Category Archives: Security News

As SolarWinds spooks tech firms into rechecking code, some won’t like what they find

If more attacks are uncovered, end-user organizations must apply lessons learned from SolarWinds and take decisive action.

The post As SolarWinds spooks tech firms into rechecking code, some won’t like what they find appeared first on SC Media.

Continue reading

Posted in Application Security, Featured, Network Security, Security News, Security strategy | Comments Off on As SolarWinds spooks tech firms into rechecking code, some won’t like what they find

Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers

Two vulnerabilities discovered could lead to remote code execution, while another could lead to denial of service attacks.

The post Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers appeared first on SC Media.

Continue reading

Posted in DDoS, Security News, Threat intelligence, Vulnerabilities, Vulnerability Management | Comments Off on Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers

Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives

While tempting, most experts agree that hack-back strategies are a bad idea for companies. But there are tactics that can help deter nation-state actors and limit their ability to penetrate networks.

The post Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives appeared first on SC Media.

Continue reading

Posted in APT, APTs/cyberespionage, Cyberespionage, Featured, Security News, Security strategy, SolarWinds hack | Comments Off on Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives

Cryptojacking malware targeting cloud apps gets new upgrades, worming capability

A piece of cryptojacking malware with a penchant for targeting the cloud has gotten some updates that makes it easier to spread and harder for organizations to detect when their cloud applications have been commandeered.

The post Cryptojacking malware targeting cloud apps gets new upgrades, worming capability appeared first on SC Media.

Continue reading

Posted in Cloud, Cryptocurrency, Malware, Security News | Comments Off on Cryptojacking malware targeting cloud apps gets new upgrades, worming capability

Azure Functions vulnerability proves cloud users not always in control

A newly discovered Azure Functions vulnerability lets an attacker escalate privileges and escape the Azure Functions Docker to the Docker host. After an internal assessment, Microsoft determined that the vulnerability has no security impact on Azure Functions users because the Docker host itself gets protected by a Microsoft Hyper-V boundary, according to researchers from Intezer…

The post Azure Functions vulnerability proves cloud users not always in control appeared first on SC Media.

Continue reading

Posted in Cloud, Security News, Virtualization And Cloud-Based Security, Vulnerability Management | Comments Off on Azure Functions vulnerability proves cloud users not always in control

‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions

The analyst from FireEye that discovered the SolarWinds attack and the co-founder of Tenable will join the advisory board of Trinity Cyber – contributing expertise to the company that counts former homeland security adviser Tom Bossert among its top executives.

The post ‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions appeared first on SC Media.

Continue reading

Posted in Corporate News, Featured, Network Security, Security News, Software and solutions | Comments Off on ‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions

Even dead employees pose a security risk when their accounts are still active

Ransomware attackers compromised deceased employee’s account to access a domain admin account. The incident is a sad reminder of some cyber hygiene standards too often overlooked.

The post Even dead employees pose a security risk when their accounts are still active appeared first on SC Media.

Continue reading

Posted in Cybercrime, Featured, Network Security, Ransomware, Security News | Comments Off on Even dead employees pose a security risk when their accounts are still active

Apple Patches Three New iOS Zero-Days

While Apple has a significant focus on making iOS secure, one researcher said increasingly complex capabilities often bring vulnerabilities.

The post Apple Patches Three New iOS Zero-Days appeared first on SC Media.

Continue reading

Posted in Mobile, Mobile Security, Security News, Vulnerability Management | Comments Off on Apple Patches Three New iOS Zero-Days

‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access

Cybersecurity researchers and the U.S. Cyber Command are warning users about a decade-old buffer overflow bug in sudo that can grant root access to malicious users with low level access to systems. The vulnerability, discovered by Qualys and nicknamed “Baron Samedit,” affects all versions of Linux Qualys has tested against. The glitch allows users, even…

The post ‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access appeared first on SC Media.

Continue reading

Posted in Network Security, Security News | Comments Off on ‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access