News

A malware attack on one of Canada Post’s suppliers has caused a data breach affecting 44 of the company’s large business clients and their 950,000 receiving customers, the postal agency confirmed Wednesday. It said the information affected is from July 2016 to March 2019, and 97 per cent of it comprised the names and…

Executive Summary This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this. Informations Name CVE-2021-20236 First vendor Publication 2021-05-28 Vendor Cve Last vendor Modification 2021-05-28 Security-Database Scoring CVSS v3 Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA…

The US Department of Homeland Security (DHS) has announced new pipeline cybersecurity requirements after the largest fuel pipeline in the United States was forced to shut down operations in early May following a ransomware attack. The new security directive requires critical pipeline owners and operators to report any confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security…

Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management FireEye: Attackers Using New Malware and Procedures Doug Olenick (DougOlenick) • May 28, 2021     Two China-linked threat groups are still exploiting unpatched flaws in Ivanti’s Pulse Connect Secure VPN products, using additional malware variants to support cyberespionage, FireEye’s Mandiant Threat…

Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management Also: Debating the Issue of Banning Ransom Payments Anna Delaney (annamadeline) • May 28, 2021     Clockwise, from top left: Doug Olenick, Anna Delaney, Marianne Kolbasuk McGee and Tom Field Four editors…

Governance & Risk Management , Identity & Access Management , IT Risk Management Will Help Prevent Users From Reusing Risky Passwords Jeremy Kirk (jeremy_kirk) • May 28, 2021     The FBI will soon begin sharing hashes of compromised passwords found in the course of its cybercrime investigations with Have I Been Pwned, the data…

Executive Summary This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary Informations Name CVE-2021-20239 First vendor Publication 2021-05-28 Vendor Cve Last vendor Modification 2021-05-28 Security-Database Scoring CVSS v3 Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA…

NEW YORK: The group behind the SolarWinds cyber attack identified late last year is now targeting government agencies, think tanks, consultants, and non-governmental organisations, Microsoft Corp said late on Thursday. “This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organisations”, Microsoft said in a blog. Nobelium,…

Are you doing enough to prevent scammers from hijacking your social media accounts? Even if you have chosen a strong, unique password for your online presence and enabled two-factor authentication it’s possible that you’ve overlooked another way in which online criminals could commandeer your social media accounts and spam out a message to your followers….