Vulnerability in Gigabyte driver used for ransomware attack
A no longer used Gigabyte driver has been discovered, with a digital signature, which can still be used to fully encrypt the files on a computer. Cybersecurity firm Sophos investigated, and concluded that a workaround it was indeed possible.
Ransomware RobbinHood would use the outdated driver wi... Read more
Accelerated cloud adoption leads to misconfigurations
According to new research by Palo Alto Networks, cloud misconfigurations often occur due to poor 'security hygiene'.
Specifically, the research states that companies are automating the building process of cloud infrastructure, resulting in new 'infrastructure as code' (IaC) templates. However, t... Read more
‘Free’ movies popular as a phishing and malware tool
'Click here to see Joker for free', that's how users recently have been tempted to click on a link. They are then directed to a website where they have to fill in a lot of personal information before they can download a strange file. After that, they don't get the movie, but they do get a whole bun... Read more
More than half a million PCs affected by malware hosted on Bitbucket
Bitbucket, the git-code hosting service, has been abused by hackers. As a result, some 500,000 computers worldwide have been infected with malware. This incident was unveiled by discoveries made by Cybersecurity firm Cybereason.
The hacking campaign involves the use of malware hosted on Bitbucke... Read more
Ekans-ransomware targets industrial control systems
Cybercriminals have launched ransomware attacks specifically targeting Industrial Control Systems (ICS). According to researchers, this is the first case of malware that encrypts data in those environments.
A new report by security company Dragos shows that Ekans, or also Snake, as the ransomwar... Read more
Tanium cybersecurity goes beyond Unified Endpoint Management
Within the cybersecurity market, most experts agree that it is time for a new way of working. The number of tools that enterprise organisations use to implement their security policies rises to around 100. As a result, solutions are not used efficiently enough, as security teams are too small to ac... Read more
‘Shadow IoT major threat to corporate networks’
Infoblox publishes a new study this week that points to a significant threat to corporate networks by the Shadow IoT. This consists of devices that are part of a company network, but of which this is not known. For the report What's Lurking in the Shadows, 2,650 IT professionals were interviewed in... Read more
Hackers use smart-control of buildings for DDoS attacks
A vulnerability that allows even 'inexperienced hackers with little expertise' to access the smart-control of some buildings and launch a DDoS attack from there. Because Nortek Security and Control (NSC) has failed to address a vulnerability that was identified almost a year ago, this has become a ... Read more
Microsoft rolls out Intel update for Windows 10 PCs
Vulnerabilities in a range of Intel CPUs need to be fixed as soon as possible: Microsoft comes to the aid of the chip manufacturer by providing updates that do so, with Microsoft's own updates for Windows 10.
Versions 1909 and 1903 of the OS will get updates that fix the vulnerabilities faster a... Read more
Google introduces open-source two-factor authentication platform
Google has placed a new open source
project on GitHub called OpenSK. It is a multifactor authentication platform that allows small
businesses and hardware vendors to develop their own security keys.
OpenSK appears to be an open-source counterpart to Google's Titan security key. OpenSK uses the p... Read more