News

Edgescan, the provider or fullstack vulnerability management, has released its Q3 Vulnerability Snapshot, a new, brief report showing the current vulnerability landscape based on thousands of assessments performed globally. Compiled by Eoin Keary, CEO of Edgescan, the report's findings highlight the variability when it comes to cybercriminals' favourite vulnerabilities to exploit. Looking at this quarterly report, we can already tell that the 2022 Vulnerability Satistics Report will highlight an every changing attack surface and once...

The Amazon-owned video game streaming platform Twitch has exposed roughly 135 gigabytes of data, revealing source code and payout figures for streamers. Twitch confirmed the leak after the data was advertised on 4chan. Here's what cybersecurity experts had to say on the matter: Javvad Malik, lead security awareness advocate, KnowBe4 The Twitch breach is a large one and contains some potentially very sensitive information relating to some of its streamers. Changing passwords, especially if the...

One Identity, a provider of unified identity security, has acquired OneLogin, a provider of Identity Access Management (IAM) solutions, to expand the scope of One Identity’s Unified Identity Security Platform. Combined with its existing Privileged Access Management (PAM), Identity Governance and Administration (IGA), and Active Directory Management and Security (ADMS) solutions, the company says it will now enable customers to take a holistic approach to identity security with trusted, proven technology in each major category....

Kaspersky has this week released the findings of their research on the malware dubbed BloodyStealer. According to its creators, the malware can steal passwords, cookies, bank card details, browser autofill data, screenshots and more, and it is advertised on underground forums. It looks like the criminals behind BloodyStealer are targeting gamers, as they are selling access to specific accounts, both individually and wholesale. Accounts with add-on and expensive items hold particular value, but they are...

A new survey from Arctic Wolf has asked over 1,400 IT decision makers' about their attitudes on a wide array of cybersecurity and business issues. After a year of high-profile cyberattacks, it appears executives lack faith in the government's ability to protect them from cyberattacks, with 60% of respondents saying they are spending on new security tools as they believe it is the most effective way to secure their organisations. Nation State sponsored attacks remain...

One of the largest security threats that countries face is the breach of sensitive government systems and data. With the world constantly developing and undergoing digital transformation, the devices we all rely on for both our personal and work lives are increasingly manufactured in countries considered potentially or even actively hostile toward our national interests. The U.S. Department of Defense (DoD) took a step toward combating this threat by issuing an interim Rule. The new ruling amends the Federal Acquisition Regulation (FAR)...

Cloud security vendor Wiz, who also found a massive vulnerability in Microsoft Azure's CosmosDB-managed database service recently, has found another security vulnerability in Azure that impacts Linux virtual machines. Users could end up with a little-known service called OMI installed as a byproduct of enabling any of several logging reporting and/or management options in Azure's UI. In the worst case scenario, the vulnerability in OMI could be used for remote root code execution— though in...

The open source automation server Jenkins has disclosed a successful attack on its Confluence service. Attackers abused an Open Graph Navigation Library (OGNL) injection flaw – the same vulnerability type involved in the notorious 2017 Equifax hack – capable of leading to remote code execution (RCE) in Confluence Server and Data Center instances. Rated CVSS 9.8, the bug (CVE-2021-26084) was disclosed in a Confluence security advisory published on August 25, The Daily Swig reports. David...

Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and and it reportedly continues this week, Bleeping Computer reports. Russian media called the assault the largest in the history of Russian internet (RuNet), and that a US based company confirmed that the attack was ongoing. The attack started over the weekend and while there are no further details about the type or size of the DDoS,...

Being struck by ransomware has been compared to having a heart attack. It’s something that stalks everyone in theory and yet when it happens the shock of the experience is always a surprise. For the first seconds, minutes - and sometimes hours - organisations are on their own. It’s a moment of unexpected trauma which many organisations find paralysing, something attackers plan for. This makes the attack’s effects even worse. Eventually a growing number call...