Default passwords are main threat to businesses
The digital entrance to businesses is still too often open due to default passwords. This culprit is identified by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA).
Too many employees do not change the default passwords they get to use soft... Read more
Backdoor malware targets unrecoverable Barracuda ESG appliances
A new backdoor malware has targeted Barracuda's Email Security Gateway (ESG) appliances. Customers who have not yet replaced the unrecoverable appliances will have to hurry.
CISA discovered the backdoor malware "Whirlpool" designed to exploit the vulnerability in Barracuda's ESG appliances. Thi... Read more
CISA concerned about bootloader malware that makes your PC garbage
CISA warns of an attack that abuses a component that every computer contains: the bootloader. A type of malware is spread that targets the Unified Extensible Firmware Interface (UEFI).
UEFI-based malware has already been used in the BlackLotus campaign. This campaign came on the radar of cybers... Read more
Fortinet and Microsoft lead list of most abused exploits of 2022
A flaw in Fortinet software is the most abused vulnerability of 2022, as a recent survey by U.S. security and cybersecurity agencies showed. Microsoft also grossed in the number of commonly abused exploits.
In their overview, the security services FBI, NSA and cybersecurity watchdog CISA indicat... Read more
Hackers have been exploiting zero-day in Ivanti software since April
The vulnerability in Ivanti software has been exploited since at least April. That is what cyber security services from Norway and the US know.
CISA from the U.S. and the Norwegian National Cyber Security Centre (NCSC-NO) are jointly releasing an advisory report, looking deeper into the zero-da... Read more
Google unveils new ChromeOS security controls
The new features are designed to conform with the latest US federal guidelines for cybersecurity.
This week Google introduced a new set of cybersecurity features for ChromeOS designed specifically to help businesses secure their critical data.
ChromeOS is an operating system uses the Chrome b... Read more
CISA is renewing its warning about attacks leveraging RMM tools
The US Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm about a significant threat that's been brewing for a while now - the malicious use of remote management tools.
Last fall, a massive cyberattack campaign used legitimate remote management software, which was quit... Read more
US issues warning advisory about Hive ransomware
Hive ransomware gangs have cost businesses over $100 million, according to the FBI.
This week, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert (number AA22-321A) about Hive ransomware. The advisory was issued in cooperation with the Federal Bureau of Investigation ... Read more
‘The most common malware variants are almost 20 years old’
CISA and ACSC shared an overview of the 11 most common malware variants of 2021. Most variants have been active for years.
The list includes ransomware, remote access trojans (RATs), banking trojans and information stealers. Most variants have been active for more than five years. Cybercriminal... Read more
CISA issues warning about VMware and F5 vulnerabilities
The threats could impact a large number of companies, the agency says.
The U.S. Cybersecurity and Infrastructure Security Agency has issued alerts about five software vulnerabilities that likely affect a large number of organizations.
Four of the vulnerabilities were found in VMware Inc. prod... Read more