Security News

As an alternative, virtual CISOs are becoming a viable option for many companies that do not have a full-time CISO on staff. This solution often delivers both economic and strategic advantages to businesses, and it's important to better understand the benefits and considerations of a virtual CISO. Is hiring a virtual CISO the right choice for you?

To ensure their 49 kB Ragnar Locker ransomware ran undisturbed, the crooks behind the attack bought along a 280 MB Windows XP virtual machine to run it in. VirtualBox is hypervisor software that can run and administer one or more virtual guest computers inside a host computer.

With antivirus tools increasingly wise to common infection tricks, one group of extortionists has taken the unusual step of stashing their ransomware inside its own virtual machine. According to Vikas Singh, Gabor Szappanos, and Mark Loman at Sophos, criminals have slotted the file-scrambling Ragnar Locker nasty into a virtual machine running a variant of Windows XP, called MicroXP. Then, once the crooks have infiltrated a victim's network and gained administrative access - typically via a weak RDP box or through a compromised managed services provider - they download the VM, along with Oracle's VirtualBox hypervisor to run it, on each machine they can get into.

With antivirus tools increasingly wise to common infection tricks, one group of extortionists has taken the unusual step of stashing their ransomware inside its own virtual machine. According to Vikas Singh, Gabor Szappanos, and Mark Loman at Sophos, criminals have slotted the file-scrambling Ragnar Locker nasty into a virtual machine running a variant of Windows XP, called MicroXP. Then, once the crooks have infiltrated a victim's network and gained administrative access - typically via a weak RDP box or through a compromised managed services provider - they download the VM, along with Oracle's VirtualBox hypervisor to run it, on each machine they can get into.

The Ragnar Locker ransomware has been deploying a full virtual machine to ensure that it can evade detection, Sophos reveals. As part of a recently observed attack, the ransomware was executed inside an Oracle VirtualBox Windows XP virtual machine.

Vulnerabilities discovered by a researcher at industrial cybersecurity firm Claroty in Opto 22's SoftPAC virtual programmable automation controller expose operational technology networks to attacks. SoftPAC has three main components: Monitor, Agent and the virtual controller itself.

Cybersecurity conferences Black Hat USA and DEF CON 28 will not be held in person this year due to the coronavirus pandemic. Both back-to-back annual conferences were set to take place in Las Vegas this year; Black Hat USA on Aug. 1 to 6, 2020, and DEF CON 28 on Aug. 7 to 9, 2020.

To help them adapt, Citrix Systems, has launched Remote Works, a new virtual series designed to share tips and best practices for staying engaged and productive while working from home. "Working from home is perhaps the biggest change in the way business is done that the world has ever seen and the speed with which it moved from an experiment to a requirement has many companies reeling," said Tim Minahan, Executive Vice President, Business Strategy and Chief Marketing Officer, Citrix.

NetApp, the leader in cloud data services, announced that it acquired CloudJumper, a leading cloud software company in the virtual desktop infrastructure and remote desktop services markets. As a result of the acquisition, the new NetApp Virtual Desktop Service will solve the most challenging problems of virtual desktop services and application management, allowing customers to deploy, manage, monitor and optimize those environments as a total solution from a single company on the public cloud of their choice.

While RSA Conference USA - the largest information security conference in the world - managed to take place mere weeks before the World Health Organization declared COVID-19 a pandemic, European countries started closing borders and airlines started suspending routes and grounding planes, most infosec and tech events scheduled to take place after it were doomed. "We have found that immersive, live virtual event platforms, offer the opportunity for interacting with exhibitors, solution providers and peer-to-peer networking. Surprisingly, with respect to otherwise introverted attendees, we've found they're more likely to reach out for networking than at a physical event. While the 'happy hour' might not be quite the same, virtual event platforms have thought through almost every facet of the physical event experience."