News

After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. The scanning activity was spotted by threat intelligence company Bad Packets just one day after VMware patched the critical vulnerability.  Thousands of unpatched vCenter servers are…

Critical Infrastructure Security , Digital Identity , Endpoint Security Critical Networks Within National Security Systems Should Implement Zero Trust Akshaya Asokan (asokan_akshaya) • February 27, 2021     NSA: Consider Zero Trust models for all National Security Systems’ critical networks Source: NSA The US National Security Agency has issued its zero trust guidance aimed at…

A newly uncovered cyberattack is taking control of victims’ Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox. Researchers say the threat campaign, observed in January and February, targeted Tibetan organizations and was tied to TA413, a known….

Cybersecurity agencies across five countries have issued a global alert to organizations using the Accellion FTA file transfer application after a number of organizations in the past six weeks admitted to being hacked through vulnerabilities in the software. Organizations should temporarily isolate or block internet access to and from systems hosting Accellion FTA, says the…

Governance & Risk Management , IT Risk Management , Patch Management The Flaw in Windows Graphics Component Can Enable Web-Based Attacks Akshaya Asokan (asokan_akshaya) • February 26, 2021     Microsoft has patched a critical vulnerability in Windows that can be exploited by tricking users to visit websites that use a malicious font. The flaw…