Author: PR 24

WASHINGTON, D.C. – Computer systems at seven federal agencies don’t comply with basic cybersecurity standards needed to protect sensitive data and still exhibit flaws they’ve had for years, even though the federal agencies have been repeatedly told what they should do to improve, according to a new study released by U.S. Senators Rob Portman of Ohio and Gary Peters of Michigan. The flaws described in…

On Tuesday, members from the US Senate Homeland Security and Governmental Affairs Committee released a bipartisan report [PDF] that states that seven out of the eight federal agencies they reviewed still have not met the basic cybersecurity standards needed to protect the sensitive data they stored and maintained. The report was led by US Senators…

Application Security , Governance & Risk Management , IT Risk Management Exploits Could Enable Remote Attacks on MS IIS and SQL Rashmi Ramesh • August 4, 2021     Researchers at Palo Alto Networks’ Unit 42 say they have demonstrated how exploits of Microsoft Jet Database Engine vulnerabilities could lead to remote attacks on Microsoft…

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Fraud Risk Management Cybereason: Attacks Exploited Microsoft Exchange Servers Dan Gunderman (dangun127) • August 3, 2021     (Photo: David Yu/Pixabay) Chinese advanced persistent threat groups compromised networks of telecommunication providers across Southeast Asia in an effort to harvest customers’ sensitive communications, according to a…

The enhanced version of the Raccoon stealer-as-a-service platform, found to be bundled with updated malware, is hidden in pirated software where it collects cryptocurrency coins and installs a software dropper to spread more malware, according to Threat Post.  The threat actors who used the Raccoon Stealer platform to commit various cybercrimes have expanded their services…

Following the release of a security-focused point update to iOS in July, Apple on Monday ceased signing code for iOS 14.7. Apple pushed out iOS 14.7.1 just over a week ago to patch a security vulnerability that may have been exploited in the wild. The release also included a fix for a bug that prevented…

New guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments. An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments. Improperly…

Attacks targeting critical infrastructure have been on the rise in recent years. Back in 2019, for instance, 56% of utility professionals responsible for overseeing risk in their organizations’ operational technology (OT) assets told Siemens and the Ponemon Institute that they experience at least one shutdown or operational data loss event a year. That’s about the…