With the acceleration of digital transformation and convergence of IT and operational technology (OT) networks, Internet of Things (IoT) and Industrial IoT (IIoT) devices are becoming essential tools for companies in sectors including oil and gas, energy, utilities, manufacturing, pharmaceuticals, and food and beverage. Whether optimizing individual processes or entire factories and other critical infrastructure…

Tracked as CVE-2021-21982 and featuring a CVSS score of 9.1, the recently addressed vulnerability resides in the administrative interface for the appliance and exists because attackers could bypass authentication through manipulation of a URL on the interface. “A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance…

The National Counterintelligence and Security Center warned Thursday that foreign hackers are increasingly targeting vendors and suppliers that work with the government to compromise their products in an effort to steal intellectual property and carry out espionage. The NCSC said it is working with other agencies, including the Cybersecurity and Infrastructure Security Agency, to raise…

In March 2020, shortly after COVID-19 was officially declared a pandemic, SecurityWeek reached out to several experts for their thoughts on the effects of the pandemic on early-stage venture investment in cybersecurity. While most agreed that there would be some negative impact, investors were optimistic. Since then, tens of companies have announced raising millions, tens…

Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid. The adversary appears mainly focused on enterprises, with some of the victims being multi-national organizations…

The first security hole, tracked as CVE-2021-3450, has been described as a “problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag.” The flaw was discovered by researchers at Akamai. “Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an…

Microsoft has released patches, detailed guidance, and a one-click mitigation tool to ensure that Exchange Server users are protected against attacks. The tech giant has now taken another step to protect customers who haven’t managed to install the available patches but who have Defender deployed on vulnerable servers. The Exchange vulnerabilities are tracked as CVE-2021-26855,…

Mimecast was one of the several cybersecurity companies to confirm being targeted by the hackers who breached the systems of IT management solutions provider SolarWinds. After compromising SolarWinds systems, the attackers, which have been linked to Russia, used their access to deliver malicious updates for SolarWinds’ Orion monitoring product to roughly 18,000 customers. A few…