https://www.scmagazine.com/topic/network-security
SCM feed for Network Security
2024-03-29T07:29:13+00:00
https://files.scmagazine.com/logo/scm-horizontal-white-with-resource.png
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved
tag:www.scmagazine.com:post,709785
Google: Zero-day exploits increasingly target enterprise technologies
2024-03-28T10:00:16-04:00
Simon Hendery
https://www.scmagazine.com/contributor/simon-hendery
<p>An analysis found threat actors are increasingly targeting enterprise-specific technologies.</p>
2024-03-28T09:58:32-04:00
tag:www.scmagazine.com:post,709776
Zero-day exploitation spikes
2024-03-28T10:00:32-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Threat actors actively exploited 97 zero-day vulnerabilities last year, which is more than 50% higher than in 2022 but lower than in 2021, reports BleepingComputer.</p>
2024-03-28T09:30:24-04:00
tag:www.scmagazine.com:post,709482
Cyber threat readiness maturity severely lacking worldwide
2024-03-27T10:58:56-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Only 3% of organizations around the world were reported to be completely ready to deal with increasingly sophisticated cybersecurity threats, including ransomware attacks and supply chain intrusions, reports SiliconAngle.</p>
2024-03-27T10:58:51-04:00
tag:www.scmagazine.com:post,709414
Germany: Vulnerable internet-exposed Microsoft Exchange servers prevalent
2024-03-27T09:21:56-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Nearly 17,000 internet-exposed Microsoft Exchange servers across Germany were confirmed by the country's Federal Office for Information Security, or BSI, to have significant security issues, reports BleepingComputer.</p>
2024-03-27T09:21:51-04:00
tag:www.scmagazine.com:post,709411
Massive TheMoon bot campaign hits outdated routers, IoT devices
2024-03-27T09:18:59-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Attacks with an updated TheMoon botnet variant have impacted more than 40,000 end-of-life small office and home office routers and internet of things devices across 88 countries during the first two months of 2024, while the botnet's latest campaign earlier this month facilitated the compromise of over 6,000 Asus routers in less than three days, Security Affairs reports.</p>
2024-03-27T09:18:52-04:00
tag:www.scmagazine.com:post,709288
Fortinet FortiClient EMS SQL injection flaw exploited in the wild
2024-03-26T16:50:29-04:00
Laura French
https://www.scmagazine.com/contributor/laura-french
<p>A PoC exploit is available for the critical flaw, which was added to CISA’s KEV catalog Monday. </p>
2024-03-26T16:49:28-04:00
SQL injection in Fortinet FortiClient EMS can lead to RCE.
tag:www.scmagazine.com:post,709216
Flaw in Ray AI framework potentially leaks sensitive data of workloads
2024-03-26T16:38:51-04:00
Steve Zurier
https://www.scmagazine.com/contributor/steve-zurier
<p>Threat actor targets AI workloads, believed to be first exploited in the wild.</p>
2024-03-26T14:20:58-04:00
"ShadowRay" may be the first known instance of AI workloads actively being exploited in the wild. (Adobe Stock)
tag:www.scmagazine.com:post,708986
Call for 2024 SC Awards nominations
2024-03-28T10:01:32-04:00
Tom Spring
https://www.scmagazine.com/contributor/tom-spring
<p>Starting now we officially welcome your to nominate your top products, solutions and standout individuals.</p>
2024-03-26T08:23:36-04:00
tag:www.scmagazine.com:post,709074
Reported HHS breach leading to theft of $7.5M under investigation
2024-03-26T07:47:41-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>More details regarding the reported breach of the Department of Health and Human Services' Health Resources and Services Administration grant payments platform from March to November 2023 have been demanded.</p>
2024-03-26T07:47:36-04:00
tag:www.scmagazine.com:post,709073
Outages at major UK tech trade union linked to cyberattack
2024-03-26T07:45:32-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Such impacted systems contained certain CWU member information but further investigation into a possible data breach is still needed.</p>
2024-03-26T07:45:27-04:00
tag:www.scmagazine.com:post,708894
StrelaStealer malware hits more than 100 EU and US organizations
2024-03-25T14:25:06-04:00
Steve Zurier
https://www.scmagazine.com/contributor/steve-zurier
<p>Security pros say StrelaStealer uses control flow obfuscation — a technique that lets the threat actor better evade detection and reverse engineering.</p>
2024-03-25T14:24:21-04:00
The StrelaStealer malware has been updated to avoid detection. (Adobe Stock)
tag:www.scmagazine.com:post,708912
Updated federal DDoS defense guidance issued
2024-03-25T13:27:00-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Federal organizations and other entities have been urged by the FBI, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center to proactively combat distributed denial-of-service attacks and be vigilant of potential risks, reports SecurityWeek.</p>
2024-03-25T13:26:55-04:00
tag:www.scmagazine.com:post,708846
ScreenConnect, BIG-IP bugs a bonanza for hackers conducting cyberespionage
2024-03-25T11:39:46-04:00
Simon Hendery
https://www.scmagazine.com/contributor/simon-hendery
<p>One China-linked threat actor boasted of compromising hundreds of organizations using the known vulnerabilities.</p>
2024-03-25T11:38:58-04:00
Hackers are exploiting known bugs to target U.S. and UK entities. (Adobe Stock)
tag:www.scmagazine.com:post,686399
Apps Gone Wild: Re-thinking App and Identity Security for SaaS - Guy Guzner - BSW #343
2024-03-27T10:31:04-04:00
Matt Alderman
https://www.scmagazine.com/contributor/matt-alderman
Jason Albuquerque
https://www.scmagazine.com/contributor/jason-albuquerque
2024-03-25T00:00:00-04:00
tag:www.scmagazine.com:post,708482
F5, ScreenConnect vulnerabilities leveraged in global Chinese cyberattacks
