You are here
Home > Author : Derek B. Johnson

Author: Derek B. Johnson

Microsoft warns zero-day in SolarWinds Serv-U software being exploited by Chinese threat group

by Derek B. Johnson - 0
SolarWinds chief details changes in the boardroom, build process in wake of hack

SolarWinds CEO Sudhakar Ramakrishna attends a Senate Intelligence Committee hearing on Capitol Hill on Feb. 23, 2021, in Washington. A new zero-day affecting SolarWinds’ Serv-U software has seen “limited and targeted” exploitation by a threat group based in China, Microsoft warned. (Photo by Demetrius Freeman-Pool/Getty Images) Microsoft said it discovered a

Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems

by Derek B. Johnson - 0
Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems

Two workers at the Schneider Electric Lexington plant. A major vulnerability in the company’s Modicon programmable logic controllers can be chained with others to allow for remote code execution.(Schneider Electric) A major vulnerability in Schneider Electric’s Modicon programmable logic controllers can be chained with others to allow for remote code

EDR (alone) won’t protect your organization from advanced hacking groups

by Derek B. Johnson - 0
EDR (alone) won’t protect your organization from advanced hacking groups

An unidentified individual uses a laptop computer in Bryant Park last March New York City. (Photo by Cindy Ord/Getty Images) Endpoint detection and response systems can often serve as a frontline defense for many organizations, collecting and storing telemetry from dispersed employee devices and using it to detect malicious activities or

EDR (alone) won’t protect your organization from advanced hacking groups

by Derek B. Johnson - 0
EDR (alone) won’t protect your organization from advanced hacking groups

An unidentified individual uses a laptop computer in Bryant Park last March New York City. (Photo by Cindy Ord/Getty Images) Endpoint detection and response systems can often serve as a frontline defense for many organizations, collecting and storing telemetry from dispersed employee devices and using it to detect malicious activities or

Year-long spear-phishing campaign targets global energy industry

by Derek B. Johnson - 0
Working oil pumps are seen against a sunset sky. Intezer uncovered a year-long spear-phishing campaign against energy companies.

Working oil pumps are seen against a sunset sky. Intezer uncovered a year-long spear-phishing campaign against energy companies. (Getty Images) An unknown group has been conducting a year-long spear-phishing campaign against energy companies and other industries around the world. The campaign has been happening for at least a year and targets companies

Cybersecurity companies are selling like hotcakes in post-pandemic investment market

by Derek B. Johnson - 0
Cybersecurity companies are selling like hotcakes in post-pandemic investment market

Sophos billboard. Sophos was among the flood of cybersecurity companies purchased or sold this year in a flurry of acquisition and merger activity. (Credit: Sophos). For many industries, the pandemic was a time of economic uncertainty, great technological change and reflection about where they and their services fit into a

Enterprise and cloud environments have been under siege from Russian hackers since 2019

by Derek B. Johnson - 0
Enterprise and cloud environments have been under siege from Russian hackers since 2019

Russian President Vladimir Putin at the German Federal Chancellery in 2016 in Berlin, Germany. Fancy Bear doesn’t appear to be leveraging any new zero-day exploits in the campaign, instead relying on tried-and-true tactics like password spraying while exploiting publicly known (but unpatched) vulnerabilities like those affecting Microsoft Exchange. (Adam

Windows Print Spooler flaw could make a bad compromise much worse

by Derek B. Johnson - 0
Windows Print Spooler flaw could make a bad compromise much worse

A signage of Microsoft is seen on March 13, 2020 in New York City. A flaw originally believed to be a low-level privilege escalation vulnerability in Windows Print Spooler service is causing alarm across the information security community after further research has found it also leaves domain controllers susceptible to

Industry groups worry that cyber may get lost amid the contracting morass of federal orders

by Derek B. Johnson - 0
Industry groups worry that cyber may get lost amid the contracting morass of federal orders

A pedestrian walks by the headquarters of The Boeing Company on January 29, 2020 in Chicago, Illinois. New reporting requirements for IT and OT contractors have led to consternation in the contracting community. (Photo by Scott Olson/Getty Images) In the contracting world, clarity matters. Nearly every task and service outlined in a

Scant evidence that cyber insurance boom is leading to better security

by Derek B. Johnson - 0
As market for cyber insurance booms, watchdog calls for better data

The rise of the cyber insurance has largely failed to promote better cybersecurity practices among the industries they cover, according to a new report released Monday from British security think tank RUSI. (Photo by Spencer Platt/Getty Images) The security community for the last few years pointed to great potential for cyber

Top