Day: June 28, 2022

Phison and Cigent join forces to combat sophisticated threats and safeguard storage products

Phison and Cigent announced an innovative partnership program called Cigent Secure SSD Ready. This strategic partnership embeds select Phison storage devices and controllers with Cigent’s built-in cybersecurity enhancements – features that Phison’s storage partners can easily switch on and resell as an option to their global channel partners and customers. “We couldn’t be more excited …

Phison and Cigent join forces to combat sophisticated threats and safeguard storage products Read More »

Service Fabric Privilege Escalation from Containerized Workloads on Linux

Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource’s host SF node and the entire cluster. Though the bug exists on …

Service Fabric Privilege Escalation from Containerized Workloads on Linux Read More »

XM Cyber Buys Cyber Observer to Better Spot Cyber Exposures

Endpoint Detection & Response (EDR) , Endpoint Security , Next-Generation Technologies & Secure Development Cyber Observer Will Help Ensure Customer Security Products Are Configured Correctly Michael Novinson (MichaelNovinson) • June 28, 2022     From left, Cyber Observer CEO Shimon Becker and XM Cyber CEO Noel Erez (Images: XM Cyber) Two Israeli cybersecurity companies have …

XM Cyber Buys Cyber Observer to Better Spot Cyber Exposures Read More »

GAO: HHS Needs Breach Reporting Feedback Mechanism

Breach Notification , HIPAA/HITECH , Security Operations Report Calls for New HHS Communication Method for Breached Entities Marianne Kolbasuk McGee (HealthInfoSec) • June 28, 2022     The U.S. government talks but doesn’t listen when it comes to the process healthcare companies undergo to disclose data breaches, says a federal watchdog. See Also: Conversation | …

GAO: HHS Needs Breach Reporting Feedback Mechanism Read More »

FabricScape: Escaping Service Fabric and Taking Over the Cluster

Executive Summary Unit 42 researchers identified FabricScape (CVE-2022-30137), a vulnerability of important severity in Microsoft’s Service Fabric – commonly used with Azure – that allows Linux containers to escalate their privileges in order to gain root privileges on the node, and then compromise all of the nodes in the cluster. The vulnerability could be exploited on …

FabricScape: Escaping Service Fabric and Taking Over the Cluster Read More »

Digital Realty partners with HPE to accelerate digital transformation for enterprises

Digital Realty announced that it has launched Data Hub featuring HPE GreenLake Colocation on PlatformDIGITAL. The combination of these two solutions on Digital Realty’s global platform creates an ideal meeting place for enterprises to bring their data together and consume infrastructure on demand, helping to unlock trapped value and drive innovation. Digital Realty has also …

Digital Realty partners with HPE to accelerate digital transformation for enterprises Read More »

SecureAuth appoints Dennis Dowd as VP of Worldwide Sales and promotes Karan Dua to CFO

SecureAuth announces the appointment of Dennis Dowd as Vice President of Worldwide Sales where he will lead the direct and channel sales teams to accelerate revenue growth. SecureAuth also promoted Karan Dua to Chief Financial Officer. Karan previously served as VP of Finance since joining the SecureAuth in 2019. Also, the company is proud to …

SecureAuth appoints Dennis Dowd as VP of Worldwide Sales and promotes Karan Dua to CFO Read More »

Man in the Middle Attacks: What are they anyway, and how to prevent them.

Man in the Middle (MitM) is a term used to describe a cyber-attack where the cybercriminal comes between with user and their application. In these attacks, a hacker will inject code to hijack the application to steal credentials or open a backdoor to their network. These attacks are very dangerous because often, the victim does …

Man in the Middle Attacks: What are they anyway, and how to prevent them. Read More »

Crossword Cybersecurity Supply Chain Cyber practice improves supply chain resilience for organizations

Crossword Cybersecurity announced the creation of a new integrated Supply Chain Cyber practice. In response to client demand and the substantial increase in supply chain cyber threat levels, the integrated practice provides a set of controls, processes and tools, along with a range of managed services, advice and training to massively reduce the risk of …

Crossword Cybersecurity Supply Chain Cyber practice improves supply chain resilience for organizations Read More »

