Subscribe to Email Updates

Subscribe

All about Virtualization and Cloud Security | Recent Articles:

CISOs Who Close Critical Skills Gaps Stand the Best Chance of Minimizing the Impact of Cyberattacks

Jul 28 by Filip Truta

CISOs who reduce or close their critical IT departments’ skills gaps have the highest probability of minimizing the business impact of cyberattacks – even when budgets and staffing are constrained, according to a SANS Institute study.

Read More

Over 1000 Twitter Staff and Contractors Had Access to Internal Tools that Helped Hackers Hijack Accounts

Jul 27 by Graham Cluley

As Twitter and law enforcement agencies investigate the high profile attack that saw a number of public figures' accounts hacked to spew out a cryptocurrency scam, there is a clear lesson for other businesses to learn.

Read More

Poor Privacy Practices Sharply Boost Likelihood of a Data Breach, Study Shows

Jul 27 by Filip Truta

Companies that don’t change their perception about data protection are increasing their odds of suffering a data breach by a whopping 80% and, in the event of a breach, will face fines seven times larger than companies with the best scores, according to a new report.

Read More

Routers Are Full of Vulnerabilities, But What If ISPs Could Fix That?

Jul 24 by Silviu Stahie

Imagine a world where routers with vulnerabilities are protected by the software running on them, which doesn't need to be upgraded via firmware images that often arrive late or never at all. It’s a feature that would benefit everyone – consumers, IoT manufacturers, and ISPs - and the scenario is not far-fetched. 

Read More

Cybersecurity Market Expected to Grow by 2.5% in Worst-Case Scenario

Jul 24 by Silviu Stahie

Cybersecurity spending will grow by 5.6% year-on-year in 2020, despite the financial problems that all economies face right now. In fact, the entire cybersecurity market will likely grow by 2.5% this year, according to a new report from Canalys. 

Read More

Raft of Healthcare Breaches Continue

Jul 23 by George V. Hulme

Attacks targeting healthcare organizations just won’t let up. In early June, the University of California San Francisco (UCSF) announced that their IT team identified a limited security breach within a part of the UCSF School of Medicine’s IT environment.

Read More

Securing the Human Layer – The First Sane Step Towards Achieving a Strong Cybersecurity Posture

Jul 22 by Filip Truta

Employees typically access 59 risky URLs per week, or 8.5 per day, according to new data. That’s more than once per hour in an eight-hour workday. Depending on their knowledge of the threat landscape, corporate employees can be as dangerous as an external cyber-attack on the company – especially if those employees are working remotely.

Read More

92% of Businesses Give Criminals Access to Customer Data through Vulnerable JavaScript Integrations

Jul 21 by Filip Truta

Sensitive data, like personally identifiable information (PII) and credit card information, has never been more at risk, while security is becoming less effective, new research shows.

Read More

Report Says Data in the Cloud is Creating ‘Fear and Trust’ Issues for Security Professionals

Jul 20 by Bob Violino

A patchwork of tools, the presence of misconfigured services, and confusion around data security ownership in the cloud has created a crisis of confidence among IT security professionals that will only be fixed by organizations making security part of their business culture.

Read More

Media Is the Most Targeted Industry in Credential Stuffing Attacks

Jul 17 by Silviu Stahie

The media industry is a prime target for credential stuffing attacks, with more than 17 billion incidents reported from January 2018 to December 2019, according to a report from Akamai. 

Read More

Email Impersonation on the Rise as Workforce Grows Increasingly Distracted and Dispersed

Jul 17 by Filip Truta

Over a third of organizations are seeing email-based attacks hit their inbox daily, new data shows. IT professionals now say they need to remediate an email-based attack every day –including suspending compromised email accounts.

Read More

HVI Blocks SIGRed, Prevents Zero-Day Execution from Suspicious Memory Regions

Jul 16 by Michael Rosen
  • Windows DNS server remote code execution vulnerability permits full takeover of infected systems
  • Wormable exploits can spread via malware between vulnerable computers without user interaction
  • SIGRed vulnerability impacts nearly all versions of DNS in Windows Server dating back over 17 years
  • Hypervisor Introspection (HVI) prevents zero-day code execution from suspicious memory regions

On July 14, Microsoft published Security Vulnerability CVE-2020-1350 describing a longstanding, broad-based Windows DNS server remote code execution vulnerability whereby Windows Domain Name servers fail to properly handle malformed DNS requests, allowing an attacker to corrupt memory and run arbitrary code in the context of the Local System Account. All Windows servers that are configured as DNS servers are at risk from this critical (CVSS 10) vulnerability—which Microsoft acknowledges dates back at least 17 years—putting directly at risk multiple versions of Windows Server 2008, 2012, 2016, and 2019 in widespread production worldwide.

Read More

Cloud Security




Subscribe to Blog Updates

Posts by Categories

Latest Tweets