Security Breaches June 16, 2021 Vulnerability in Peloton Bike+ Allows Attackers to take Full Control of Operating System McAfee’s Advanced Threat Research (ATR) team researchers have identified a vulnerability in the popular Peloton Bike+ and Peloton Tread exercise machines what could allow them ... Read more
Security Breaches June 14, 2021 Avaddon Ransomware Gang Shuts Down Operation and Releases Decryption Keys Avaddon ransomware is no more. The operation has been shut down and decryptors have been released that allow victims to recover their files free of ... Read more
Cyber Threats June 11, 2021 SonicWall VPN Vulnerability Exploited in Attacks on Legacy SRA Appliances Researchers at CrowdStrike have confirmed cyber threat actors exploiting a SonicWall VPN vulnerability to attack Secure Remote Access (SRA) 4600 devices. The vulnerability, tracked as ... Read more
Cyber Threats June 10, 2021 Alleged TrickBot Malware Developer Facing Decades in Jail The U.S. Department of Justice has announced a Latvian malware developer has been arraigned on a 19-count indictment for her role in the creation and ... Read more
Cyber Threats June 9, 2021 New Malware Discovered Targeting Windows Containers to Plant Backdoors in Kubernetes Clusters A new malware variant has been discovered that is believed to be the first to target Windows containers. The malware, discovered by Daniel Prizmant of ... Read more
Insights June 8, 2021 Password Compliance When security companies provide advice about password compliance, it is often in terms of complying with regulatory standards that exist in specific industries (i.e., HIPAA, ... Read more
Compliance June 8, 2021 Microsoft Patches 41 Vulnerabilities, Including 5 Critical Flaws and 7 Zero-Days June 2021 Patch Tuesday has seen Microsoft release patches to correct 50 vulnerabilities across its range of products, including 7 zero-day vulnerabilities. Five vulnerabilities are ... Read more
Cyber Threats June 8, 2021 Critical VMware vCenter Server Vulnerability Under Active Exploitation The critical VMware vCenter Server vulnerability CVE-2021-21985 is being actively exploited in the wild. There have been several successful exploits of the 9.8/10 severity vulnerability ... Read more
Security Breaches June 4, 2021 Take Ransomware Seriously, Warns White House Ransomware attacks have been increasing and it is now common for the threat actors behind these attacks to not only encrypt data to prevent access, ... Read more
Security Breaches June 3, 2021 FBI Says REvil Behind Ransomware Attack on JBS Foods The Federal Bureau of Investigation (FBI) has issued a statement about the recent ransomware attack on the JBS Foods attributing the attack to the REvil ... Read more
Cyber Threats June 2, 2021 FBI Warns of APT Groups Exploiting Fortinet Vulnerabilities The Federal Bureau of Investigation (FBI) has issued a Flash Alert warning of the continued exploitation of Fortinet Fortigate vulnerabilities by Advanced Persistent Threat (APT) ... Read more
Cyber Threats May 28, 2021 VMware Patches Critical Vulnerability in vCenter Server A patch has been released to fix a critical severity vulnerability in VMware’s virtualization management platform, vCenter Server. The vulnerability could be remotely exploited by ... Read more
Security Breaches May 26, 2021 New Report Highlights Scale of Attempted Cyberattacks One tactic commonly adopted by organizations to improve their security posture is to block traffic from countries where hackers are known to reside: Russia, China, ... Read more
Cyber Threats May 25, 2021 Apple Patches Actively Exploited Zero-Day MacOS Vulnerability Apple has released a patch to fix a zero-day vulnerability in macOS that is being actively exploited in the wild. The macOS vulnerability, tracked as ... Read more
Cyber Threats May 24, 2021 SQL Injection Vulnerability in WP Statistics WordPress Plugin Allows Theft of Database Information A bug has been identified in a popular WordPress app that allows an unauthenticated attacker to steal sensitive database information. The WP Statistics plugin provides ... Read more
