The White House is Deciding Whether to Support a Bureau of Cyber Statistics – Nextgov
The White House is Deciding Whether to Support a Bureau of Cyber Statistics – Nextgov
By Jack M. Germain Mar 26, 2021 7:51 AM PT Cloud cybersecurity — or a lack of it — is feeding a frenzy of companies out of the public cloud. A similar concern about managing compliance obligations is keeping organizations from moving to the cloud in general. However, much of the growing concerns over cloud…
New link to Tehran: Facebook cyber experts determined that some of the hackers’ malware was developed by the Iranian IT company Mahak Rayan Afraz, which has ties to Iran’s Islamic Revolutionary Guard Corps. “As far as I know, this is the first public attribution of the group’s malware to a vendor or front company with…
A joint advisory warns admins of the likelihood of APT groups exploiting three vulnerabilities in the Fortinet FortiOS. Editor’s Note: This story was updated on April 2 at 5:35 PM ET to include Fortinet’s statement. The FBI and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) today issued a joint advisory warning admins…
Adversaries are deploying DearCry ransomware on victim systems after hacking into on-premise Microsoft Exchange servers that remain unpatched, Microsoft acknowledged late Thursday. “Microsoft observed a new family of human operated ransomware attack customers,” Microsoft Security Program Manager Phillip Misner tweeted at 9:19 p.m. ET Thursday. “Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities…
A week after releasing iOS 14.7.1 to the public, Apple today stopped signing iOS 14.7. That means users who have updated their devices or iOS 14.7.1 or even iOS 15 beta can no longer downgrade to iOS 14.7. iOS 14.7.1 was released on July 26 with a fix for a bug that prevented users from…
Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. “These remote code execution (RCE) vulnerabilities cover more than…