Security News
Cyberattacks in Australia continue to rise year after year. Over the 2020-21 financial year, Australia saw a 13% increase in reported cybercrime.
Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely. The bug is a Microsoft Windows Support Diagnostic Tool remote code execution vulnerability reported by crazyman of the Shadow Chaser Group.
Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. Attackers can launch this attack using the KrbRelayUp tool developed by security researcher Mor Davidovich as an open-source wrapper for Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn privilege escalation tools.
The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol Reference Implementation."NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use the reference implementation," Liam Crilly and Timo Stark of F5 Networks said in an advisory published Monday.
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began circulating online. Thanks to many security researchers, the situation is a bit clearer today and there's no need to panic just yet: Unlike Log4Shell, this new flaw - with no official CVE and currently nicknamed Spring4Shell - seems to only be exploitable in certain configurations.
As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. In this article, we outline the difficulties implied by enterprise threat mitigation, and explain why automated, purpose-built mitigation tools are the way forward.
Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory.Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.
A CBI and Ponemon Institute research report, based on a survey of IT and security professionals, takes a comprehensive look at companies' ransomware strategies and mitigation tactics and the operational impact of incidents. Eighty percent of companies surveyed have experienced a ransomware attack, despite spending an average of $6 million annually on ransomware mitigation resources.
The global DDoS protection and mitigation market size is expected to grow from $3.3 billion in 2021 to $6.7 billion by 2026, at a Compound Annual Growth Rate of 15.1% from 2021 to 2026, according to ResearchAndMarkets. The major factors fueling the DDoS protection and mitigation market include growing demand for sophisticated security solutions, evolving regulatory landscape, and growing volumes of business data across industries.
Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell vulnerability is nowhere near finished. The recent discovery of a second Log4j vulnerability has shown that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.