Cyber Threats May 21, 2021 Large-Scale Malspam Campaign Detected Delivering the STRRAT Remote Access Trojan Microsoft has issued a warning about a massive malspam campaign that is being used to deliver the STRRAT remote access trojan (RAT). The campaign is ... Read more
Cyber Threats May 19, 2021 Studies Provide Insights into Vulnerability Exploitation and the Best Patching Policies If you want to prevent threat actors from exploiting vulnerabilities and gaining access to your network, you need to make sure you patch promptly, but ... Read more
Security Breaches May 17, 2021 DarkSide Ransomware Operation Shuts Down and RaaS Operators Place Limits on Attacks by Affiliates The DarkSide ransomware gang, which was responsible for the cyberattack on Colonial Pipeline that caused the shutdown of fuel pipelines supplying 45% of the fuel ... Read more
Compliance May 15, 2021 TitanHQ Launches WebTitan OTG (on-the-go) for Chromebooks TitanHQ, the leading provider of cloud-based email and web security solutions to SMBs and MSPs serving the SMB market, has announced the release of a ... Read more
Security Breaches May 14, 2021 Colonial Pipeline and Brenntag Pay Ransoms to DarkSide Ransomware Gang The DarkSide ransomware attack on Colonial Pipeline that disrupted fuel supplies to the East Coast for almost a week and triggering a spike in fuel ... Read more
Tools & Practices May 13, 2021 President Biden Signs Extensive Executive Order to Improve Federal Government Cybersecurity President Biden has signed an Executive Order that seeks to modernize the cybersecurity defenses of the federal government and protect its networks from cyber threats. ... Read more
Compliance May 12, 2021 Microsoft Issued Patches for 55 Vulnerabilities Including 4 Critical Flaws It has been a relatively quiet Patch Tuesday for Microsoft, with patches released to correct just 55 vulnerabilities across its product suite. None of the ... Read more
Cyber Threats May 12, 2021 Adobe Patches 43 Vulnerabilities Including 1 Actively Exploited Flaw in Acrobat/Reader May 2021 Patch Tuesday has seen Adobe issue 43 updates to fix vulnerabilities in 12 different products, including a patch to fix a vulnerability in ... Read more
Cyber Threats May 11, 2021 Train Company Under Fire for Insensitive Phishing Simulation Emails Phishing simulations are an important way to test resilience to phishing attacks, but a British train company has discovered these campaigns can easily backfire if ... Read more
Security Breaches May 10, 2021 Largest Fuel Pipeline in United States Shut Down due to Ransomware Attack The largest fuel pipeline in the United States has been forced to shut down due to a ransomware attack, with the United States declaring a ... Read more
Tools & Practices May 6, 2021 12-Year-Old Vulnerabilities Place Millions of Dell Devices at Risk Hundreds of millions of Dell devices are vulnerable to firmware update driver flaws that could potentially be exploited to achieve remote code execution. The vulnerabilities ... Read more
Cyber Threats May 5, 2021 Trifecta of Sophisticated Malware Distributed in Spear Phishing Campaign Three new sophisticated malware variants are being distributed by an Advanced Persistent Threat (APT) group in a large-scale global phishing campaign, according to a new ... Read more
Cyber Threats May 4, 2021 Patch Released for Actively Exploited Pulse Connect Secure VPN Vulnerability Pulse Secure has released a patch for the actively exploited zero-day vulnerability – CVE-2021-22893 – in the Pulse Connect Secure SSL VPN appliance. Last week, ... Read more
Security Breaches April 30, 2021 Vulnerabilities in SonicWall VPN Appliances Targeted in FiveHands Ransomware Attacks A vulnerability in Sonicwall SMA 100 Series VPN appliances is being targeted to deliver a previously unknown ransomware variant dubbed FiveHands. Threat analysts at Mandiant ... Read more
Cyber Threats April 29, 2021 Phishing Campaign Impersonates Click Studios to Deliver New Moserpass Malware Variant Last week, Click Studios alerted users of the Passwordstate enterprise password manager about a supply chain attack in which hackers successfully compromised the In-Place Upgrade ... Read more