Researchers: ‘Jian’ Hacking Tool Targeted Zero-Day Flaw in Windows Scott Ferguson (Ferguson_Writes) • February 22, 2021 A Chinese hacking group reportedly “cloned” and deployed a zero-day exploit developed by the U.S. National Security Agency’s Equation Group before Microsoft patched the Windows vulnerability that was being exploited in 2017, according to an analysis published…
Cybercrime , Endpoint Security , Fraud Management & Cybercrime Called Serious Threat, But Has Yet to Take Malicious Action Doug Olenick (DougOlenick) • February 23, 2021 A previously undetected malware variant has infected almost 30,000 Apple Macs. But researchers so far have not seen it deliver any malicious payloads to compromised endpoints, according…
The New York Department of Financial Services (“NYDFS”) recently released its Cyber Insurance Risk Framework (the “Framework”), which provides best practices for managing cyber insurance risk. The stated goal of the Framework is to grow “a robust cyber insurance market that maintains the financial stability of insurers and protects insureds.” While the Framework is directed…
Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP! | IT Security News 25. February 2021 The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We’ve detected mass scanning activity targeting vulnerable…
Cryptocurrency Fraud , Fraud Management & Cybercrime , Legislation & Litigation $70 Million Allegedly Lost to Schemes Such as Bitcoiin2Gen Touted by Steven Seagal Mathew J. Schwartz (euroinfosec) • February 25, 2021 Bitcoiin2Gen in 2018 said “Zen Master Steven Seagal” had become its “brand ambassador.” If there’s anything to put the final nail…
Critical VMware vCenter Server Flaw Can Expose Organizations to Remote Attacks | IT Security News 24. February 2021 VMware on Tuesday informed customers that its vCenter Server product is affected by a critical vulnerability that can be exploited by an attacker to execute commands with elevated privileges. read more Like this: Like Loading… Related Tags:…
(Pocket-lint) – The second major hotfix for Cyberpunk 2077 has been delayed to late March. CD Projekt Red claims this is due to the recent, major cyber attack on its IT infrastructure. Posting on Twitter, the developer cites the ransomware attack on its systems and theft of code as the reason the promised patch 1.2…
On Monday, cybersecurity researchers connected a series of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to a data breach and extortion campaign orchestrated by the UNC2546 cybercrime group. Threat actors targeted up to 100 companies using Accellion’s FTA and stole sensitive files by combining multiple zero-day vulnerabilities and a…
Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Finance & Banking Operational Error Blamed for Nationwide System Crash Doug Olenick (DougOlenick) • February 24, 2021 The Federal Reserve’s online money transfer system, including Fedwire Funds and Fedcash, suffered an outage for more than three hours Wednesday afternoon, citing technical issues…
3rd Party Risk Management , Breach Notification , Critical Infrastructure Security FireEye, Microsoft, CrowdStrike Offer New Details and Recommendations Doug Olenick (DougOlenick) • February 23, 2021 (From the left) Microsoft President Brad Smith, SolarWinds CEO Sudhakar Ramakrishna and FireEye CEO Kevin Mandia The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a…