2024-03-22T06:54:35-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>UNC5174, which is believed to be an ex-member of Chinese hacktivist groups Genesis Day and Dawn Calvary, leveraged a flaw, to compromise U.S. defense contractors, UK government organizations, and Asian entities.</p>
2024-03-22T06:54:30-04:00
tag:www.scmagazine.com:post,708329
Memory leak on Windows Server update causes domain controllers to crash
2024-03-21T13:56:08-04:00
Steve Zurier
https://www.scmagazine.com/contributor/steve-zurier
<p>Microsoft says it will fix this month’s Patch Tuesday for Windows Server in the coming days.</p>
2024-03-21T13:48:06-04:00
Microsoft is working to resolve a Windows Server update that could cause domain controllers to crash. (Photo by Ramon Costa/SOPA Images/LightRocket via Getty Images)
tag:www.scmagazine.com:post,708189
Cyberattack impacts Radiant Logistics' Canada operations
2024-03-21T07:58:28-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Discovery of malicious network activity on Mar. 14 has prompted Radiant Logistics to immediately isolate Canadian operations, activate incident response measures, and engage with third-party cybersecurity experts to remediate the incident.</p>
2024-03-21T07:58:23-04:00
tag:www.scmagazine.com:post,708191
Cyberattack-related OT disruptions prevalent in industrial firms
2024-03-21T06:49:55-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Operational technology cyberattacks have targeted 75% of industrial firms in the Americas, Europe, and the Asia-Pacific during the past 12 months, 24% of which resulted in OT operation takedowns.</p>
2024-03-21T06:49:50-04:00
tag:www.scmagazine.com:post,708190
Hijacked Spa Grand Prix email leveraged in phishing attack
2024-03-21T06:49:27-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Attackers leveraged the hijacked email account to send phishing emails using a €50 voucher for ticket purchases as a lure that redirected to a spoofed Spa GP website that sought targets' banking details and other personal information. </p>
2024-03-21T06:49:23-04:00
tag:www.scmagazine.com:post,708187
More sophisticated BunnyLoader malware variant emerges
2024-03-21T06:42:58-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Information stealing malware-as-a-service threat BunnyLoader has been updated with new data theft modules, more advanced keylogging features, smaller payloads, and increased stealth.</p>
2024-03-21T06:42:53-04:00
tag:www.scmagazine.com:post,708186
Significant compromise possible with novel Loop DoS attack
2024-03-21T06:40:14-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Nearly 300,000 online systems and their networks could be compromised through the novel Loop DoS attack.</p>
2024-03-21T06:40:08-04:00
tag:www.scmagazine.com:post,686490
Top 5 Myths About API Security and What to Do Instead - Robert Dickinson - ESW #354
2024-03-25T17:01:04-04:00
Darwin Salazar
https://www.scmagazine.com/contributor/darwin-salazar
Matt Alderman
https://www.scmagazine.com/contributor/matt-alderman
2024-03-21T00:00:00-04:00
tag:www.scmagazine.com:post,707981
Improved cyber threat detection sought by new Perception Point AI model
2024-03-20T12:07:20-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>OpenAI's GPT-4 multimodal large language model has been tapped by Perception Point for its new artificial intelligence tool GPTheat Hunter to facilitate improved threat detection through the autonomous resolution of incidents deemed to be uncertain by existing cybersecurity solutions.</p>
2024-03-20T12:07:14-04:00
tag:www.scmagazine.com:post,707881
Vulnerability reports to DoD reach 50K
2024-03-20T07:18:58-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Such figures indicate 5,000 total reported vulnerabilities in 2023, representing a decline from the 7,349 vulnerability reports processed in 2022.</p>
2024-03-20T07:18:53-04:00
tag:www.scmagazine.com:post,707887
US, others issue new Volt Typhoon warning
2024-03-20T07:06:08-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>With Volt Typhoon targeting network-based operational technology assets to facilitate critical infrastructure compromise. </p>
2024-03-20T07:06:03-04:00
tag:www.scmagazine.com:post,707679
Earth Krahang campaign compromised government servers in 23 countries
2024-03-19T11:29:50-04:00
Simon Hendery
https://www.scmagazine.com/contributor/simon-hendery
<p>The newly discovered China-linked APT group abused trust between governments.</p>
2024-03-19T11:15:45-04:00
The China-linked group Earth Krahang attacked allies of governments after compromising infrastructure. (Adobe Stock)
tag:www.scmagazine.com:post,707621
Malware attack compromises Fujitsu customer data
2024-03-19T07:36:48-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Impacted business computers have already been isolated while other systems' cybersecurity defenses have already been enhanced amid an ongoing investigation into the means of malware compromise and the types of exfiltrated data. </p>
2024-03-19T07:36:43-04:00
tag:www.scmagazine.com:post,707620
Mintlify breach leaks customer GitHub tokens
2024-03-19T07:30:16-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Such a security issue within Mintlify's systems facilitated the exposure of its internal admin credentials, which could be leveraged to enable internal endpoint compromise and further data exposure. </p>
2024-03-19T07:30:11-04:00
tag:www.scmagazine.com:post,707618
New CrowdStrike, Nvidia collaboration seeks AI-powered cybersecurity
2024-03-19T07:06:10-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Collaboration would not only enable the creation of a custom generative AI model for enterprise-focused large language model-powered apps, which could advance corporate threat hunting and supply chain attack detection, as well as enable proactive network defense efforts.</p>
2024-03-19T07:06:05-04:00