Ransomware gang gained access to the company’s VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.
from Dark Reading https://ift.tt/k5uCnb8
via IFTTT
Category Archives: Cybersecurity
New Cross-Industry Group Launches Open Cybersecurity Framework
18 companies led by Amazon and Splunk announced the OCSF framework, to provide a standard way for sharing threat detection telemetry among different monitoring tools and applications.
from Dark Reading https://ift.tt/qljzSK4
via IFTTT
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
Latest episode – listen now! (Or read the transcript if you prefer.)
from Naked Security https://ift.tt/nlh5g26
via IFTTT
The Time Is Now for IoT Security Standards
Industry standards would provide predictable and understandable IoT security frameworks.
from Dark Reading https://ift.tt/KYqBHdE
via IFTTT
New Open Source Tools Launched for Adversary Simulation
The new open source tools are designed to help defense, identity and access management, and security operations center teams discover vulnerable network shares.
from Dark Reading https://ift.tt/a9qc2LU
via IFTTT
New HTTP Request Smuggling Attacks Target Web Browsers
Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.
from Dark Reading https://ift.tt/ko6G5RJ
via IFTTT
Fears for patient data after ransomware attack on NHS software supplier
Attack being investigated for potential data theft as experts warn criminals could use stolen details as leverage
A ransomware attack on an NHS software supplier last week is being investigated for potential theft of patient data, as experts warned that criminals could use personal information as leverage in negotiations.
Advanced, which provides services for NHS 111 and patient records, said it was investigating “potentially impacted data” and that it would provide updates when it had more information about “potential data access or exfiltration”. The UK data watchdog confirmed it was aware of the incident and was “making enquiries.”
from Data and computer security | The Guardian https://ift.tt/yeSRV6P
via IFTTT
Fears for patient data after ransomware attack on NHS software supplier
Attack being investigated for potential data theft as experts warn criminals could use stolen details as leverage
A ransomware attack on an NHS software supplier last week is being investigated for potential theft of patient data, as experts warned that criminals could use personal information as leverage in negotiations.
Advanced, which provides services for NHS 111 and patient records, said it was investigating “potentially impacted data” and that it would provide updates when it had more information about “potential data access or exfiltration”. The UK data watchdog confirmed it was aware of the incident and was “making enquiries.”
from Data and computer security | The Guardian https://ift.tt/yeSRV6P
via IFTTT
Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance
Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.
from Dark Reading https://ift.tt/mtZ0l5A
via IFTTT
Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks
Many of the technologies and services that organizations are using to isolate Internet traffic from the internal network lack session validation mechanisms, security startup says.
from Dark Reading https://ift.tt/LXN9P7w
via IFTTT
Pacosite's Blog 