Why is it that when a company becomes aware of a potential data security incident, the team working on it (and others who are made aware that “something” is going on) have an immediate and overwhelming feeling that the company is doomed? And yet, when there’s another kind of high-risk event, such as an ethics […]
Pikabot seems to have a binary version and a campaign ID. The keys 0fwlm4g and v2HLF5WIO are present in the JSON data, with the latter seemingly being a campaign ID. The malware creates a named pipe and uses it to temporarily store the additional information gathered by creating the following processes: whoami.exe /all ipconfig.exe /all […]
Identity & Access Management , Security Operations Company Makes Bid for Multi-Cloud Security David Perera (@daveperera) • January 9, 2024 Delinea will incorporate Authomize cross-cloud identity capabilities into its access management platform. (Image: Shutterstock) California privileged access management vendor Delinea announced Tuesday its acquisition of Israeli startup Authomize in a bid to extend […]
When organizations get hit by ransomware and pay the crooks to decrypt the encrypted data and delete the stolen data, they can never be entirely sure the criminals will do as they promised. And even if an organization gets its data decrypted, they cannot be sure the stolen data has indeed been wiped and won’t […]
IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it. The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and exit points where unauthorized access could occur. Strengthen these […]
The incident highlights concerns over the security of the SEC’s social media accounts and the need for better protections against market manipulation through false tweets.
The British Library has refuted reports that the recovery costs for its recent ransomware attack will reach nearly $9 million. The library said that the final costs are still unconfirmed and no additional funding bids have been made.
Jan 10, 2024NewsroomRansomware / Data Security A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat […]
Jan 10, 2024NewsroomPatch Management / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution. […]