Month: August 2021

Malware & Threats

Issued by: CSO

Government-sponsored hackers, who carry out cyberespionage campaigns, invest more resources than ever to find new ways of attacking the cloud. One of their preferred targets is Microsoft 365, previously called Office 365, a platform used by an increasing number of organizations of all sizes. From an intelligence collector’s perspective, it makes sense to target it….

Malware & Threats

Issued by: Security Week

The new funding round was led by private equity firm Crosspoint Capital Partners. Existing investor ForgePoint Capital also participated. ReversingLabs plans to use the new funds to scale its sales and marketing efforts. ReversingLabs offer products to help organizations mitigate software supply chain cyberattacks by checking binary integrity, as well as components and build processes,…

Vulnerabilities

Issued by: Dark Reading

The evolution of wireless security could at best be described as trial and error. The initial standard that debuted in the late 1990s — Wired Equivalent Privacy (WEP) — had significant security problems, and the first two version of Wireless Protected Access, WPA and WPA2, both have been found to be vulnerable to a variety…

Software Security

Issued by: Security Week

The plan is to create a provocatively named “Super Duper Secure Mode” in Edge that deliberately disables support for the browser’s JavaScript JIT (Just-in-Time) compiler while adding a major anti-exploitation roadblock from Intel Corp. The new SDSM test — available in Edge preview builds for select users — essentially rips out JIT, a feature that…

Network Security

Issued by: Security Week

The Infrastructure Investment and Jobs Act includes funding for roads, bridges, transportation safety, public transit, railways, electric vehicle infrastructure, airports, ports, waterways, broadband internet, environmental remediation, and power infrastructure. The White House said this week that the bill will also invest approximately $2 billion to “modernize and secure federal, state, and local IT and networks;…

Software Security

Issued by: CSO

Recently I spoke with Ryan Chapman of the SANS Institute, author of the upcoming SANS course FOR528: Ransomware for Incident Responders, on how to better prepare for ransomware. That preparation comes in two forms: planning how you would respond to a successful ransomware attack and overcoming barriers to hardening your network against them. Planning for…

Application Security

Issued by: Security Week

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises. The most important of these is a bug in the Media framework that could lead to elevation of privilege on Android 8.1 and 9 devices, or information disclosure, on Android 10 and 11. The…

Mobile Security

Issued by: Blog Malwarebytes

While you read these words, the chances are that somebody, somewhere, is trying to break in to your computer by guessing your password. If your computer is connected to the Internet it can be found, quickly, and if it can be found, somebody will try to break in. And it isn’t like the movies. The…

Vulnerabilities

Issued by: Security Week

On Friday, security researcher RyotaK published information on three vulnerabilities in PyPI, one of which could potentially lead to the compromise of the entire PyPI ecosystem. Python Package Index (PyPI) is the official third-party software repository for the Python programming language, with some package managers using it as the default source for packages and dependencies….