Monthly Archives: January 2021
SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach
Tactics expose the need for organizations to develop cohesive playbooks for breaches affecting hybrid environments.
The post SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach appeared first on SC Media.
Fourth SolarWinds malware strain shows diversity of tactics, need to focus on detection, response
Researchers have found a fourth strain of malware – Raindrop – that was used in the SolarWinds supply chain attack, a loader similar to the Teardrop tool. But while Teardrop was delivered by the original Sunburst backdoor in early July 2020, Raindrop was used just under two weeks later for spreading laterally across the victim’s…
The post Fourth SolarWinds malware strain shows diversity of tactics, need to focus on detection, response appeared first on SC Media.
7 vulnerabilities in popular DNS forwarding software open door to range of attacks
Researchers at JSOF have discovered distinct spoofing and buffer overflow vulnerabilities associated with DNSMasq, used in networking devices to cache and forward Domain Name System requests.
The post 7 vulnerabilities in popular DNS forwarding software open door to range of attacks appeared first on SC Media.
Free cyber career training coursework emerges as a perk in tough times
New complimentary offerings are helping current, aspiring and unemployed infosec professionals gain an upper hand in a down economy, while aiding an industry facing a growing skills gap.
The post Free cyber career training coursework emerges as a perk in tough times appeared first on SC Media.
FIN11 e-crime group shifted to CL0P ransomware and big game hunting
FIN11 has increasingly factored CL0P ransomware into its operations, and its clear they also put a substantial amount of effort into each follow-up compromise.
The post FIN11 e-crime group shifted to CL0P ransomware and big game hunting appeared first on SC Media.
Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles
President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical that the newfound funding focus on cybersecurity will be enough to draw the necessary talent. Noting…
The post Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles appeared first on SC Media.
NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks
NSA advises security pros to use designated enterprise DNS resolvers to lock down DoH on corporate networks.
The post NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks appeared first on SC Media.
Surge in remotely hosted phish images? Some say it’s business as usual
In Nov. 2020 alone, company blocked 262 million emails containing malicious, remotely hosted images.
The post Surge in remotely hosted phish images? Some say it’s business as usual appeared first on SC Media.
Intel unveils ransomware-fighting CPUs
The capability is an easy win for CISOs, which can benefit with limited tweaks to machines.
The post Intel unveils ransomware-fighting CPUs appeared first on SC Media.