Security News

CISA Releases Tool to Detect Microsoft 365 Compromise
2021-04-09 16:55

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has released a new tool to help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments. Dubbed Aviary, the new tool is a dashboard that makes it easy to visualize and analyze output from Sparrow, the compromise detection tool that was released in December 2020.

CISA releases tool to review Microsoft 365 post-compromise activity
2021-04-08 21:39

Image: CISA. The Cybersecurity and Infrastructure Security Agency has released a companion Splunk-based dashboard that helps review post-compromise activity in Microsoft Azure Active Directory, Office 365, and Microsoft 365 environments. CISA's new tool, dubbed Aviary, helps security teams visualize and analyze data outputs generated using Sparrow, an open-source PowerShell-based tool for detecting potentially compromised applications and accounts in Azure and Microsoft 365.

Vulnerability in 'Domain Time II' Could Lead to Server, Network Compromise
2021-04-08 10:50

A vulnerability residing in the "Domain Time II" network time solution can be exploited in Man-on-the-Side attacks, cyber-security firm GRIMM warned on Tuesday. Developed by Greyware Automation Products, Inc., Domain Time II is a time synchronization software designed to help enterprises ensure accurate time across their networks.

Update on PHP source code compromise: User database leak suspected
2021-04-07 14:38

PHP maintainer Nikita Popov has posted an update concerning how the source code was compromised and malicious code inserted - blaming a user database leak rather than a problem with the server itself. The PHP code repository was compromised late last month with the insertion of code that, if left in place, would have enabled a backdoor into any web server running it.

SAP Bugs Under Active Cyberattack, Causing Widespread Compromise
2021-04-06 18:47

Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. "With more than 400,000 organizations using SAP, 77 percent of the world's transactional revenue touches an SAP system. These organizations include the vast majority of pharmaceutical, critical infrastructure and utility companies, food distributors, defense and many more."

Business email compromise scams proved costly to victims in 2020
2021-03-19 14:38

The FBI received more than 19,000 complaints of business email compromises last year, costing victims around $1.8 billion. Among the many types of cyber crimes affecting organizations and individuals last year, business email compromises and email account compromises proved especially costly.

No sign of Exchange-related ransomware hitting UK orgs, claims NCSC as it urges admins to scan for compromises
2021-03-12 18:20

The UK's National Cyber Security Centre has reminded Brits to patch their Microsoft Exchange Server deployments against Hafnium attacks, 10 days after the US and wider infosec industry shouted the house down saying the same thing. The agency told press on Friday afternoon that it had proactively helped UK organisations fix around 2,100 affected mailservers following last week's out-of-band patches to resolve four zero-day vulnerabilities in Exchange Server.

How to Fight Business Email Compromise (BEC) with Email Authentication?
2021-02-22 05:22

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. This is why industry experts are coming up with email authentication protocols like DMARC to offer a high level of protection against impersonation.

Business email compromise is a top concern for banks
2021-02-19 04:00

Banks worry about business email compromise Spending more/significantly more on security is a 3-year trend. 86% of respondents from banks perceive business email compromise / authorized fraud to be the greatest risk to their business over the next 1-2 years.

Hackers exploited Centreon monitoring software to compromise IT providers
2021-02-16 13:08

Unknown hackers - possibly the Sandworm APT - have been compromising enterprise servers running the Centreon monitoring software for over three years, the French National Cybersecurity Agency has shared on Monday. The hackers exploited public-facing Centreon installations to gain access to the underlying system, and used that access to spread laterally through the target organizations' networks.