RSS_Virtulization

A high impact vulnerability has been discovered in a popular Java cryptography library which could allow attackers to more easily brute force Bcrypt hashed passwords. CVE-2020-28052 is an authentication bypass bug in the OpenBSDBcrypt class of the widely used Bouncy Castle library. By exploiting it, attackers can effectively bypass password checks in applications using the Bcrypt algorithm for password hashing, explained Synopsys. Although attack complexity is rated high, so is the potential impact on confidentiality,…

Microsoft has notified over 40 customers that they have been compromised by malicious SolarWinds updates as part of a massive suspected Russian cyber-espionage campaign. The attacks, which the US government admitted to for the first time on Wednesday, are thought to have compromised numerous departments including the Treasury and commerce, health, energy and state departments, plus the National Nuclear Security Administration (NNSA). A malicious SolarWinds Orion update is thought to have been a primary attack…

Life for university students has changed massively during the coronavirus pandemic, as it has for all of us. While some in-person lectures and seminars are still taking place, there has been a big shift to remote learning. This has, perhaps understandably, led to concerns about how well students are engaging with this way of studying. Many universities have sought to address this by turning to remote monitoring tools to track students’ online activities. These tools…

SANTA CLARA, Calif., Dec. 17, 2020 /PRNewswire/ — Palo Alto Networks (NYSE: PANW), today launched a rapid response program to help SolarWinds Orion customers navigate risks from cyberattacks. SolarWinds Orion products are currently being exploited by malicious actors to gain access to the company’s systems, activity being tracked by Palo Alto Networks’ Unit 42 as SolarStorm. A rapid compromise assessment to map out an organization’s attack surface and tailored incident response services are available immediately at:…

Even the best psychics, science fiction and horror writers could not have predicted or written 2020.   It’s been quite the year. I am thankful that it’s almost over.  The COVID-19 Coronavirus started a global lockdown that sent millions of people to work from home, or wherever they could shelter in place. Personally, working at home didn’t seem like a bad option at the time.  But after 8 months, sheltering in place, working from home, and sharing your Internet bandwidth with three others who also need real-time audio and…

Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoCs associated with the Sunburst trojan, the focus within the Advanced Threat Research (ATR) team has been to determine the possibility of additional persistence measures. Our analysis into the backdoor reveals that the level of access lends itself to the assumption that additional persistence mechanisms could have…

End users just want to do their job, not become cybersecurity experts. When providing users with cybersecurity help, keep these tips in mind. Image: Getty Images/iStockphoto For many years, IT professionals have been trying to turn everyone who uses a computing device into a tech-savvy superuser who understands precisely what’s needed to stay safe while traversing the internet. People have indeed become superusers, but not necessarily super secure. To make matters worse, if users are…

Researchers have discovered a botnet dubbed PgMiner that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. Security researchers from Palo Alto Networks have discovered a new botnet, tracked as PgMiner, that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. PostgreSQL, also known as Postgres, is one of the most-used open-source relational database management systems (RDBMS) for production environments. It ranks fourth among all database management systems (DBMS)…