RSS_Virtulization

The British public are still woefully underinformed and unaware of the security benefits of multi-factor authentication (MFA), a new study from the FIDO Alliance has revealed. The industry association, founded in 2012 to promote authentication standards and reduce global reliance on passwords, recently polled over 4000 consumers in the UK, France, Germany and the US. It revealed that half (49%) UK consumers have had their social media accounts compromised or know a friend or family…

Tripwire’s March 2021 Patch Priority Index (PPI) brings together important vulnerabilities from SaltStack, VWware, BIG-IP and Microsoft. First on the patch priority list this month are patches for vulnerabilities in Microsoft Exchange (CVE-2021-27065, CVE-2021-26855), SaltStack (CVE-2021-25282, CVE-2021-25281), BIG-IP (CVE-2021-22986) and VMware vCenter (CVE-2021-21972). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible. Next on the list are patches for Internet Explorer, which…

Almost every global organization suffered at least one mobile malware attack in 2020, according to a new report from Check Point. The security vendor polled 1800 customers of its Harmony Mobile device threat protection product to compile its 2021 Mobile Security Report. Of the near-total number that faced a mobile attack last year, 93% of incidents originated in a device network, and were either phishing attempts (52%), C&C communication with malware already on the device…

A Wichita Falls man has been charged after allegedly planning to blow up an Amazon Web Services (AWS) datacenter in Virginia. Seth Aaron Pendley, 28, was arrested last Thursday after procuring what he thought was an explosive device from an undercover FBI officer in Fort Worth. He was charged with a malicious attempt to destroy a building with an explosive, after a concerned individual flagged “alarming” statements he made on a militia group forum under…

Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchange exploit campaign. The SolarWinds Supply Chain Attack In mid-December 2020, the security community learned that an advanced persistent threat (APT) had targeted SolarWinds’ Orion network management software with a backdoor. Tripwire VERT warned that the those responsible for the attack…

What the Defense and Intelligence Communities Need to Know About 5G By Brian Green, Senior Vice President, Booz Allen Hamilton With the potential to revolutionize global telecommunications, fifth-generation mobile technology (5G) forges connections between physical devices and the digital world – creating new opportunities to share, compute, and act upon information with unprecedented speed and at an unheard-of scale. For the defense and intelligence communities, 5G opens myriad possibilities to address operational needs, enhance mission…

By Boyd White, Director, Technical Account Management, Tanium Endpoint management is critical as agencies try to secure the knowns and unknowns in their IT environments. As cybercriminals become more sophisticated, IT teams need to not only mitigate known cyber breaches – but also need faster visibility and control when cybercriminals adapt their techniques. The recent threat of compromised software at SolarWinds is a good example of the quick pace in which agencies were forced to…