Management & Strategy

Malware & Threats

Issued by: Security Week

With the COVID-19 pandemic forcing many organizations to switch to telework, interactive communication platforms such as Discord and Slack saw increased adoption and adversaries didn’t wait long to start abusing these tools. According to Cisco’s Talos researchers, the past year has shown a significant increase in the abuse of such platforms as part of malicious…

Vulnerabilities

Issued by: Security Week

Over the course of three days, participants made 23 attempts, targeting Safari, Chrome, Edge, Windows 10, Ubuntu, Microsoft Teams, Zoom, Parallels, Oracle VirtualBox, and Microsoft Exchange. Oracle VirtualBox was only targeted by one team and their attempt failed. The other products were all hacked by at least one team. Results from Pwn2Own 2021The highest rewards…

Vulnerabilities

Issued by: Security Week

The competition’s organizer, Trend Micro’s Zero Day Initiative (ZDI), said there were seven attempts on the first day and five of them were successful. A team called Devcore earned $200,000 for taking complete control of a Microsoft Exchange server by chaining authentication bypass and local privilege escalation vulnerabilities. A researcher who uses the online moniker…

Vulnerabilities

Issued by: Security Week

In March 2020, shortly after COVID-19 was officially declared a pandemic, SecurityWeek reached out to several experts for their thoughts on the effects of the pandemic on early-stage venture investment in cybersecurity. While most agreed that there would be some negative impact, investors were optimistic. Since then, tens of companies have announced raising millions, tens…

Malware & Threats

Issued by: Security Week

The unauthorized code was disguised as two typo fix-related commits apparently pushed by Rasmus Lerdorf, author of the PHP language, and Nikita Popov, an important PHP contributor. The code seems to allow an attacker to remotely execute arbitrary PHP code. The investigation into this incident is ongoing, but the backdoor was discovered quickly and it…

Vulnerabilities

Issued by: Security Week

Microsoft has released patches, detailed guidance, and a one-click mitigation tool to ensure that Exchange Server users are protected against attacks. The tech giant has now taken another step to protect customers who haven’t managed to install the available patches but who have Defender deployed on vulnerable servers. The Exchange vulnerabilities are tracked as CVE-2021-26855,…

Network Security

Issued by: Security Week

I’ve discussed before how Security Operations Centers (SOCs) are now becoming detection and response organizations. But like most transitions, that shift doesn’t happen overnight. Three different areas need to be addressed – data, systems and people. Many organizations today deal with data that is noisy and unstructured, decentralized without prioritization, and managed with spreadsheets. Their…