Microsoft warns zero-day in SolarWinds Serv-U software being exploited by Chinese threat group Data Breach by Derek B. Johnson - July 14, 20210 SolarWinds CEO Sudhakar Ramakrishna attends a Senate Intelligence Committee hearing on Capitol Hill on Feb. 23, 2021, in Washington. A new zero-day affecting SolarWinds’ Serv-U software has seen “limited and targeted” exploitation by a threat group based in China, Microsoft warned. (Photo by Demetrius Freeman-Pool/Getty Images) Microsoft said it discovered a
Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems Data Breach by Derek B. Johnson - July 14, 20210 Two workers at the Schneider Electric Lexington plant. A major vulnerability in the company’s Modicon programmable logic controllers can be chained with others to allow for remote code execution.(Schneider Electric) A major vulnerability in Schneider Electric’s Modicon programmable logic controllers can be chained with others to allow for remote code
EDR (alone) won’t protect your organization from advanced hacking groups Data Breach by Derek B. Johnson - July 13, 20210 An unidentified individual uses a laptop computer in Bryant Park last March New York City. (Photo by Cindy Ord/Getty Images) Endpoint detection and response systems can often serve as a frontline defense for many organizations, collecting and storing telemetry from dispersed employee devices and using it to detect malicious activities or
EDR (alone) won’t protect your organization from advanced hacking groups Data Breach by Derek B. Johnson - July 13, 20210 An unidentified individual uses a laptop computer in Bryant Park last March New York City. (Photo by Cindy Ord/Getty Images) Endpoint detection and response systems can often serve as a frontline defense for many organizations, collecting and storing telemetry from dispersed employee devices and using it to detect malicious activities or
Year-long spear-phishing campaign targets global energy industry Data Breach by Derek B. Johnson - July 9, 20210 Working oil pumps are seen against a sunset sky. Intezer uncovered a year-long spear-phishing campaign against energy companies. (Getty Images) An unknown group has been conducting a year-long spear-phishing campaign against energy companies and other industries around the world. The campaign has been happening for at least a year and targets companies
Cybersecurity companies are selling like hotcakes in post-pandemic investment market Data Breach by Derek B. Johnson - July 7, 20210 Sophos billboard. Sophos was among the flood of cybersecurity companies purchased or sold this year in a flurry of acquisition and merger activity. (Credit: Sophos). For many industries, the pandemic was a time of economic uncertainty, great technological change and reflection about where they and their services fit into a
Enterprise and cloud environments have been under siege from Russian hackers since 2019 Data Breach by Derek B. Johnson - July 2, 20210 Russian President Vladimir Putin at the German Federal Chancellery in 2016 in Berlin, Germany. Fancy Bear doesn’t appear to be leveraging any new zero-day exploits in the campaign, instead relying on tried-and-true tactics like password spraying while exploiting publicly known (but unpatched) vulnerabilities like those affecting Microsoft Exchange. (Adam
Windows Print Spooler flaw could make a bad compromise much worse Data Breach by Derek B. Johnson - July 1, 20210 A signage of Microsoft is seen on March 13, 2020 in New York City. A flaw originally believed to be a low-level privilege escalation vulnerability in Windows Print Spooler service is causing alarm across the information security community after further research has found it also leaves domain controllers susceptible to
Industry groups worry that cyber may get lost amid the contracting morass of federal orders Data Breach by Derek B. Johnson - June 29, 20210 A pedestrian walks by the headquarters of The Boeing Company on January 29, 2020 in Chicago, Illinois. New reporting requirements for IT and OT contractors have led to consternation in the contracting community. (Photo by Scott Olson/Getty Images) In the contracting world, clarity matters. Nearly every task and service outlined in a
Scant evidence that cyber insurance boom is leading to better security Data Breach by Derek B. Johnson - June 28, 20210 The rise of the cyber insurance has largely failed to promote better cybersecurity practices among the industries they cover, according to a new report released Monday from British security think tank RUSI. (Photo by Spencer Platt/Getty Images) The security community for the last few years pointed to great potential for cyber