Security News

In particular, NCA and several of its partners are hosting Data Privacy Week virtual events where you can listen to data security experts, learn about today's most pressing data privacy issues, and even share some of your own tips and advice. Keep in mind that Data Privacy Week and Data Privacy Day are both widely recognized events in the data and security spaces, so other technology and security leaders may be hosting similar events.

Compliance services are emerging as one of the hottest areas of cybersecurity. As large businesses adopt cybersecurity and compliance frameworks and agree to certain standards, they impose similar demands on their suppliers.

Virtual Chief Information Security Officer services are growing in popularity, especially as growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. vCISO services are labor intensive, require highly skilled experts, and are difficult to scale.

Researchers have disclosed details about a now-patched critical flaw in the Move virtual machine that powers the Aptos blockchain network. The vulnerability "Can cause Aptos nodes to crash and cause denial of service," Singapore-based Numen Cyber Labs said in a technical write-up published earlier this month.

Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts have discovered. VirtualGATE is a utility program that incorporates a memory-only dropper and a payload that can run commands from a hypervisor host on a guest virtual machine, or between guest virtual machines on the same hypervisor host.

Hackers have found a new method to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection.A modified level of trust is not enough for the ESXi system to accept it by default but the attacker also used the '-force' flag to install the malicious VIBs.

Microsoft has announced this week that Azure Virtual Desktop support for passwordless authentication has now entered public preview. "Today we're announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices," said David Bélanger, a Senior Program Manager for Azure Virtual Desktop at Microsoft.

Remote work trends are here to stay while fewer employees than ever before are working full-time in traditional offices. IT needs to foster employee engagement and collaboration, while enabling dispersed teams, decentralized workplaces, and off-premises IT infrastructure.

The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. "Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks," Brian E. Nelson, under secretary of the Treasury for terrorism and financial intelligence, said.

The U.S. government has slapped sanctions on virtual currency mixer Tornado Cash for laundering more than $7 billion in crypto cash derived from cybercriminal activity. The U.S. Department of the Treasury's Office of Foreign Assets Control unveiled the action-which basically freezes all of the assets and business of Tornado Cash and prohibits anyone from doing business with the service-on Monday, citing a number of occasions that the service laundered crypto for hackers.