Want to know more about this topic or about us? Contact us!
Justin Jett, director of audit and compliance for Plixer, discusses the transformation of network-traffic analytics and what it means for cybersecurity now. Last year, Gartner published a market guide on network detection and response (NDR). Formerly known as network-traffic analytics, which I’ve spoken about in the past at length, NDR has . . . Read more
by Paul Ducklin The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Their quest: to prove that the exploits they claim to have discovered really do work under real-life conditions. Indeed, Pwn2Own is a bug bounty program with . . . Read more
Cisco says it will not patch three small business router models and one VPN firewall device with critical vulnerabilities. Cisco Systems said it will not fix a critical vulnerability found in three of its SOHO router models. The bug, rated 9.8 in severity out of 10, could allow unauthenticated remote . . . Read more
Industrial enterprises in Europe are target of campaign, which forced a shutdown of industrial processes in at least one of its victims’ networks, according to researchers. Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting . . . Read more
Microsoft’s cloud-container technology allows attackers to directly write to files, researchers said. A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could allow a user to escape the container, according to researchers. Intezer researchers dubbed the bug “Royal Flush” after a flush-to-disk limitation that an exploit would need to evade. . . . Read more
by Paul Ducklin How scammers copied a government website almost to perfection. What to do about those fake “bug” hunters who ask for payment for finding “vulnerabilities” that aren’t. Why the Dutch data protection authority fined Booking.com for not sending in a data breach disclosure fast enough. With Kimberly Truong, . . . Read more
The flaw that caused the leak of personal data of more than 533 million users over the weekend no longer exists; however, the social media giant still faces an investigation by EU regulators. The leak of personal data from more than 533 million Facebook users was scraped from their profiles . . . Read more
CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain. A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution. The bug (CVE-2021-21982) ranks . . . Read more
Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further. Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. Adversaries are carrying out a . . . Read more
The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached. A zero-click security vulnerability in Apple’s macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail’s sandbox environment, leading to a range . . . Read more