the standard way of consuming IT resources to host applications. Companies are building private clouds, consuming…