Security News
How traditional security tools fail to protect companies against ransomware. A report released Thursday by cybersecurity firm Titaniam looks at the inability of traditional security products to protect against ransomware in particular.
Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. "Since March of 2022 we've seen a gradual uptick in Adobe Acrobat Reader processes attempting to query which security product DLLs are loaded into it by acquiring a handle of the DLL" - Minerva Labs.
Considering the increase in attacks on nonprofits and the level of classified information such organizations handle, one would expect board members to be fully aware of and to embrace best practices for digital projects and transformation and to mitigate operational risk. The solution is modern governance, which empowers organizations with the tools they need to safeguard data, streamline collaboration, and ultimately, drive better decision-making.
A rapidly evolving IoT malware dubbed "EnemyBot" is targeting content management systems, web servers and Android devices. The Alien lab research team study found four main sections of the malware.
Offensive Security has released Kali Linux 2022.2, the latest version of its popular penetration testing and digital forensics platform.There are a number of tweaks included in Kali for ARM, especially in the Raspberry Pi image.
Kali Linux is a Linux distribution for cybersecurity professionals and ethical hackers to perform penetration testing, security audits, and research against internal and remote networks. "The shell theme now includes a more modern look, removing the arrows from the pop-up menus and using more rounded edges. In addition, we've upgraded and tweaked the dash-to-dock extension, making it integrate better with the new look and fixing some bugs," the Kali Team explains in a new blog post.
Threat actors have launched the 'Eternity Project,' a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted. The malware toolkit is modular and can include an info-stealer, a coin miner, a clipper, a ransomware program, a worm spreader, and soon, also a DDoS bot, each being purchase seperately.
Dell is partnering with high-profile cloud-based data analytics vendor Snowflake to enable organizations to take the data they're keeping in their data centers in Dell object storage and run it in Snowflake's Data Cloud while keeping the data on premises or copying it to the public cloud, an important capability for companies with data sovereignty or privacy concerns who can't freely move it around. In another move to bridge the gap between data stored in central data center and in public clouds, Dell at the show is demonstrating how its block and file storage platforms can run in public clouds and how companies can buy the software as a managed service via cloud credits.
Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. "T-Mobile, in a statement, said that the incident occurred"several weeks ago, with the "Bad actor" using stolen credentials to access internal systems.
The US Department of Energy has announced that it will provide $12 million in funding to six university teams to develop defense and mitigation tools to protect US energy delivery systems from cyberattacks. Cybersecurity tools developed as a result of the six university-led research, development, and demonstration projects will focus on detecting, blocking, and mitigating attempts to compromise critical controls within the US power grid.