Featured news, articles & updates| SC Media

Featured

Pompeo in China

US expands Clean Network to protect COVID-19 vaccine research from China

As concerns mount over China’s efforts to swipe intellectual property from U.S. companies – most recently COVID-19 vaccine research – the State Department has expanded its Clean Network program to protect U.S. critical telecommunications and technology infrastructure. Among the key objectives is to push vaccine research and other sensitive information to secured clouds. The programs…

Stricken electronics firms weigh reward, cost of paying ransom

Garmin reportedly paid cyber extortionists millions of dollars for access to a decryptor so that the company could restore its services to customers following a July 23 WastedLocker ransomware attack. Meanwhile, a separate ransomware outfit this week reportedly leaked sensitive data lifted from LG and Xerox’s internal networks after attempted negotiations with the two tech…

Lesson learned: Failure to patch led to password leak of 900 VPN enterprise servers

Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords, as well as IP addresses, for more than 900 Pulse Secure VPN enterprise servers. “The lesson here? Patch, patch, patch,” said Laurence Pitt, global security strategy director at Juniper Networks. “The…

‘We want to have more protection’: Arrested pen testers push for Good Samaritan law

Prosecutors dropped felony criminal charges against a pair of ethical pen testers arrested while assessing the security of an Iowa courthouse. But the the two men are not ready move on just yet. Coalfire employees Gary DeMercurio, managing senior, and Justin Wynn, senior security consultant, lobbied Wednesday at the virtual Black Hat conference for a…

Misconfigured servers contributed to more than 200 cloud breaches

Misconfigured storage services in 93 percent of cloud deployments have contributed to more than 200 breaches over the past two years, exposing more than 30 billion records, according to a report from Accurics, which predicted that cloud breaches are likely to increase in both velocity and scale. The researchers found that 91 percent of the…

Tech workforce in defense and aerospace targeted in latest phishing attack

A phishing lure disguised as a legitimate inquiry by a recruiter for a new job opportunity inserts a malicious template into an attached Word document, which then gathers intelligence on the target, usually a highly-skilled technology worker in the aerospace and defense industries. The attack, dubbed Operation North Star, was discovered by researchers in McAfee’s…

Media companies need to lock down content systems as fake news invades

Social media companies have started to become more efficient at recognizing and taking down fake accounts designed to spread fake news and propaganda. But operators of traditional media websites and other digital platforms that regularly publish vital news information to the public may also want to train themselves be on the lookout for disinformation secretly…

Hackers could exploit iDRAC flaw to control EMC PowerEdge servers

Dell issued a patch for a path traversal vulnerability found in the Integrated Dell Remote Access Controller (iDRAC) that could allow criminals to obtain full control of server operations. The vulnerability scored a CVSS rating of 7.1. iDRAC was designed for secure local and remote server management to help IT administrators deploy, update and monitor…

Next post in Security News