Author: PR 24

Following the release of a U.S. Cybersecurity & Infrastructure Security Agency (US-CERT)  Coordination Center VulNote “for a critical remote code execution vulnerability in the Windows Print spooler services” on June 30, 2021, Microsoft issued new guidance for the vulnerability (CVE-2021-34527) on July 1, updated guidance on July 2, 2021, and an emergency patch on July…

By Asheer Malhotra and Justin Thattil. Cisco Talos is tracking an increase in SideCopy’s activities targeting government personnel in India using themes and tactics similar to APT36 (aka Mythic Leopard and Transparent Tribe). SideCopy is an APT group that mimics the Sidewinder APT’s infection chains to deliver its own set of malware. We’ve discovered multiple…

But Jason Hsu, chief investment officer at Rayliant, an asset manager that invests in Chinese securities, said Chinese regulators typically have discussions with companies about regulatory actions they are about to take. “So one would assume that ahead of its IPO, Didi was aware of a possible formal investigation forthcoming,” Hsu said. Breakneck float The…

Governance & Risk Management , Incident & Breach Response , IT Risk Management CEO Fred Voccola: ‘Company Let Customers Down’ Dan Gunderman (dangun127) • July 8, 2021     Kaseya CEO Fred Voccola Thousands of organizations that rely on Miami-based Kaseya’s VSA software to remotely manage systems are going to have to wait longer to…

Governance & Risk Management , Incident & Breach Response , IT Risk Management CEO Fred Voccola: ‘Company Let Customers Down’ Dan Gunderman (dangun127) • July 8, 2021     Kaseya CEO Fred Voccola Thousands of organizations that rely on Miami-based Kaseya’s VSA software to remotely manage systems are going to have to wait longer to…

Credit: 105074399 © Ihor Svetiukha | Dreamstime.com The NSW Department of Education has been hit by a cyber attack, with a number of internal systems being deactivated as a precautionary measure. The internal systems have been made unavailable since late Wednesday, with NSW Education secretary Georgina Harrisson claiming the shutdown was in an attempt to…

China’s dominant ride-hailing app Didi is facing two lawsuits, filed in New York and Los Angeles. They come a week after Didi’s debut on the New York Stock Exchange. The two suits, filed on Tuesday, state that Didi failed to disclose ongoing talks it was having with Chinese authorities about its compliance with cybersecurity laws…

3rd Party Risk Management , Active Defense & Deception , Breach Notification White House Tells Moscow: Take Action, or We ‘Reserve the Right’ to Do So Mathew J. Schwartz (euroinfosec) • July 8, 2021     President Joe Biden (Photo: White House, via Flickr/CC) The Biden administration has a message for Russia: Rein in the…

Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting…

BOSTON: In the past few weeks, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered. Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much…