The FBI and CISA Warn Regarding a Critical Zoho Bug

The FBI and CISA Warn Regarding a Critical Zoho Bug

The vulnerability in question exists in the single sign-on and password management solution since early August 2021. Zoho Corporation is an Indian multinational technology company that creates web-based business tools, being known for its online office suite named Zoho. The vulnerability, tracked as CVE-2021-40539 was discovered in the Zoho ManageEngine ADSelfService Plus software. The vulnerability in question can allow attackers to take over vulnerable systems…

Illinois Man Convicted of Federal Criminal Charges for Operating Subscription-Based Computer Attack Platforms | USAO-CDCA

Illinois Man Convicted of Federal Criminal Charges for Operating Subscription-Based Computer Attack Platforms | USAO-CDCA

          LOS ANGELES – An Illinois man was found guilty today by a federal jury for running websites that allowed paying users to launch powerful distributed denial of service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet.           Matthew Gatrel, 32, of St. Charles,…

Former NSA Operatives Worked as Cyber-Mercenaries

Former NSA Operatives Worked as Cyber-Mercenaries

Photo: Drew Angerer (Getty Images) Former U.S. intelligence operatives are facing federal charges after allegedly having worked as cyber-mercenaries for the United Arab Emirates. The men, all of whom are ex-employees of the National Security Agency, are accused of helping the UAE government to break into computer systems all over the world, including some in…

Pakistani Man Involved in AT&T Hacking Scheme Sentenced to Prison in U.S.

Pakistani Man Involved in AT&T Hacking Scheme Sentenced to Prison in U.S.

Muhammad Fahd, a 35-year-old Pakistani national, has been sentenced to 12 years of prison in the United States for his role in a scheme that involved illegally unlocking AT&T phones and hacking into the telecoms giant’s systems. The scheme started in 2012, when Fahd and others recruited AT&T call center employees for help in unlocking…

‘OMIGOD’ Azure Critical Bugfix? Do It Yourself—Because Microsoft Won’t

‘OMIGOD’ Azure Critical Bugfix? Do It Yourself—Because Microsoft Won’t

Using OMI on Microsoft Azure? Drop everything and patch this critical vulnerability, snappily named OMIGOD. But wait! You probably don’t know whether you’re using OMI or not. Y’see, Open Management Infrastructure (OMI) is often silently installed on Azure—as a prerequisite. And, to make matters worse, Microsoft hasn’t rolled out the patch for you—despite publishing the…

DOD wants industry to continue with CMMC prep amid program review — FCW

DOD wants industry to continue with CMMC prep amid program review — FCW

Defense DOD wants industry to continue with CMMC prep amid program review   The Pentagon wants defense contractors to keep pushing forward with preparing for the implementation of the Cybersecurity Maturity Model Certification program despite pending results from its internal review, which could bring significant changes to the program. Dr. Christine Michienzi, chief technology officer…

Now You Can log in to your Microsoft Account Without a Password

Now You Can log in to your Microsoft Account Without a Password

No one likes passwords because of the inconvenience, and they are the very prime target. From the year’s security is a most crucial part of digital lives like email, bank account, video games, shopping cart, etc. This is expected that everyone creates a unique and complex password, and remembers them. Very frequently, they also need…

Lawyer charged in probe of Trump-Russia investigation

Lawyer charged in probe of Trump-Russia investigation

The prosecutor tasked with examining the U.S. government’s investigation into Russian election interference charged a prominent cybersecurity lawyer on Thursday with making a false statement to the FBI. The case against the attorney, Michael Sussmann, is just the second prosecution brought by special counsel John Durham in two-and-a-half years of work. Yet neither case brought…

Department of Defense targeting late 2021 for completion of CMMC review

Department of Defense targeting late 2021 for completion of CMMC review

Written by John Hewitt Jones Sep 16, 2021 | FEDSCOOP The Department of Defense expects to complete a review of its Cybersecurity Maturity Model Certification program by late 2021, delivering then any required changes to the program to industry. The review is one of several current initiatives within the Pentagon looking at the cybersecurity program,…

Facebook targets harmful real networks using playbook against fakes – Security

Facebook targets harmful real networks using playbook against fakes – Security

Facebook is taking a more aggressive approach to shut down coordinated groups of real-user accounts engaging in certain harmful activities on its platform, using the same strategy its security teams take against campaigns using fake accounts, the company told Reuters. The new approach uses the tactics usually taken by Facebook’s security teams for wholesale shutdowns…