Subscribe to Email Updates

Subscribe

All about Virtualization and Cloud Security | Recent Articles:

IT Leaders Aim to Outgun Hackers with Bigger Cybersecurity Budgets in 2020

Mar 11 by Filip Truta

More than half of IT professionals are extremely concerned about the security of corporate endpoints in the face of sophisticated attack vectors like ransomware, disruptionware, phishing and others.

Read More

Bitdefender Researchers Discover New Side-Channel Attack

Mar 10 by Shaun Donaldson
  • This new speculative-execution-based attack exploits flaws in the CPU architecture to potentially leak information from protected memory
  • Dubbed LVI-LFB (Load Value Injection in the Line Fill Buffers), this is a novel attack (CVE-2020-0551)
  • Bitdefender has developed a synthetic Proof of Concept which demonstrates the viability of this new attack
  • Existing mitigations for previous attacks, such-as Meltdown, Spectre, and MDS are not sufficient to completely remove the new vulnerability

A Brief History Leading to LVI-LFB

In 2018, two new types of microarchitectural side-channel attacks were disclosed: Meltdown and Spectre. Meltdown allows an attacker to speculatively access memory that is inaccessible, while Spectre allows an attacker to alter the branch prediction structures in order to gain speculative arbitrary code execution. In 2019, another class of microarchitectural side-channel attacks was disclosed: Microarchitectural Data Sampling, or MDS. It allows an attacker to pick-up in-flight data from various microarchitectural data structures (line fill buffers or LFBs - MFBDS, load ports - MLPDS or store buffers - MSBDS).

Read More

Passwords Remain the Main Method of Authentication and Top Cause of Data Breaches

Mar 10 by Filip Truta

The username/password combo is still the dominant method of authentication used to access business devices, apps and data. Conversely, the password is still the top attack vector for organizations of all sizes, new research shows.

Read More

Healthcare Providers Lose an Average $2.75 Million per Data Breach

Mar 09 by Filip Truta

More than half of healthcare vendors have suffered at least one breach of protected health data belonging to patients of the healthcare providers they serve, new research shows. On average, a breach exposes around 10,000 patient records and inflicts $2.75 million in damages.

Read More

Why Is Targeted Ransomware So Dangerous?

Mar 06 by Silviu Stahie

The word “ransomware” strikes fear in the hearts of chief technical officers. Their impulse in the face of an attack is to say it was random, but that’s usually not true. Targeted ransomware is the result of a complex process that involves more than just the initial infection – and it presents more challenges than a regular incident.

Read More

Securing AI: The Next Gen of Enterprise Cybersecurity

Mar 05 by Ericka Chickowski

Recently, a facial recognition vendor that consolidates billions of photos to fuel its artificial intelligence (AI) people-searching platform admitted to a major breach. On its surface, the incident is a pretty standard exposure of client list details. But scratch a little deeper and the problems inherent with the breach highlight some of the dangers and cyber risks hiding under the gigantic iceberg that is AI technology today.

Read More

20% of People Caught in Data Breaches Suffer Financial Info Leaks

Mar 04 by Silviu Stahie

A wide range of information is lost in a data breach, starting from more innocuous things like an email address to more dangerous items such as financial details. In a recent survey, 20% of the people interviewed had their financial data leaked in a data breach.

Read More

Survey Shows Most Organizations Plan to Embrace Zero Trust, yet Remain Unconfident in Ability to Implement

Mar 03 by George V. Hulme

One of the biggest weaknesses in any environment is maintaining effective authentication and authorization controls.

Read More

Cyberattack Fears Haunt State Employees More Than Natural Disasters and Terrorist Attacks

Mar 02 by Filip Truta

Fewer than one in four city employees receive cyber training related to ransomware threats as budgets for managing cyberattacks have stagnated across U.S. state institutions.

Read More

IT Managers Want Better VSaaS and ACaaS Solutions, Survey Shows

Feb 28 by Silviu Stahie

Physical security systems across Europe are not properly optimized and some of them need improvements in 2020, according to a survey of 1,000 IT decision-makers.

Read More

Hiring, Training and Human Oversight Can Help Battle Insider Threats, US State Department Official Says

Feb 27 by Silviu Stahie

Insider threats present themselves in a variety of ways, and a person isn’t always responsible. Most insider threats are a mix of technology, personnel, and security, according to officials from the US Department of State.

Read More

Exaggerated Lion and Business Email Compromise – Don’t Send That Check!

Feb 26 by Graham Cluley

More and more businesses are falling victim to Business Email Compromise, where scammers fool companies into transferring money into the bank accounts of criminals.

Read More

Cloud Security




Subscribe to Blog Updates

Latest Tweets