Fixing a serious security hole in the Windows Print spooler service, the patch is available for almost all versions of Windows, even Windows 7. Image: iStockPhoto/maxkabakov Microsoft has deployed a patch for a vulnerability so critical that even older, unsupported versions of Windows are receiving it. On Tuesday, the company rolled out a fix for the PrintNightmare flaw, a problem that could allow an attacker to take over a compromised computer to install software, modify…

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing, on its own, cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis, and are required by standards such as PCI, HIPAA, ISO 27001, etc. Vulnerability Scanning vs. Penetration Testing Penetration testing exploits a vulnerability in your system architecture while vulnerability…

Security researchers have discovered over 170 Android apps that have scammed tens of thousands of cryptocurrency enthusiasts into paying for non-existent services. Lookout Threat Lab revealed that 25 of the fraudulent apps were even listed on the official Google Play marketplace. It separated them into two groups, BitScam and CloudScam, although all use similar business models and the same coding and design. Both families of scam apps promise the user access to cryptocurrency mining services, capitalizing on a recent…

State-backed Russian hackers reportedly breached the Republican National Committee (RNC) last week, although the party denies any data was stolen. Two people familiar with the matter told Bloomberg of the attack, which is thought to have come from APT29 (Cozy Bear), a notorious Kremlin hacking group that was blamed for the 2016 info-stealing raid on the Democratic National Committee (DNC). The group was also pegged for the SolarWinds campaign and separate raids targeting IP related to COVID-19…

The corporate network can be a busy place with devices connecting, reconnecting and disconnecting every day. With the ever-growing landscape of today’s corporate networks, the difficulty of knowing and understanding what is on an enterprise network has highlighted the importance of effective asset discovery. So what does asset discovery involve? Asset discovery involves keeping a check on the active and inactive assets on a network. For many modern corporations, this will now include cloud, virtual,…

The White House has issued another strongly worded warning to the Putin administration: the US will take action against cyber-criminals living in Russia if the Kremlin doesn’t. Press secretary Jen Psaki explained that the two countries are continuing “expert-level” talks in the wake of the meeting between Presidents Biden and Putin last month. Another talk focused on ransomware is scheduled for next week. “I will just reiterate a message that these officials are sending,” she added….