Security News

While many U.S. professionals are embracing hybrid work arrangements, a research from Robert Half shows a majority of companies anticipate a full return to the office once the pandemic ends. According to a survey of more than 2,800 senior managers in the U.S., 71% of respondents said they will require their teams to be on-site full time once COVID-19-related restrictions completely lift.

Local reports suggest Microsoft Hyper-V crack was the cause, as rumours swirl of data leak Pakistan's Federal Board of Revenue – the nation's tax office – has experienced a lengthy outage after a...

Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020. The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims, such as email addresses and company logos.

Patch bypass flaw in Pulse Secure VPNs can lead to total compromiseThe patch for a vulnerability in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich Warren has found. Vulnerable TCP/IP stack is used by almost 200 device vendorsResearchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack TCP/IP stack, used in OT devices such as the extremely popular Siemens S7 PLCs. A look at the 2021 CWE Top 25 most dangerous software weaknessesThe 2021 Common Weakness Enumeration Top 25 Most Dangerous Software Weaknesses is a demonstrative list of the most common issues experienced over the previous two calendar years.

Cisco has published patches for critical vulns affecting the web management interface for some of its Small Business Dual WAN Gigabit routers - including a 9.8-rated nasty. The two vulnerabilities affect the RV340, RV345, RV340W, and RV345P products, which are aimed at SMEs and home office setups.

Microsoft is warning about an ongoing, "Sneakier than usual" phishing campaign aimed at Office 365 users. An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.

The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys' offices were breached by the Russian Foreign Intelligence Service during the SolarWinds global hacking spree. Even though other districts were also affected by the attacks to a lesser degree, the Russian SVR state hackers managed to breach the O365 email accounts of at least 80 percent of employees from US Attorneys' offices located in the Eastern, Northern, Southern, and Western Districts of New York.

Authorities from multiple agencies of the Israeli government paid a visit the offices of the NSO Group as part of a new investigation into claims that the secretive firm is selling its spyware to threat actors for targeted attacks, according to the Israeli Ministry of Defense. Specifically, Israeli agents visited NSO Group's offices in Herzliya, near the city of Tel Aviv, according to a post by analyst firm Recorded Future's The Record.

Parliamentary criticism of the National Cyber Security Centre's "Image over cost" London HQ is being shrugged off by the government because of the GCHQ offshoot's successful response to the WannaCry ransomware outbreak. George "Eleventy Jobs" Osborne, who at the time of NCSC's establishment in 2016 was the Chancellor of the Exchequer, overrode procurement processes and gave the panicking Cheltenham set at GCHQ their desired Westminster base - and not the grubby Shoreditch "Tech hub" the spies feared they'd be dropped into.

Bugcrowd announced the United States Patent & Trademark Office has granted the company two patents for its proprietary systems and methods for identifying vulnerabilities in IT assets utilizing a crowdsourcing approach. U.S. Patent No. 10,972,494 and U.S. Patent No. 11,019,091 validate Bugcrowd's unique ability to leverage and integrate the expertise of the Crowd with its platform, common service infrastructure, workflow orchestration, and cross-organizational analytics to secure innovation sooner.