Malwarebytes was breached by the SolarWinds attackers
A fourth malware strain wielded by the SolarWinds attackers has been detailed by Symantec researchers, followed by the disclosure of the attackers’ ingenous lateral …
Microsoft was also a victim of the SolarWinds supply chain hack
Microsoft has confirmed that it, too, is among the companies who have downloaded the compromised SolarWinds Orion updates, but that they have isolated and removed them. …
25 vulnerabilities exploited by Chinese state-sponsored hackers
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or …
CISA orders federal agencies to implement Zerologon fix by Monday
If you had any doubts about the criticality of the Zerologon vulnerability (CVE-2020-1472) affecting Windows Server, here is a confirmation: the US Cybersecurity and …
Josh Corman and Rob Arnold join CISA to support COVID-19 response efforts
The Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of two leading cybersecurity experts to support the agency’s COVID-19 response efforts. Josh …
Have you patched these top 10 routinely exploited vulnerabilities?
The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to patch a slew of old and new software vulnerabilities that are routinely exploited by …
Coronavirus-themed scams and attacks intensify
Scammers and other criminals are always quick to take advantage of crises, and this latest – centered around the spread of the deadly Covid-19 coronavirus around the …
US gas pipeline shut down due to ransomware
An unnamed US gas pipeline operator has falled victim to ransomware, which managed to encrypt data both on its IT (information technology) and operational technology (OT) …
The challenges of cyber research and vulnerability disclosure for connected healthcare devices
As Head of Research at CyberMDX, Elad Luz gathers and analyzes information on a variety of connected healthcare devices in order to improve the techniques used to protect them …
First patches for the Citrix ADC, Gateway RCE flaw released
As attackers continue to hit vulnerable Citrix (formerly Netscaler) ADC and Gateway installations, Citrix has released permanent fixes for some versions and has promised to …
Arlo: An open source post-election auditing tool
The Cybersecurity and Infrastructure Security Agency (CISA) is teaming up with election officials and their private sector partners to develop and pilot an open source …
New infosec products of the week: November 8, 2019
Waterfall for IDS: Hardware-enforced security between OT networks and IDS sensors Waterfall for IDS provides hardware-enforced security that deploys transparently between OT …