Concerns outlined in the Final Determination paint a mixed picture for Kaspersky-like commercial security products. “The administration’s move to ban Kaspersky Lab products in the United States underscores the stakes of security products gone bad, wherein the privileges that are supposed to be used to protect networks and systems are instead used to subvert security…
Read More
Jun 21, 2024NewsroomVulnerability / Data Protection A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions…
Read More
Digital Security As health data continues to be a prized target for hackers, here’s how to minimize the fallout from a breach impacting your own health records 20 Jun 2024 • , 5 min. read Digital transformation is helping healthcare providers across the globe to become more cost-efficient, while improving standards of patient care. But…
Read More
Jun 21, 2024NewsroomSoftware Security / Threat Intelligence The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) on Thursday announced a “first of its kind” ban that prohibits Kaspersky Lab’s U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company’s affiliates, subsidiaries and…
Read More
Swatting definition Swattingis a form of criminal harassment in which attackers try to trick police forces into sending a heavily armed strike force to a victim’s home or business. The term takes its name from SWAT (Special Weapons and Tactics), a highly trained police unit that is called on to respond to active shooting scenes.…
Read More
Starting midnight July 20, Kaspersky is barred “from entering into any new agreement with U.S. persons involving one or more” information and communications technology and services deals. The United States has taken steps to ban domestic sales and integration of products by Russia-based cybersecurity vendor Kaspersky, citing “undue and unacceptable risks to U.S. national security…
Read More
Today, the Biden administration has announced an upcoming ban of Kaspersky antivirus software and the pushing of software updates to US companies and consumers, giving customers until September 29, 2024, to find alternative security software. “Today, the Department of Commerce’s Bureau of Industry and Security (BIS) announced a Final Determination prohibiting Kaspersky Lab, Inc., the…
Read More
The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks. RansomHub is a ransomware-as-a-service (RaaS) operation launched in February 2024, featuring code overlaps and member associations with ALPHV/BlackCat and Knight ransomware, having claimed over 45 victims across 18 countries. The existence of a Windows and Linux…
Read More
A vulnerability dubbed “CosmicSting” impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks. According to Sansec’s stats, roughly three out of four websites using the impacted e-commerce platforms have not patched against CosmicSting, which puts them at…
Read More
A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw. The vulnerability, dubbed ‘UEFICANHAZBUFFEROVERFLOW,’ is a buffer overflow bug in the firmware’s Trusted Platform Module (TPM) configuration that could be exploited to perform code execution on…
Read More