September’s 3x CON: Part 2
What, Where & When: The 0x07th edition of SEC-T, an annual Stockholm-based conference, was held on 18-19 September at the stunning Anrika Nalen venue, just a 15 minute walk from the famous Gamla Stan. The Schedule This conference features only one track of presentations, which – in my opinion – is quite a good thing, […] more…September’s 3x CON: Part 1
What, Where & When: the 4th edition of 44CON, an annual IT Security Conference organized by Sense/Net Ltd, took place on 10-12 September in London, at a venue near the Earl’s Court exhibition center. Geeks, who happened to enjoy somewhat spooky historical monuments, could take a five minute walk from the venue to visit an […] more…FBI Warns of Ransomware Attacks Targeting Local Governments
The Federal Bureau of Investigation (FBI) this week warned local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses. read more more…Chinese Hackers Seen Targeting Ukraine Post-Invasion
A known threat actor has launched what appears to be the first Chinese hacking attempts targeting Ukraine digital assets since the Russian invasion a month ago. read more more…Spam and phishing in 2021
Figures of the year In 2021: 56% of e-mails were spam 77% of spam was sent from Russia with another 14.12% from Germany Our Mail Anti-Virus blocked 148 173 261 malicious attachments sent in e-mails The most common malware family found in attachments were Agensla Trojans Our Anti-Phishing system blocked 253 365 212 phishing links Safe Messaging blocked 341 954 […] more…Justice Dept. Announces $3.6B Crypto Seizure, 2 Arrests
The Justice Department announced Tuesday its largest-ever financial seizure — more than $3.5 billion — and the arrests of a New York couple accused of conspiring to launder billions of dollars in cryptocurrency stolen from the 2016 hack of a virtual currency exchange. read more more…SureMDM Vulnerabilities Exposed Companies to Supply Chain Attacks
A series of vulnerabilities in 42Gears’ SureMDM device management products could have resulted in a supply chain compromise against any organization using the platform. read more more…Answering Log4Shell-related questions
Important notice On December 18th, Log4j version 2.17.0 was released to address open vulnerabilities. It is highly recommended to update your systems as soon as possible. History of the Log4j library vulnerabilities CVE-2021-44228 (initial vulnerability) – partly fixed in 2.15.0 CVE-2021-45046 (present in Log4j 2.15.0) – fixed in 2.16.0 CVE-2021-45105 (present in Log4j 2.16.0) – […] more…Grip Security Raises $25 Million to Secure SaaS Applications
Grip Security, an Israeli startup that helps organizations securely adopt software-as-a-service (SaaS), on Tuesday announced the closing of a $19 million Series A funding round led by Intel Capital. read more more…IT threat evolution Q3 2021
IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics Targeted attacks WildPressure targets macOS Last March, we reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, we discovered a newer version. It contains […] more…Enlisting Employees to Fight Cyber Threats
With another Cybersecurity Awareness Month behind us, this is the perfect time to kick off or refresh a security awareness and training program for employees. The more that non-technical staff employees know about security issues, the better they can recognize, report, and even prevent threats. read more more…Security is Everywhere. Can Your Services Keep Up?
Today’s networks require flexible services designed to accompany efforts to protect any user accessing any service from any location on any device read more more…Automate and Augment Case Management, Threat Intelligence and Enrichment
One of the most usual use cases for integrating Threat Intelligence into your security stack revolves around enriching threat data. This helps incident responders, SOC analysts and threat intel teams properly assess how bad the situation is and what to do next. Unfortunately, many times the data we use for alert triaging is too simplistic. […] more…US Puts New Controls on Israeli Spyware Company NSO Group
The Biden administration announced Wednesday it is putting new export limits on Israel’s NSO Group, the world’s most infamous hacker-for-hire company, saying its tools have been used to “conduct transnational repression.” read more more…Cyberespionage Implant Delivered via Targeted Government DNS Hijacking
Threat hunters at Kaspersky have intercepted a new cyberespionage implant being delivered via targeted DNS hijacking of government zones in Eastern Europe and published a new report Wednesday with clues linking the malware to the SolarWinds attackers. read more more…Trend Micro Patches Critical Vulnerability in Server Protection Solution
Trend Micro has released patches for a critical authentication bypass vulnerability in Trend Micro ServerProtect. Tracked as CVE-2021-36745 and featuring a CVSS score of 9.8, the security hole could be exploited by remote attackers to completely bypass authentication on a vulnerable system. read more more…More information
- Russia’s Fancy Bear Hackers Are Hitting US Campaign Targets Again
- US Homeland Security must disclose ‘internet kill switch’, court rules
- Antivirus software could make your company more vulnerable
- UK prime minister suggests banning encrypted apps like WhatsApp, iMessage
- Equifax Buys Fraud Prevention Firm Kount in $640 Million Deal
- Kepler Finds 219 Exoplanets and 10 out of them could be habitable: NASA
- NASA and Pentagon hacker TinKode receives two-year suspended jail sentence
- Resolved: Enterprise Network Security – Scheduled Maintenance
- U.S. Election Administrators Failed to Implement Phishing Protections: Study
- Microsoft Internet Explorer CVE-2014-1795 Remote Memory Corruption Vulnerability