Monthly Archives: January 2021

SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach

Tactics expose the need for organizations to develop cohesive playbooks for breaches affecting hybrid environments.

The post SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach appeared first on SC Media.

Continue reading

Posted in Breach, Cloud, Cloud Security, Data Breach, Featured, Network Security, Security News, SolarWinds hack | Comments Off on SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach

Fourth SolarWinds malware strain shows diversity of tactics, need to focus on detection, response

Researchers have found a fourth strain of malware – Raindrop – that was used in the SolarWinds supply chain attack, a loader similar to the Teardrop tool. But while Teardrop was delivered by the original Sunburst backdoor in early July 2020, Raindrop was used just under two weeks later for spreading laterally across the victim’s…

The post Fourth SolarWinds malware strain shows diversity of tactics, need to focus on detection, response appeared first on SC Media.

Continue reading

Posted in Breach, Malware, Security News, Threat Security Intelligence | Comments Off on Fourth SolarWinds malware strain shows diversity of tactics, need to focus on detection, response

7 vulnerabilities in popular DNS forwarding software open door to range of attacks

Researchers at JSOF have discovered distinct spoofing and buffer overflow vulnerabilities associated with DNSMasq, used in networking devices to cache and forward Domain Name System requests.

The post 7 vulnerabilities in popular DNS forwarding software open door to range of attacks appeared first on SC Media.

Continue reading

Posted in Network Security, Security News, Threat intelligence, Vulnerabilities, Vulnerability Management | Comments Off on 7 vulnerabilities in popular DNS forwarding software open door to range of attacks

Free cyber career training coursework emerges as a perk in tough times

New complimentary offerings are helping current, aspiring and unemployed infosec professionals gain an upper hand in a down economy, while aiding an industry facing a growing skills gap.

The post Free cyber career training coursework emerges as a perk in tough times appeared first on SC Media.

Continue reading

Posted in Careers, Featured, Network Security, Security News, Training | Comments Off on Free cyber career training coursework emerges as a perk in tough times

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

FIN11 has increasingly factored CL0P ransomware into its operations, and its clear they also put a substantial amount of effort into each follow-up compromise.

The post FIN11 e-crime group shifted to CL0P ransomware and big game hunting appeared first on SC Media.

Continue reading

Posted in Cybercrime, Ransomware, Security News | Comments Off on FIN11 e-crime group shifted to CL0P ransomware and big game hunting

Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles

President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical that the newfound funding focus on cybersecurity will be enough to draw the necessary talent. Noting…

The post Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles appeared first on SC Media.

Continue reading

Posted in Government, Security News | Comments Off on Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles

NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks

NSA advises security pros to use designated enterprise DNS resolvers to lock down DoH on corporate networks.

The post NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks appeared first on SC Media.

Continue reading

Posted in Exploit prevention, Network Security, Security News | Comments Off on NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks

Surge in remotely hosted phish images? Some say it’s business as usual

In Nov. 2020 alone, company blocked 262 million emails containing malicious, remotely hosted images.

The post Surge in remotely hosted phish images? Some say it’s business as usual appeared first on SC Media.

Continue reading

Posted in Email Security, Phishing, Security News | Comments Off on Surge in remotely hosted phish images? Some say it’s business as usual

Intel unveils ransomware-fighting CPUs

The capability is an easy win for CISOs, which can benefit with limited tweaks to machines.

The post Intel unveils ransomware-fighting CPUs appeared first on SC Media.

Continue reading

Posted in Featured, Ransomware, Security News, Software and solutions | Comments Off on Intel unveils ransomware-fighting CPUs