Security News

"Enterprises of all shapes and sizes were deep into the process called digital transformation before the COVID-19 virus hit the world. Digital transformation is"a catchall term for describing the implementation of new technologies, talent, and processes to improve business operations. Now, on the other side of the pandemic, most organizations are accelerating their digital business initiatives2 to meet the demands of the hybrid, work from-anywhere workforce.

Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers. "The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions," the team wrote in a report published on Monday.

An extensive series of attacks detected in January used new Windows malware to backdoor government entities and organizations in the defense industry from several countries in Eastern Europe. Kaspersky linked the campaign with a Chinese APT group tracked as TA428, known for its information theft and espionage focus and attacking organizations in Asia and Eastern Europe [1, 2, 3, 4]. The threat actors successfully compromised the networks of dozens of targets, sometimes even taking control of their entire IT infrastructure by hijacking systems used to manage security solutions.

Very few organizations are focusing on protecting their machine learning assets and even fewer are allocating resources to machine learning security. The advantages are proven, but as we've seen with other new technologies, they quickly become a new attack surface for malicious actors.

The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country's defense and interior ministries. "Belgium assesses these malicious cyber activities to have been undertaken by Chinese Advanced Persistent Threats."

Federal district judge William Shubb last week approved [PDF] the out-of-court deal struck by the biz and Markus, who joined the defense contractor in 2014 as senior director of cybersecurity, compliance, and controls. In his 2017 complaint, Markus alleged the company's computer systems failed to meet minimum cybersecurity standards that the federal government requires for contracts funded by NASA and the Department of Defense.

Agents sit on devices to perform security scanning and reporting, system restarts/reboots, software patching, configuration and general system monitoring. Agentless security tools do much the same, just without the agents, making them a better bet for security vulnerability scanning on remote machines where its harder to install an agent - like the cloud.

For this review, I tried out System Mechanic Ultimate Defense. After installing the product, System Mechanic hits the ground running upon first launch by offering to analyze your system to see what issues it can find and fix.

Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success. MIT CSAIL computer scientists on Friday said they have identified a way to bypass the M1 chip's pointer authentication, a security mechanism that tries to prevent an attacker from modifying memory references without being detected.

The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was "One of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare," according to Dmitri Alperovitch, a co-founder of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator. The two suggested that the primary purpose of the attack on satellite comms provider Viasat was to disrupt Ukrainian communications during the invasion, by wiping the modems' firmware remotely, it also disabled thousands of small-aperture terminals in Ukraine and across Europe.