Month: April 2023

Malware & Threats

Issued by: Dark Reading

The Trigona ransomware threat actors are waging a campaign against Microsoft SQL database servers because many of them have external connections and weak passwords, leaving them open targets for brute force or dictionary attacks. These vulnerable MS-SQL servers were designated as “poorly managed” by AhnLab Security’s new alert about Trigona’s nefarious activities. “If a threat…

News

Issued by: DataBreach Today

Not every data breach needs a hacker; sometimes just a careless employee will do. The U.S. Consumer Financial Protection Bureau said a now-ex-employee sent records containing Americans’ private data to a personal email account. Over the course of 14 emails, the employee sent records including two spreadsheets containing names and transaction-specific account numbers related to…

Malware & Threats

Issued by: CSO Online

APT28, the hacking arm of Russia’s GRU military intelligence agency has been backdooring Cisco routers by exploiting a remote code execution vulnerability in the Cisco IOS implementation of the simple network management protocol (SNMP), according to a statement by Western security agencies. The malware deployed on compromised routers patches the router’s authentication mechanism to always…

Network Security

Issued by: DataBreach Today

The global commercial spyware market will expand over the next five years as demand for advanced surveillance tools by governments surges, says a new report from the U.K’s National Cyber Security Centre. The NCSC report, which defines the proliferation of surveillance tools such as NSO Group’s Pegasus as a threat, assesses that at least 80…

Network Security

Issued by: DataBreach Today

Attackers on average have been enjoying slightly more than six days to exploit an unmitigated vulnerability before security teams resolve it, despite research continuing to demonstrate how hackers begin exploiting flaws within hours – or even minutes – of a new security alert being disclosed, researchers warned. That time lag between a new vulnerability coming…

Network Security

Issued by: DataBreach Today

A cyber risk quantification startup backed by ex-Cisco CEO John Chambers has raised $50 million to apply machine-learning technology and build more API adapters. The Silicon Valley-based company said the Series B funding will allow Safe Security to capitalize on generative artificial intelligence to help nontechnical leaders better understand their organizations security postures, said co-founder…

News

Issued by: Dark Reading

For at least a decade now, career-minded security leaders have well understood the importance of effective communication with the board and CEO. CISOs know they must gain the buy-in of these decision makers to successfully instill a security-minded culture at their organization — not to mention to greenlight enough funds for an effective cybersecurity budget….

Malware & Threats

Issued by: Dark Reading

After days of outages, NCR Corp. has confirmed that its Aloha point-of-sale (PoS) software platform, used by thousands of restaurants across the US, was taken down by a ransomware attack on one of its data centers. The BlackCat ransomware group has claimed responsibility for the Aloha POS cyberattack. “Please rest assured that we have a…

Application Security

Issued by: SecurityWeek

Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild. The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine. “Google is aware that an exploit…

Malware & Threats

Issued by: Security Affairs

A cyberattack on the Cornwall Community Hospital in Ontario, Canada, is causing delays to scheduled and non-urgent care. The cyber attack was discovered on Tuesday, April 11, 2023, it is investigating the incident with the help of cybersecurity experts. “On April 11, 2023, Cornwall Community Hospital (CCH) identified a network issue, which an investigation has…