Systemd can’t seem to catch a break: New vulnerability found
A dangerous vulnerability was found in the Linux systemd stack. Find out what it is and how to upgrade your Linux distributions. Image: Sergey Nivens/Shutterstock As if systemd didn’t already have enough detractors, it now has a serious vulnerability to pile onto the mix. OK, that might be a bit hyperbolic of me. Or not. […]
U.S. Government sets up ransomware task force, offers $10 million reward for info
The U.S. Government has set up a cross-agency ransomware task force, a hub for ransomware resources, and is offering $10 million for information on state-sponsored cyber attackers. “Ransomware is a long-standing problem and a growing national security threat. Tackling this challenge requires collaboration across every level of government, the private sector and our communities,” the […]
FBI, CISA disclose spearphishing activity targeting US oil and natural gas pipeline companies
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency disclosed spearphishing activity and intrusion campaigns conducted by state-sponsored Chinese hackers, targeting U.S. oil and natural gas (ONG) pipeline companies. In April 2012, CISA received reports about targeted attacks directed at multiple ONG pipeline sites; CISA (via a predecessor organization) and FBI provided […]
Over 1TB of confidential US company data accidentally exposed
Even redacted details could potentially be uncovered, experts warn (Image credit: Shutterstock/dalebor) Cybersecurity researchers have helped seal a breach that exposed millions of documents of US businesses stored in misconfigured Amazon S3 buckets. Data breach watchdogs WizCase ran across over eighty such misconfigured cloud storage data silos that exposed data totaling over a terabyte. According […]
DoD, DHS fail to respond to cyber threats that affect critical infrastructure environments
A U.S. Department of Defense (DoD) audit report found that the defense agency along with the Department of Homeland Security (DHS) failed to plan and execute activities to implement the memorandums between the two agencies, regarding cybersecurity and cyberspace operations and critical infrastructure environments. The DoD’s Office of Inspector General conducted the audit in coordination […]
Armis discloses critical vulnerability that allows remote takeover of Schneider Electric industrial controllers
New Modipwn vulnerability puts Schneider Electric PLCs in global organisations at risk. Researchers at Armis, the unified asset visibility and security platform provider, have disclosed the discovery of an authentication bypass vulnerability in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-execution (RCE). The vulnerability, dubbed Modipwn, allows for a complete takeover […]
The ‘king of fraud’ who commanded an army of millions
Millions of bots, that is… (Image credit: Shutterstock / Peshkova) Earlier this year, the self-described “king of fraud” stood trial in a federal court in Brooklyn, New York. Aleksandr Zhukov was said to have defrauded the advertising industry of upwards of $7 million dollars, in what has been described as one of the most sophisticated […]
Traditional ransomware defenses are failing businesses
Half of ransomware victims had perimeter defenses set up at the time of the attack. (Image credit: Image Credit: ESB Professional / Shutterstock) Traditional cybersecurity strategies are failing to protect organizations from ransomware attacks, new research suggests. According to a paper from storage firm Cloudian, based on a poll of 200 IT decision-makers whose businesses […]
Critical infrastructure cybersecurity future may be blend of mandatory regulations, voluntary frameworks
OT cybersecurity company Mission Secure expects the future of critical infrastructure cybersecurity to be a mix of mandatory regulations and voluntary frameworks, as governments continue to pay attention to cybersecurity until the threat and risk are reduced. Operations across critical infrastructure industries must address cybersecurity, Paul Robertson, Mission Secure’s director for cyber security, […]
Microsoft Acquire Cyber Security Firm RiskIQ for $500+ Million in Cash
After scrutinizing so many security events, and in an attempt to provide better security and expand its product range, Microsoft finally decided to buy a security software company, RiskIQ. On Monday, Microsoft finally announced this deal on its official blog, but, they didn’t disclose any terms. Apart from this, Microsoft is paying $500 million in […]