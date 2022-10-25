Read full article on original website
Windows Event Log Vulnerabilities Could Be Used to Disable Security Products
Remote attackers could exploit two Event Log vulnerabilities in Windows to crash the Event Log application and cause a denial-of-service (DoS) condition, Varonis warns. Due to the close integration of the browser with the operating system, Event Log is an Internet Explorer-specific application that is present in every version of Windows. Even after Microsoft stops supporting Internet Explorer in June 2022, two security flaws persist in all Windows versions up to Windows 10 due to the particular set of permissions that Event Log has.
Customer Data Security
Brands are worried about customer data security in the wake of high-profile data breaches. Before trusting companies with their personal information, customers need to know whether the businesses have the wherewithal to meet stringent data security compliances. It is very important for businesses to have documented procedures for customer data...
Blackberry Introduces Cyber Threat Intelligence Service to Bolster Corporate Security
At the BlackBerry Security Summit today, BlackBerry Limited announced the launch of its own cyber threat intelligence (CTI) solution, designed to help enterprises detect and respond to cyberattacks. The solution provides threat intelligence detailing the latest cyberattacks, threat actors and malicious campaigns, so they can make more informed decisions on...
Four Reasons Why Enterprises Must Have a Data Loss Prevention Strategy in Place
Enterprise data breaches last year were at an all-time high, and attacks are predicted to only rise in the future. Adopting strong Data Loss Prevention (DLP) strategies through internal resources and vendor solutions is now more critical than ever in light of these changes. Data transfers to unauthorized parties, whether...
Twitter, Under Musk, to Start Charging Verified Users Monthly Fees: Report
How much do you value a blue check-mark? Would you pay $4.99 to remain a verified Twitter user? How about $19.99? That’s the price being weighed in a new plan being hashed out at new platform owner Elon Musk’s request, according to a Sunday night report from tech outlet The Verge. The option to go Twitter Blue already formally exists, with a $4.99 monthly plan in place that allows users to unlock additional features; the revamped, more expensive version must be delivered by next Monday, with the team behind it being told they’ll be fired otherwise, according to people familiar with the matter who spoke to The Verge, which also obtained internal correspondence to that effect. The outlet’s report follows a report by tech newsletter Platformer, published hours earlier, that Twitter was “strongly considering” implementing a forcible pay-to-play verification feature. About an hour after Platformer went to press, Musk tweeted, seemingly in reference to an unrelated subject: “The whole verification process is being revamped right now.”Read it at The Verge
RealVNC buys RPort remote management software
RealVNC , the most secure remote access solution on the market, has acquired RPort, a remote management software that instantly increases the efficiency of IT teams and service providers managed (MSP). The acquisition will allow RealVNC to move beyond graphical screen sharing and into remote management. RPort gives users the...
Five Key Open-Source Security Impediments and Quick Fixes
Today, Open Source is the way of IT platforms, and not a novelty any more. However, CISOs need to be aware of the security risks associated with Open-Source Software (OSS) in order to ensure secure open-source code. They need to confirm that each of their open-source parts is safe and adding value to the project.
Researchers Expose Over 80 ShadowPad Malware C2 Servers
As many as 85 command-and-control (C2) servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected recently. The Threat Analysis Unit (TAU) at VMware examined three ShadowPad variants that used the TCP, UDP, and HTTP(S) protocols for C2 communications. Since 2015, several Chinese state-sponsored actors have privately shared the modular malware platform known as ShadowPad, which is regarded as PlugX’s successor. The business added that it had located malware samples called Spyder and ReverseWindow communicating with ShadowPad C2 IP addresses. Both of these samples are used maliciously by APT41 (also known as Winnti) and LuoYu.
Renaming a GitHub account may have contributed to supply chain attacks
According to Checkmarx, hackers may have created malicious repositories using the accounts’ new names and launched software supply chain attacks by taking advantage of the renaming of well-known GitHub accounts. The repo-jacking technique entails diverting traffic from a renamed repository to an attacker-controlled malicious repository by circumventing GitHub’s redirection...
Verimatrix Recieves 2022 CyberSecurity Breakthrough Award for Mobile Security
Verimatrix, (Euronext Paris: VMX) (Paris:VMX), the leader in powering the modern connected world with people-centered security, today announced that its App Shield Pro was named Application Security Solution of the Year in the 6th annual CyberSecurity Breakthrough Awards program conducted by CyberSecurity Breakthrough, a leading independent market intelligence organization that recognizes the top companies, technologies and products in the global information security market today.
