Yesterday (March 15) Twitter announced that it has updated its two-factor authentication (2FA) to allow users to enroll and login with more than one physical key on both mobile and web. Until yesterday, it only allowed the use of one key per account. Furthermore, users will also soon have the option to add and use security keys as their only authentication method, without any other methods turned on, the social media giant explained via its Twitter…

Operation Dianxun Overview In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign, targeting telecommunication companies, named Operation Diànxùn. The tactics, techniques and procedures (TTPs) used in the attack are like those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda. Most probably this threat is targeting people working in the telecommunications industry and has been used for espionage purposes to access sensitive…

In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation Diànxùn. In this attack, we discovered malware using similar tactics, techniques and procedures (TTPs) to those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda. While the initial vector for the infection is not entirely clear, we believe with a medium level of confidence that victims were lured to…

The AD report card scores the security of Group Policies, Kerberos security and AD infrastructure. Image: iStock/iBrave Between weak passwords and stolen credentials, companies need all the help they can get to strengthen cyberdefenses against bad actors always looking for a new way in. Security firm Semperis built Purple Knight to make it easy for companies to patch holes in Active Directory security. The tool was announced on March 16. The free tool assesses permissions…

Last year saw a double-digit surge in ransomware, IoT threats, new malware and cryptojacking, in what SonicWall has described as a “tipping point” in the cyber-arms race. The security vendor’s 2021 SonicWall Cyber Threat Report is compiled from data taken from over one million global sensors and cross-vector threat information shared among SonicWall security systems. Ransomware threats spiked 62% globally and 158% in North America as more sophisticated variants like Ryuk targeted larger organizations with…

News Detail Updated VMware vRealize Cloud Management Portfolio and CloudHealth by VMware Deepen Multi-Cloud Support for Amazon Web Services, Google Cloud, Microsoft Azure and VMware Cloud on AWS PALO ALTO, Calif.–(BUSINESS WIRE)– VMware, Inc. (NYSE: VMW) today announced innovations across its cloud management portfolio spanning CloudHealth by VMware and VMware vRealize Cloud Management on-premises and … Tue, 16 Mar 2021 00:00:00 Updated VMware vRealize Cloud Management Portfolio and CloudHealth by VMware Deepen Multi-Cloud Support for…

Microsoft has released a “one-click” tool to help organizations with limited resources to temporarily mitigate the threat posed by recent global attacks on Exchange servers. The “Microsoft Exchange On-Premises Mitigation Tool” has been designed for customers without dedicated IT or cybersecurity resources to help them patch the four zero-days being exploited in the wild, now know as “ProxyLogon” attacks. “By downloading and running this tool, which includes the latest Microsoft Safety Scanner, customers will automatically mitigate CVE-2021-26855…