Pentagon finds concerning vulnerabilities on blockchain

Image: Pentagon via DHR Virginia. A report commissioned by the Pentagon concluded that the blockchain is not decentralized, is vulnerable to attacks and is running outdated software. The report, “Are Blockchains Decentralized, Unintended Centralities in Distributed Ledgers”, uncovered that a subset of participants can “exert excessive and centralized control over the entire blockchain system.” Must-read …

Pentagon finds concerning vulnerabilities on blockchain Read More »

EFF to European Court: Keep Encryption Alive

While encryption has been under attack in recent days, it’s still essential for private and secure electronic communications, especially for human rights defenders and journalists. EFF and our partners recently argued for the essentiality of encryption in a case before the European Court of Human Rights (ECtHR).   In Telegram Messenger LLP and Telegram Messenger Inc. …

EFF to European Court: Keep Encryption Alive Read More »

Canadian NetWalker ransomware defendant agrees to plead guilty in US court

Written by AJ Vicens Jun 28, 2022 | CYBERSCOOP A Canadian man arrested early last year for his role in the NetWalker ransomware attacks agreed to plead guilty to four charges that could earn him a maximum of 40 years in prison, according to a court document filed Tuesday. Canadian authorities extradited Sebastien Vachon-Desjardin to …

Canadian NetWalker ransomware defendant agrees to plead guilty in US court Read More »

VA Enables Login.gov for Three Major Veteran Portals

With a single username and password, veterans can now access services through the main Veterans Affairs Department website, the HealtheVet portal or the agency’s mobile app—and the login might be one they already use for other government services. Three major VA service portals—VA.gov, My HealtheVet and the VA: Health and Benefits mobile app—can now be …

VA Enables Login.gov for Three Major Veteran Portals Read More »

Pro-Russia Killnet Group Hit Top Lithuanian websites with Massive DDoS Attacks

The attack seems to be a retaliatory effort from Killnet following the diplomatic tensions between the two countries. Pro-Russia threat actors Killnet have targeted Lithuania government institutions and networks in a series of highly disruptive DDoS attacks (distributed denial of service attacks). The country’s National Cyber Security Center (NKSC) confirmed the attack impacted the Secure National Data …

Pro-Russia Killnet Group Hit Top Lithuanian websites with Massive DDoS Attacks Read More »

Cookies: the Council of State confirms the 2020 sanction imposed by the CNIL against Amazon

In its judgement of June 27 2022, the Council of State confirms the 35 million euro penalty imposed by the CNIL on Amazon in 2020. The company deposited cookies on users’ computers without prior consent or satisfactory information. The CNIL decision of 7 December 2020 On 7 December 2020, the CNIL imposed a fine of 35 …

Cookies: the Council of State confirms the 2020 sanction imposed by the CNIL against Amazon Read More »

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE

This paper provides a taxonomic classification of non-state actors in the cyberspace, analyzing their role and impact on a state’s socioeconomic structure Cyber Non-State Actors (CNSA) are key figures in our globalized world: their operations could have a significant impact on international affairs, politics, and on the economy, as much as states do. Non-state actors …

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE Read More »

ZuoRAT malware hijacks SOHO Routers to spy in the vitims

A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote access trojan (RAT) called ZuoRAT, which targets small office/home office (SOHO) devices of remote workers during COVID-19 …

ZuoRAT malware hijacks SOHO Routers to spy in the vitims Read More »

Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign

A social-engineering campaign bent on stealing Facebook account credentials and victim phone numbers is targeting business pages via a savvy campaign that incorporates Facebook’s Messenger chatbot feature. That’s according to an analysis from Trustwave SpiderLabs. Karl Sigler, senior security research manager there, tells Dark Reading that the campaign is notable for its interactivity, and how …

Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign Read More »

Arm unveils mobile GPU with hardware ray tracing

Arm announced a new flagship mobile GPU as part of a roadmap of upcoming CPUs and GPUs this week. Called Immortalis and sporting at least 10 cores, it will bring hardware-based ray tracing and a new execution engine to high-end Android phones. It will also feature Variable Rate Shading (VRS)…Read more