Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Information Security News Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

Top News

1 day ago Microsoft warns of credential-stealing NTLM relay attacks against Windows domain controllers

TechRepublic View Synopsis+1
To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller.

1 day ago Apple Patches 'Actively Exploited' Mac, iOS Security Flaw

SecurityWeek View Synopsis+1

Apple on Monday released a major security update with fixes for a security defect the company says "may have been actively exploited" to plant malware on macOS and iOS devices.

1 day ago Kaseya Says It Did Not Pay Ransom to Obtain Universal Decryptor

InfoRiskToday View Synopsis+1
Software Firm Continues Helping Ransomware Victims to RecoverRemote management software company Kaseya said Monday that it obtained a universal decryptor key without paying a ransom to the REvil - aka Sodinokibi - gang that hit the firm with a ransomware attack. But it still has not revealed how it obtained the key, other that to say it was supplied by a third party.

1 day ago Kaseya denies paying ransom for decryptor, refuses comment on NDA

ZDNet View Synopsis+1
The company was initially vague about how the universal decryption tool was obtained.

Latest News

30 minutes ago Kaseya's Unitrends Technology Has Zero-Day Flaws

InfoRiskToday View Synopsis+1
Researchers Warn: Do Not Expose Technology to the InternetResearchers are warning of three zero-day vulnerabilities in Kaseya's Unitrends cloud-based enterprise backup and disaster recovery technology. The news comes after a July 2 ransomware attack exploiting flaws in Kaseya's VSA software had a major impact.

30 minutes ago Biden Calls for Critical Infrastructure Security Standards

InfoRiskToday View Synopsis+1
National Security Memo Requires NIST, CISA to Create Standards, But Compliance VoluntaryPresident Joe Biden signed an executive national security memorandum on Wednesday calling for the development of new critical infrastructure cybersecurity standards for various industries. CISA and NIST will develop the standards, and compliance will be voluntary - at least initially.

1 hour ago Data breach costs hit record high due to pandemic

TechRepublic View Synopsis+1
The average cost of a data breach among companies surveyed for IBM Security reached $4.24 million per incident, the highest in 17 years.

1 hour ago US Acting to Better Protect Infrastructure From Cyberthreats

SecurityWeek View Synopsis+1

The Biden administration is taking steps to harden cybersecurity defenses for critical infrastructure, announcing on Wednesday the development of performance goals and a voluntary public-private partnership to protect core sectors.

1 hour ago Average organization targeted by over 700 social engineering attacks each year: report

ZDNet View Synopsis+1
According to a new Barracuda study, IT staffers receive an average of 40 targeted phishing attacks in a year.

2 hours ago How the Dark Web enables access to corporate networks

TechRepublic View Synopsis+1
The number of ads selling access to corporate networks has continued to increase from 2019 to 2020 and into 2021, says Positive Technologies.

3 hours ago Foxit Plugs Multiple Security Holes in PDF Reader, Editor

SecurityWeek View Synopsis+1

Foxit Software this week released security updates for its PDF Reader and PDF Editor applications, to address multiple vulnerabilities, including some leading to remote code execution.

3 hours ago US Gov Warning: VPN, Network Perimeter Product Flaws Under Constant Attack

SecurityWeek View Synopsis+1

The U.S. government and its allies are pleading with defenders to pay attention to gaping holes in perimeter-type devices, warning that advanced threat actors are feasting on known security defects in VPN appliances, network product gateways and enterprise cloud applications.

3 hours ago Tips on Recruiting, Retaining Cybersecurity Staff

InfoRiskToday View Synopsis+1
Professor Keith Martin Offers InsightsTo recruit and retain cybersecurity specialists, organizations must "stop expecting people just to be sort of 'focused monkeys' and doing one particular task and turning the handle," says Keith Martin, professor of information security at Royal Holloway University in the U.K.

5 hours ago One third of cybersecurity workers have faced harassment at work or online - this initiative aims to stamp it out

ZDNet View Synopsis+1
Respect In Security is encouraging organisations to create a workplace free from abuse.

5 hours ago Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities

ZDNet View Synopsis+1
Majority of top vulnerabilities targeted last year were disclosed in the past two years, agencies from the United States, United Kingdom, and Australia have said, with Microsoft Office CVE dating from 2017.