Microsoft has warned that Chinese actors are actively exploiting a known Zoho vulnerability to target defense, education, consulting and IT sector organizations. CVE-2021-40539 is found in Zoho ManageEngine ADSelfService Plus — a self-service password management and single sign-on solution from the online productivity vendor. It’s a critical REST API authentication bypass which results in remote code execution, potentially allowing attackers to access and hijack victim organizations’ Active Directory and cloud accounts for advanced cyber-espionage and…

Numbers don’t lie. Wow, really? How is that possible? It can’t be! Have you ever had that reaction after stepping on the scale? I know I have. Disappointment then leads into fact-finding mode. How many wings did I eat? How many calories are in cheese dip? But I only had one piece of key-lime pie.   Weight isn’t the only health metric, but we know that numbers don’t lie and often tell a story. Unfortunately,…

Tenable®, Inc., the Cyber Exposure company, today announced it has established a local cloud instance for its software-as-a-service (SaaS) solution, Tenable.io®, on Amazon Web Services (AWS), using the AWS Asia Pacific (Mumbai) Region. Hosted in Mumbai, using the local AWS Region increases the scalability and flexibility of Tenable.io for customers in India, offering additional data integrity, availability, and security on top of the already-secure cloud. Organizations in India, including those in highly regulated sectors such…

Operating in hybrid environments can get really tricky at times. As more and more organizations are moving their sensitive data to the public cloud, the need to keep this data secure and private has increased significantly over time. While handling their valuable datasets within their respective environments, companies need to ensure utmost data security and compliance to meet the regulations set by various governments. They cannot afford to make the smallest mistake that can jeopardize…

The Robinhood trading platform recently disclosed a data breach that exposed the information of millions of its customers. News of the attack was released on Monday, November 8th along with word the hackers behind it had demanded an extortion payment from the company.  According to Robinhood’s disclosure, the attack occurred on November 3rd, which allowed an unauthorized party to obtain the following:  Email addresses for some 5 million people.  Full names for another group of 2 million people.  In addition, smaller groups of Robinhood customers had yet more information compromised. Around 310 people had their names,…

The Robinhood trading platform recently disclosed a data breach that exposed the information of millions of its customers. News of the attack was released on Monday, November 8th along with word the hackers behind it had demanded an extortion payment from the company.  According to Robinhood’s disclosure, the attack occurred on November 3rd, which allowed an unauthorized party to obtain the following:  Email addresses for some 5 million people.  Full names for another group of 2 million people.  In addition, smaller groups of Robinhood customers had yet more information compromised. Around 310 people had their names,…