The Mirai botnet is actively exploiting the known vulnerability CVE-2021-38647, which is part of a quarter of vulnerabilities dubbed OMIGOD, in Microsoft's Azure Linux Open Management Infrastructure framework, according to Kevin Beaumont, head of the security operations center for Arcadia Group.
CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit. Attackers could use the bug to compromise credentials and exfiltrate data from Active Directory.
Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.
Amid digital transformation initiatives, the application shift to the cloud has been happening at a historic pace. James Brotsos of Checkmarx and James Ferguson of AWS discuss what this shift means for securing cloud DevOps and what each of their organizations brings to their partnership.
Regarding the recent tactical innovation by the Grief ransomware gang that is threatening to wipe a victim's data and decryption key if the victim engages a ransom negotiator, analysts are calling this a desperate ploy to scare a target into paying the ransom demand.
The Republican Governors Association was one of several U.S. organizations targeted in March when a nation-state group took advantage of vulnerabilities in Microsoft Exchange email servers, according to a breach notification letter filed with Maine authorities. It appears some PII was exposed.
Building and running cloud-native services unlock breakthroughs in speed and new innovation, but they add complexity to both infrastructure and application architecture. Observability, when done right, helps your SRE and development teams cut through that complexity to react quickly to problems and continuously...
Tammy Klotz took on a new job at a new company and even in a new state in 2020 - and she was charged with both establishing herself and raising the firm's cybersecurity posture. No challenge during a global pandemic, right? Here is how she has begun to pave her way.
Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.
Senior U.S. officials say that there have been no signs that Moscow has begun to crack down on ransomware-wielding criminals operating from inside Russia's borders. President Biden has called on Russia to act responsibly, and U.S. intelligence has been sharing information on top suspects.
Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.
A cloud access security broker, usually referred to as a CASB, offers a security gateway between your company’s IT infrastructure and that of a cloud provider. It is a critical tool organizations can use to holistically secure an organization from endpoint to cloud.
Microsoft's September Patch Tuesday security update covers 61 vulnerabilities, with four rated critical. These include a fix for the critical MSHTML Vulnerability Microsoft revealed last week and patches to a Windows scripting engine flaw and a Windows DNS flaw.
Massachusetts Attorney General Maura Healey says her office is probing the data breach at T-Mobile that exposed the personal information of 54 million people, including current, former and prospective customers of the carrier. The Federal Communications Commission is also investigating the incident.
The top three tactics attackers have been using to break into corporate and government networks are brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails, says security firm Kaspersky in a roundup of its 2020 incident response investigations.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.