Home

January 26, 2021

BEC attack techniques exploit Microsoft 365 messages

Attackers exploit Microsoft 365 “read receipt” and “out of office” message loopholes to evade auto-remediation of a malicious email.

The post BEC attack techniques exploit Microsoft 365 messages appeared first on SC Media.

January 26, 2021

The cyber ‘journeymen’: Apprentices may be the solution to the skills gap

Aspiring infosec professionals have the opportunity to hone their craft as companies develop talent from within, potentially with government funding, and chip away at the diversity problem.

The post The cyber ‘journeymen’: Apprentices may be the solution to the skills gap appeared first on SC Media.

January 26, 2021

Google to offer suite of new zero trust capabilities through Chrome browser

With backing from Google infrastructure and support from a host of industry partners, the features have the potential to significantly expand the footprint of zero trust solutions within industry and government.

The post Google to offer suite of new zero trust capabilities through Chrome browser appeared first on SC Media.

January 26, 2021

Google discloses spearphishing targeting security researchers

Depending on how widespread the compromises were, it could potentially taint some research and defensive strategies that threat intelligence firms share with businesses and other organizations.

The post Google discloses spearphishing targeting security researchers appeared first on SC Media.

January 26, 2021

Users of IoT products from three major vendors at risk of DDoS attacks, data leaks

Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell all provided fixes for their respective products after security firm Claroty privately disclosed them during 2020.

The post Users of IoT products from three major vendors at risk of DDoS attacks, data leaks appeared first on SC Media.

January 25, 2021

Speed of White House cyber appointments should make CISOs ‘a bit more confident’

The appointments and presumed future appointments draw heavily from people with public sector experience, a move that some praise and others criticize as a failure to consider private sector expertise.

The post Speed of White House cyber appointments should make CISOs ‘a bit more confident’ appeared first on SC Media.

January 25, 2021

Does cybersecurity need its own Fauci?

SC Media spoke to Ron Gula, former NSA hacker and cybersecurity investor through Gula Tech Adventures, who has advised Congress and the White House, about what President Joe Biden's first 100 days in office should look like from a cyber perspective.

The post Does cybersecurity need its own Fauci? appeared first on SC Media.

January 23, 2021

SonicWall network attacked via zero days in its VPN and secure access solutions

Cybersecurity firm SonicWall disclosed Friday night that hackers attacked the company’s internal networks by first exploiting zero-day vulnerabilities in its very own secure remote access products. SC Media received an anonymous tip Friday that SonicWall had suffered an attack, but did not get confirmation ahead of the disclosure by the company. SonicWall, whose product line…

The post SonicWall network attacked via zero days in its VPN and secure access solutions appeared first on SC Media.

January 23, 2021

In second attack DDoS group demands 5 bitcoin payment

Five Radware customers received extortion letters in December and January threatening a DDoS attack if they did not pay five bitcoin (worth about $200,000) from a group that wanted the victims to believe they were from Fancy Bear, Lazarus Group and the Armada Collective. The threat group first attacked late last summer and in the…

The post In second attack DDoS group demands 5 bitcoin payment appeared first on SC Media.