Trust issues Some cybersecurity professionals suggested the speech didn’t reflect the realities of today’s enterprise cybersecurity struggles, with no acknowledgement that there no longer exists anything that can be blindly trusted. Mike Isbitski, a cybersecurity consultant and former Gartner analyst, said Blinken’s references to trusted vendors and governments are naive from a cybersecurity perspective. “Who…
Read More‘VMware Cloud on AWS is no longer directly sold by AWS or its channel partners. It’s that simple,’ says Broadcom CEO Hock Tan. Amazon Web Services and AWS channel partners can no longer resell VMware Cloud on AWS, as Broadcom forces joint customers to have to buy the offering direct from VMware by Broadcom now.…
Read MoreThe UK Government confirmed today that a threat actor recently breached the country’s Ministry of Defence and gained access to part of the Armed Forces payment network. The attacked system contained personal data belonging to active and reserve personnel as well as some recently retired veterans. MoD core network unaffected In a statement to the House of Commons today,…
Read MoreA new attack dubbed “TunnelVision” can route traffic outside a VPN’s encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. The method, described in detail in a report by Leviathan Security, relies on the abuse of Dynamic Host Configuration Protocol’s (DHCP) option 121, which permits the…
Read MoreIn response to the attack, Change Healthcare technology infrastructure has been rebuilt from the ground up. Change Healthcare’s data center network and core services have been rebuilt with added server capacity and greater reliance on the cloud. Questions about insurance reimbursements and the extent of the breach, which also exposed the personal information and medical…
Read More‘There’s a very unique flavor to TeraSky that I know the founders are working hard to preserve. It’s the first-encounter relationship with the customers. A very deep knowledge and expertise and competencies with our vendors of choice. We will not be tagged as box movers and paper pushers. If we don’t have our value add…
Read MoreThe United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in…
Read MoreNearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small, and lightweight. It is specifically tailored for UNIX-like operating systems and is commonly used by small businesses, public WiFi providers, and home users. At the…
Read MoreBetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes. Founded in 2013, BetterHelp is an alternative to traditional face-to-face therapy sessions. It provides a mental health platform for direct counseling from licensed therapists through text,…
Read MoreToday, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare…
Read More