Steve Zurier SC Media

Steve Zurier

Most recent articles by Steve Zurier

Phishing attack targeted top financial pro at large company

Attackers using a novel credential phishing attack that leverages Active Directory to verify a victim’s password and gain access to an Office 365 account targeted a top financial person in a division of a large American corporation. Once inside a victim’s account, bad actors could access sensitive financial documents, emails, calendar items and contact lists,…

Palo Alto fixes nine vulnerabilities in PAN-OS

Palo Alto Networks has fixed nine vulnerabilities in its PAN-OS operating system for versions 8.1 or later. The CVSS scores ranged from a high of 9.8 to a low of 3.3. While none of the vulnerabilities were used by attackers in the wild, security researchers from Tenable and Positive Technologies published advisories letting Palo Alto…

Corporate VPNs in danger as vishing attacks target home workers

Multiple hacking gangs are preying on remote workforces and corporate VPNs through vishing attacks that are more efficient, dangerous and ubiquitous than ever, prompting the U.S. government to issue both a warning and advice on how to thwart them. “The news has spread throughout the hacker community and multiple groups are now doing this,” said…

SMBs imperiled as low-end RaaS grows more powerful

As Ransomware-as-a-Service (RaaS) has simultaneously grown more powerful and easier to use, just about anyone can launch successful, damaging ransomware attacks on organizations. Small and medium businesses are particularly vulnerable to the widening variety of tactics –from the “spray and pray” favored by Avaddon to the mass-market-based business model used by Dharma RaaS. “The skills…

More attackers trying to sabotage incident response tactics

The security industry needs to become more clandestine in its approach to incident response, making it harder for attackers to know that they are being tracked. At least that’s what researchers concluded in the fifth installment of VMware Carbon Black’s semi-annual Global Incident Response Threat Report, which also focused heavily on the impact of COVID-19…

Next post in Security News