Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs) that share the same hard drive storage. Called Cheerscrypt, the bad app is following in the footsteps of other ransomware programs—such as LockBit,...
9h
Financial services giant Mastercard has announced the launch of a new attack simulation and assessment platform designed to help businesses and governments enhance their cybersecurity operational resilience. Cyber Front, enabled by a strategic minority investment in cybersecurity vendor Picus Security, reveals organizations’ security gaps and provides...
19h
Against the backdrop of horrific reports from Russia's Ukraine invasion, an encouraging story emerged earlier this month when unidentified Ukrainians remotely disabled tractors worth $5 million that Russian soldiers in the occupied city of Melitopol stole from Agrotek-Invest, an authorized John Deere dealer. The soldiers stole 27 pieces of farm machinery...
20h
One of the main objectives of the bad guys is to escalate to privileged account access wherever possible. The more unfettered access they can gain to administrative, superuser and infrastructure accounts, the freer rein they have to tap into sensitive data stores, tamper with critical systems, quietly gain carte blanche to do whatever they’d care to...
20h
The total number of Microsoft vulnerabilities reported in 2021 dropped by 5%, reversing a five-year trend that saw such vulnerabilities rising sharply, according to a new report from identity management and security vendor BeyondTrust.A total of 1,212 new vulnerabilities were discovered in 2021, but their severity, as well as their location in the Microsoft...
1d
During the past decade, the push-pull between security and developers led many organizations to build security earlier in the app development lifecycle. This new approach focuses on finding and remediating vulnerabilities earlier.Development teams want to build applications quickly. But that often puts them at odds with the need for testing. Developers...
1d
In early December 2021, enterprise security teams around the world went on high alert because of a string of vulnerabilities in an open-source Java component, Log4j, that is used in millions of applications. The incident prompted warnings from CISA and other national CERTs and led to renewed discussion about security and the open-source software ecosystem...
1d
Computer vision cybersecurity startup PIXM has expanded its line of antiphishing products with the launch of PIXM Mobile, a solution to protect individuals and enterprises from targeted and unknown phishing attacks on mobile devices.The cloud-based mobile product is aimed at identifying phishing attacks on mobile devices in real time, as a user clicks...
1d
The Chaos ransomware builder started out last year as a buggy and unconvincing impersonation of the notorious Ryuk ransomware kit. It has since gone through active development and rapid improvements that have convinced different attacker groups to adopt it. The latest version, dubbed Yashma, was first observed in the wild in mid-May and contains several...
1d
Open-source application security company Mend, formerly WhiteSource, has announced the launch of an automated remediation service for addressing code security issues. According to the firm, the new service is designed to reduce the software attack surface and application security burden, enabling developers to write secure code more easily.Mend has...
1d
Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.
Get Inoreader