Home

January 25, 2021

Speed of White House cyber appointments should make CISOs ‘a bit more confident’

The appointments and presumed future appointments draw heavily from people with public sector experience, a move that some praise and others criticize as a failure to consider private sector expertise.

The post Speed of White House cyber appointments should make CISOs ‘a bit more confident’ appeared first on SC Media.

January 25, 2021

Does cybersecurity need its own Fauci?

SC Media spoke to Ron Gula, former NSA hacker and cybersecurity investor through Gula Tech Adventures, who has advised Congress and the White House, about what President Joe Biden's first 100 days in office should look like from a cyber perspective.

The post Does cybersecurity need its own Fauci? appeared first on SC Media.

January 23, 2021

SonicWall network attacked via zero days in its VPN and secure access solutions

Cybersecurity firm SonicWall disclosed Friday night that hackers attacked the company’s internal networks by first exploiting zero-day vulnerabilities in its very own secure remote access products. SC Media received an anonymous tip Friday that SonicWall had suffered an attack, but did not get confirmation ahead of the disclosure by the company. SonicWall, whose product line…

The post SonicWall network attacked via zero days in its VPN and secure access solutions appeared first on SC Media.

January 23, 2021

In second attack DDoS group demands 5 bitcoin payment

Five Radware customers received extortion letters in December and January threatening a DDoS attack if they did not pay five bitcoin (worth about $200,000) from a group that wanted the victims to believe they were from Fancy Bear, Lazarus Group and the Armada Collective. The threat group first attacked late last summer and in the…

The post In second attack DDoS group demands 5 bitcoin payment appeared first on SC Media.

January 23, 2021

Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs

Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to weaponize network observables against sophisticated attackers.

The post Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs appeared first on SC Media.

January 22, 2021

2021 to bring ‘phase two’ of remote access investment for enterprises

As work from home extends into 2021, remote access performance and security will continue to dominate enterprise budgets and priorities. Accommodating remote users “long-term will lead to phase two of remote access investment,” according to a report from Cato Networks that surveyed 2,376 IT leaders about budgets, purchase plans, future of remote work and secure…

The post 2021 to bring ‘phase two’ of remote access investment for enterprises appeared first on SC Media.

January 22, 2021

New cyber council tackles infosec challenges from a tech perspective

Cybercrime is a plague on all industries, but a technology-borne problem at its core. So it makes sense that leading IT experts and infosec solution providers would step up to provide key advice to the tech community on how to protect customers from prevalent cyberthreats. To that end, the nonprofit IT trade association CompTIA this month officially…

The post New cyber council tackles infosec challenges from a tech perspective appeared first on SC Media.

January 22, 2021

Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years

The effectiveness of this operation serves as a reminder of the risks of openly sharing and storing plain-text network credentials or sensitive network access instructions on internet-accessible apps or servers.

The post Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years appeared first on SC Media.

January 21, 2021

Thousands of BEC lures use Google Forms in recon campaign

Researchers say they have observed thousands of messages using Google Forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to launch future business email compromises (BECs). The attackers used Google Forms to bypass email security content filters based on keywords, according to a blog released Wednesday by Proofpoint Threat…

The post Thousands of BEC lures use Google Forms in recon campaign appeared first on SC Media.