Monthly Archives: January 2021
Some 250 servers were apparently breached by the Lebanese Cedar APT group, an organization with suspected links to the Hezbollah Cyber Unit in Lebanon. The target victims include companies from many countries, including the United States, United Kingdom, Saudi Arabia, Egypt, Jordan, Lebanon, Israel and the Palestinian Authority. Many more companies and organizations have been…
The post Lebanese APT group with suspected links to Hezbollah breached 250 servers worldwide appeared first on SC Media.
Exposed enterprise IoT devices can be an indicator of security issues to come, with firms sporting exposed devices having a 62% higher density of other security problems, new research shows. For example, companies with exposed IoT are more than 50% more likely to have email security issues, according to a new report and blog post…
The post Firms with exposed IoT have a higher concentration of other security problems appeared first on SC Media.
If more attacks are uncovered, end-user organizations must apply lessons learned from SolarWinds and take decisive action.
The post As SolarWinds spooks tech firms into rechecking code, some won’t like what they find appeared first on SC Media.
Two vulnerabilities discovered could lead to remote code execution, while another could lead to denial of service attacks.
The post Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers appeared first on SC Media.
While tempting, most experts agree that hack-back strategies are a bad idea for companies. But there are tactics that can help deter nation-state actors and limit their ability to penetrate networks.
The post Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives appeared first on SC Media.
A piece of cryptojacking malware with a penchant for targeting the cloud has gotten some updates that makes it easier to spread and harder for organizations to detect when their cloud applications have been commandeered.
The post Cryptojacking malware targeting cloud apps gets new upgrades, worming capability appeared first on SC Media.
A newly discovered Azure Functions vulnerability lets an attacker escalate privileges and escape the Azure Functions Docker to the Docker host. After an internal assessment, Microsoft determined that the vulnerability has no security impact on Azure Functions users because the Docker host itself gets protected by a Microsoft Hyper-V boundary, according to researchers from Intezer…
The post Azure Functions vulnerability proves cloud users not always in control appeared first on SC Media.
The analyst from FireEye that discovered the SolarWinds attack and the co-founder of Tenable will join the advisory board of Trinity Cyber – contributing expertise to the company that counts former homeland security adviser Tom Bossert among its top executives.
The post ‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions appeared first on SC Media.
Ransomware attackers compromised deceased employee’s account to access a domain admin account. The incident is a sad reminder of some cyber hygiene standards too often overlooked.
The post Even dead employees pose a security risk when their accounts are still active appeared first on SC Media.