Home

January 27, 2021

‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access

Cybersecurity researchers and the U.S. Cyber Command are warning users about a decade-old buffer overflow bug in sudo that can grant root access to malicious users with low level access to systems. The vulnerability, discovered by Qualys and nicknamed “Baron Samedit,” affects all versions of Linux Qualys has tested against. The glitch allows users, even…

The post ‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access appeared first on SC Media.

January 27, 2021

Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders

The voluntary, collaborative posture taken by different private and public stakeholders is what sets this takedown apart from others.

The post Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders appeared first on SC Media.

January 27, 2021

Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders

The voluntary, collaborative posture taken by different private and public stakeholders is what sets this takedown apart from others.

The post Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders appeared first on SC Media.

January 27, 2021

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders – often companies' biggest security liabilities.

The post Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’ appeared first on SC Media.

January 26, 2021

BEC attack techniques exploit Microsoft 365 messages

Attackers exploit Microsoft 365 “read receipt” and “out of office” message loopholes to evade auto-remediation of a malicious email.

The post BEC attack techniques exploit Microsoft 365 messages appeared first on SC Media.

January 26, 2021

The cyber ‘journeymen’: Apprentices may be the solution to the skills gap

Aspiring infosec professionals have the opportunity to hone their craft as companies develop talent from within, potentially with government funding, and chip away at the diversity problem.

The post The cyber ‘journeymen’: Apprentices may be the solution to the skills gap appeared first on SC Media.

January 26, 2021

Google to offer suite of new zero trust capabilities through Chrome browser

With backing from Google infrastructure and support from a host of industry partners, the features have the potential to significantly expand the footprint of zero trust solutions within industry and government.

The post Google to offer suite of new zero trust capabilities through Chrome browser appeared first on SC Media.

January 26, 2021

Google discloses spearphishing targeting security researchers

Depending on how widespread the compromises were, it could potentially taint some research and defensive strategies that threat intelligence firms share with businesses and other organizations.

The post Google discloses spearphishing targeting security researchers appeared first on SC Media.

January 26, 2021

Users of IoT products from three major vendors at risk of DDoS attacks, data leaks

Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell all provided fixes for their respective products after security firm Claroty privately disclosed them during 2020.

The post Users of IoT products from three major vendors at risk of DDoS attacks, data leaks appeared first on SC Media.