1 day ago Microsoft warns of credential-stealing NTLM relay attacks against Windows domain controllersTechRepublic View Synopsis+1
To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller.
Apple on Monday released a major security update with fixes for a security defect the company says "may have been actively exploited" to plant malware on macOS and iOS devices.
Software Firm Continues Helping Ransomware Victims to RecoverRemote management software company Kaseya said Monday that it obtained a universal decryptor key without paying a ransom to the REvil - aka Sodinokibi - gang that hit the firm with a ransomware attack. But it still has not revealed how it obtained the key, other that to say it was supplied by a third party.
The company was initially vague about how the universal decryption tool was obtained.
30 minutes ago Kaseya's Unitrends Technology Has Zero-Day FlawsInfoRiskToday View Synopsis+1
Researchers Warn: Do Not Expose Technology to the InternetResearchers are warning of three zero-day vulnerabilities in Kaseya's Unitrends cloud-based enterprise backup and disaster recovery technology. The news comes after a July 2 ransomware attack exploiting flaws in Kaseya's VSA software had a major impact.
30 minutes ago Biden Calls for Critical Infrastructure Security StandardsInfoRiskToday View Synopsis+1
National Security Memo Requires NIST, CISA to Create Standards, But Compliance VoluntaryPresident Joe Biden signed an executive national security memorandum on Wednesday calling for the development of new critical infrastructure cybersecurity standards for various industries. CISA and NIST will develop the standards, and compliance will be voluntary - at least initially.
The average cost of a data breach among companies surveyed for IBM Security reached $4.24 million per incident, the highest in 17 years.
The Biden administration is taking steps to harden cybersecurity defenses for critical infrastructure, announcing on Wednesday the development of performance goals and a voluntary public-private partnership to protect core sectors.
According to a new Barracuda study, IT staffers receive an average of 40 targeted phishing attacks in a year.
The number of ads selling access to corporate networks has continued to increase from 2019 to 2020 and into 2021, says Positive Technologies.
Foxit Software this week released security updates for its PDF Reader and PDF Editor applications, to address multiple vulnerabilities, including some leading to remote code execution.
The U.S. government and its allies are pleading with defenders to pay attention to gaping holes in perimeter-type devices, warning that advanced threat actors are feasting on known security defects in VPN appliances, network product gateways and enterprise cloud applications.
Professor Keith Martin Offers InsightsTo recruit and retain cybersecurity specialists, organizations must "stop expecting people just to be sort of 'focused monkeys' and doing one particular task and turning the handle," says Keith Martin, professor of information security at Royal Holloway University in the U.K.
5 hours ago One third of cybersecurity workers have faced harassment at work or online - this initiative aims to stamp it outZDNet View Synopsis+1
Respect In Security is encouraging organisations to create a workplace free from abuse.
5 hours ago Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilitiesZDNet View Synopsis+1
Majority of top vulnerabilities targeted last year were disclosed in the past two years, agencies from the United States, United Kingdom, and Australia have said, with Microsoft Office CVE dating from 2017.