Security News > 2022 > June

Acronis is more than just a company that sells backup tools. Acronis Cyber Protect Home Office doesn't stop at protection and backup.

In the traditional vulnerability management process, the definition of a vulnerability is straightforward, "A CVE or a Software Vulnerability." CVEs are important to be managed; however, it is not sufficient to deal with the complex attack surface. Advanced Vulnerability Management provides a broader approach to vulnerabilities and addresses different security risks in the IT vulnerability landscape.

While tracking the mobile banking malware FluBot, the F5 Labs researchers discovered the new Malibot threat targeting Android phones. The second distribution channel is via smishing, directly hitting Android phones: Malibot has the ability to send SMS messages on-demand, and once it receives such a command it sends texts on a phone list provided by the Malibot command and control server.

Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience."Today, June 21, 2022, Cloudflare suffered an outage that affected traffic in 19 of our data centers," Cloudflare said after investigating the incident.

1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

Infosecurity Europe 2022 opened its doors today at the ExCeL in London, here’s a look inside the event. The featured vendors are: Akamai Technologies, AlgoSec, Appgate, AwareGO, Bridewell,...

An agent of the Kazakhstan government has been using enterprise-grade spyware against domestic targets, according to Lookout research published last week. The government entity used brand impersonation to trick victims into downloading the malware, dubbed "Hermit." Hermit is an advanced, modular program developed by RCS Lab, a notorious Italian company that specializes in digital surveillance.

Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks."Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," according to researchers.

An ongoing outage affects multiple Microsoft 365 services, with customers worldwide reporting delays, sign-in failures, and issues accessing their accounts. The affected services include the Exchange Online hosted email platform for businesses and the Microsoft Teams communication platform, as well as SharePoint Online, the Graph API, and Universal Print.

An advanced persistent threat group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. At the time, the hacking group exploited the ProxyLogon Exchange flaws that allowed them to gain remote code execution on vulnerable servers to deploy China Chopper web shells.