Home

January 28, 2021

Cryptojacking malware targeting cloud apps gets new upgrades, worming capability

A piece of cryptojacking malware with a penchant for targeting the cloud has gotten some updates that makes it easier to spread and harder for organizations to detect when their cloud applications have been commandeered.

The post Cryptojacking malware targeting cloud apps gets new upgrades, worming capability appeared first on SC Media.

January 28, 2021

Azure Functions vulnerability proves cloud users not always in control

A newly discovered Azure Functions vulnerability lets an attacker escalate privileges and escape the Azure Functions Docker to the Docker host. After an internal assessment, Microsoft determined that the vulnerability has no security impact on Azure Functions users because the Docker host itself gets protected by a Microsoft Hyper-V boundary, according to researchers from Intezer…

The post Azure Functions vulnerability proves cloud users not always in control appeared first on SC Media.

January 28, 2021

‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions

The analyst from FireEye that discovered the SolarWinds attack and the co-founder of Tenable will join the advisory board of Trinity Cyber – contributing expertise to the company that counts former homeland security adviser Tom Bossert among its top executives.

The post ‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions appeared first on SC Media.

January 27, 2021

Even dead employees pose a security risk when their accounts are still active

Ransomware attackers compromised deceased employee's account to access a domain admin account. The incident is a sad reminder of some cyber hygiene standards too often overlooked.

The post Even dead employees pose a security risk when their accounts are still active appeared first on SC Media.

January 27, 2021

Apple Patches Three New iOS Zero-Days

While Apple has a significant focus on making iOS secure, one researcher said increasingly complex capabilities often bring vulnerabilities.

The post Apple Patches Three New iOS Zero-Days appeared first on SC Media.

January 27, 2021

‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access

Cybersecurity researchers and the U.S. Cyber Command are warning users about a decade-old buffer overflow bug in sudo that can grant root access to malicious users with low level access to systems. The vulnerability, discovered by Qualys and nicknamed “Baron Samedit,” affects all versions of Linux Qualys has tested against. The glitch allows users, even…

The post ‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access appeared first on SC Media.

January 27, 2021

Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders

The voluntary, collaborative posture taken by different private and public stakeholders is what sets this takedown apart from others.

The post Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders appeared first on SC Media.

January 27, 2021

Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders

The voluntary, collaborative posture taken by different private and public stakeholders is what sets this takedown apart from others.

The post Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders appeared first on SC Media.

January 27, 2021

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders – often companies' biggest security liabilities.

The post Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’ appeared first on SC Media.