Everyone wants to receive a free $50 Best Buy gift card and USB drive in the mail, but as the saying goes, nothing is ever truly free. A cybercriminal gang has put together a unique attack profile based on this human frailty, but one that has been on the scene since the early days of…
The novel coronavirus is challenging organizations on all fronts. Leaders must contend not only with cyberattackers leveraging COVID-19, but also employee, customer and partner concerns, and business continuity and risk management planning. Visit this page for ongoing updates to coverage from SC Media and other CyberRisk Alliance affiliates — including news analysis, business guidance and insights…
Kaspersky has uncovered an highly targeted attack striking a single country using a trojan written in C++ that has not been spotted before. Dubbed Milum, the trojan shows no code similarities with known campaigns reported Kaspersky’s Threat Attribution Engine and only three instances of it have bee found and are considered all part of the…
Apple released updates across eight product lines with several having more than a dozen issues addressed. Apple does not rate the severity of each vulnerability, but does break them all down for its users. One batch of 13 vulnerabilities was shared across three products, iCloud for Windows versions 10.9.3, 7.18 and iTunes 12.10.5 . Five of…
COVID-19 spreading through parts of China did not entirely deter APT41 from carrying out one of the largest campaigns ever conducted by a Chinese cyberespionage group. The attacks were not directly tied to the Coronavirus outbreak nor did the attackers attempt to leverage the virus in any way, but FireEye noted the group’s activity did…
While many organizations already have telecommute policies and solutions in place, they are most commonly for either fully-remote workers or for employees who typically work in the office but need flexibility for unusual situations. The current environment most companies now face may put their remote workplace capabilities to the test. This is most pronounced when…
Apply pressure to any system – and its weakness become apparent. COVID-19 has exerted the necessary pressure to test cybersecurity postures, exposing gaps – some of them yawning, some more subtle – as entire workforces have been ordered to work from home. As the novel coronavirus escaped the confines of China earlier this year and…
Several cybersecurity firms are going the extra mile to help customers set up a safe environment for their telecommuting workforce. The new reality of having the majority of a businesses workforce working from home has opened a Pandora’ Box or cybersecurity issues for these organizations. A recent poll of UK companies by the private equity…
A zero-day vulnerability in a digital video recorders (DVR) made by LILIN is being used by malicious actors to create botnet armies. Using a zero day to infect a device is a new tactic, reported NetLab 360, which uncovered the trend last year when multiple campaigns operated by several different attack groups were found using…
The new Mirai variant Mukashi is targeting Zyxel network attached storage (NAS) devices using brute force attacks based on the default admin credentials and then exploiting CVE-2020-9054. Palo Alto Networks Unit 42 said almost all Zyxel NAS products running firmware versions up to 5.21 are susceptible. CVE-2020-9054 is a pre-authentication command injection vulnerability, which may…
