New Linux-based ransomware targets VMware servers

Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs) that share the same hard drive storage. Called Cheerscrypt, the bad app is following in the footsteps of other ransomware programs—such as LockBit,...

9h

Mastercard expands cybersecurity, risk services with new attack simulation and assessment platform

Financial services giant Mastercard has announced the launch of a new attack simulation and assessment platform designed to help businesses and governments enhance their cybersecurity operational resilience. Cyber Front, enabled by a strategic minority investment in cybersecurity vendor Picus Security, reveals organizations’ security gaps and provides...

19h

Remote bricking of Ukrainian tractors raises agriculture security concerns

Against the backdrop of horrific reports from Russia's Ukraine invasion, an encouraging story emerged earlier this month when unidentified Ukrainians remotely disabled tractors worth $5 million that Russian soldiers in the occupied city of Melitopol stole from Agrotek-Invest, an authorized John Deere dealer. The soldiers stole 27 pieces of farm machinery...

20h

7 top privileged access management tools

One of the main objectives of the bad guys is to escalate to privileged account access wherever possible. The more unfettered access they can gain to administrative, superuser and infrastructure accounts, the freer rein they have to tap into sensitive data stores, tamper with critical systems, quietly gain carte blanche to do whatever they’d care to...

20h

Microsoft security vulnerabilities drop after five-year rise

The total number of Microsoft vulnerabilities reported in 2021 dropped by 5%, reversing a five-year trend that saw such vulnerabilities rising sharply, according to a new report from identity management and security vendor BeyondTrust.A total of 1,212 new vulnerabilities were discovered in 2021, but their severity, as well as their location in the Microsoft...

1d

BrandPost: How Shift Left Security Helps Developers Build More Secure Cloud-Native Apps

During the past decade, the push-pull between security and developers led many organizations to build security earlier in the app development lifecycle. This new approach focuses on finding and remediating vulnerabilities earlier.Development teams want to build applications quickly. But that often puts them at odds with the need for testing. Developers...

1d

Chris Wysopal: Open source is becoming a national security risk

In early December 2021, enterprise security teams around the world went on high alert because of a string of vulnerabilities in an open-source Java component, Log4j, that is used in millions of applications. The incident prompted warnings from CISA and other national CERTs and led to renewed discussion about security and the open-source software ecosystem...

1d

PIXM releases new computer vision solution for mobile phishing

Computer vision cybersecurity startup PIXM has expanded its line of antiphishing products with the launch of PIXM Mobile, a solution to protect individuals and enterprises from targeted and unknown phishing attacks on mobile devices.The cloud-based mobile product is aimed at identifying phishing attacks on mobile devices in real time, as a user clicks...

1d

Chaos ransomware explained: A rapidly evolving threat

The Chaos ransomware builder started out last year as a buggy and unconvincing impersonation of the notorious Ryuk ransomware kit. It has since gone through active development and rapid improvements that have convinced different attacker groups to adopt it. The latest version, dubbed Yashma, was first observed in the wild in mid-May and contains several...

1d

New Mend service auto-detects and fixes code, app security issues

Open-source application security company Mend, formerly WhiteSource, has announced the launch of an automated remediation service for addressing code security issues. According to the firm, the new service is designed to reduce the software attack surface and application security burden, enabling developers to write secure code more easily.Mend has...

1d