In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation Diànxùn. In this attack, we discovered malware using similar tactics, techniques and procedures (TTPs) to those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda. While the initial vector for the infection is not entirely clear, we believe with a medium level of confidence that victims were lured to…

The AD report card scores the security of Group Policies, Kerberos security and AD infrastructure. Image: iStock/iBrave Between weak passwords and stolen credentials, companies need all the help they can get to strengthen cyberdefenses against bad actors always looking for a new way in. Security firm Semperis built Purple Knight to make it easy for companies to patch holes in Active Directory security. The tool was announced on March 16. The free tool assesses permissions…

Last year saw a double-digit surge in ransomware, IoT threats, new malware and cryptojacking, in what SonicWall has described as a “tipping point” in the cyber-arms race. The security vendor’s 2021 SonicWall Cyber Threat Report is compiled from data taken from over one million global sensors and cross-vector threat information shared among SonicWall security systems. Ransomware threats spiked 62% globally and 158% in North America as more sophisticated variants like Ryuk targeted larger organizations with…

News Detail Updated VMware vRealize Cloud Management Portfolio and CloudHealth by VMware Deepen Multi-Cloud Support for Amazon Web Services, Google Cloud, Microsoft Azure and VMware Cloud on AWS PALO ALTO, Calif.–(BUSINESS WIRE)– VMware, Inc. (NYSE: VMW) today announced innovations across its cloud management portfolio spanning CloudHealth by VMware and VMware vRealize Cloud Management on-premises and … Tue, 16 Mar 2021 00:00:00 Updated VMware vRealize Cloud Management Portfolio and CloudHealth by VMware Deepen Multi-Cloud Support for…

Microsoft has released a “one-click” tool to help organizations with limited resources to temporarily mitigate the threat posed by recent global attacks on Exchange servers. The “Microsoft Exchange On-Premises Mitigation Tool” has been designed for customers without dedicated IT or cybersecurity resources to help them patch the four zero-days being exploited in the wild, now know as “ProxyLogon” attacks. “By downloading and running this tool, which includes the latest Microsoft Safety Scanner, customers will automatically mitigate CVE-2021-26855…

Robocalls about your car’s extended warranty are annoying and potentially dangerous. Here’s why you’re getting them in the first place—and how to stop them. “We’re calling about your car’s extended warranty…” Yep, there’s a good chance you’ve picked up the phone and heard that phrase. The robocall strikes again. If you’ve gotten that call before, you’re not alone. According to YouMail, Americans received more than 4.6 billion robocalls in February 2021 alone. That’s literally millions of…

People are receiving fake forms containing malware to attach to stimulus checks that can steal personal banking information. As millions of Americans await their COVID relief check, cybercriminals are already taking advantage of the situation to scam people out of their stimulus money. The security company Proofpoint describes one effort where scammers sent out thousands of emails to Americans, asking them to fill out a fake form to apply for stimulus checks from the Internal Revenue Service. …