A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices.The security hole, tracked as CVE-2021-0254 and affecting the Junos operating system, was discovered by Nguyễn Hoàng Thạch, aka d4rkn3ss, a researcher with Singapore-based cyberse
A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets.The Biden administration is concerned about potentially damaging cyberattacks aimed at the country’s critical infrastructure, and it’s taking steps to help electric ut
NVIDIA this week unveiled Morpheus, a cloud-native application framework designed to help cybersecurity providers analyze more data without sacrificing performance.According to NVIDIA, Morpheus leverages machine learning to identify anomalies and threats — such as phishing, data leaks and malware — through real-time inspection of all IP traffic in an organiz
Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks.The four new Exchange Server vulnerabilities were fixed as part of this month’s Patch Tuesday bundle and because of the se
Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud. Last year, the malware was observed perfor
Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. In 2020, more than 17,000 vulnerabilities were reported to NIST, and more than 4,000 of these were high priority. Knowing which of these affect you, where
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments.Dubbed Aviary, the new tool is a dashboard that makes it easy to visualize and analyze output from Sparrow, the compromise detection
Microsoft this week announced the open source availability of Python code for “CyberBattleSim,” a research toolkit that supports simulating complex computer systems. Designed to help advance artificial intelligence and machine learning, the experimental research project was designed to aid in the analysis of how “autonomous agents operate in a simulated ente
Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco’s Talos division report.With the COVID-19 pandemic forcing many organizations to switch to telework, interactive communication platforms such as Discord and Slack saw increased adoption and a
A vulnerability residing in the “Domain Time II” network time solution can be exploited in Man-on-the-Side (MotS) attacks, cyber-security firm GRIMM warned on Tuesday.Developed by Greyware Automation Products, Inc., Domain Time II is a time synchronization software designed to help enterprises ensure accurate time across their networks. The suite of tools pr
Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis.In some cases, exploitation attempts were observed shortly after the security bugs are made public: scanning for vulnerable systems started 48 hours after patches were rel
PCAP Enables Defenders to See and Capture Exactly What Has Happened Across a Network, But Comes With ChallengesPCAP, or full packet data capture for analysis, does what it says – it captures the entirety of every packet that comprises the network traffic (both metadata and content). If something happens on the network, PCAP knows about it. Whether it is malw
The U.S. government is warning that Advanced Persistent Threat (APT) actors are exploiting vulnerabilities in Fortinet FortiOS in ongoing attacks targeting commercial, government, and technology services networks.The warning, issued in a joint advisory by FBI and the Cybersecurity and Infrastructure Security Agency (CISA), follows the recent release of
A pair of unpatched vulnerabilities in QNAP small office/home office (SOHO) network attached storage (NAS) devices could allow attackers to execute code remotely, according to a warning from security researchers at SAM Seamless Network.The bugs were found to affect QNAP TS-231 SOHO NAS devices running firmware version 4.3.6.1446, but potentially impact other
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a supplemental directive requiring all federal agencies to identify vulnerable Microsoft Exchange servers in their environments within five days.Providing additional direction on the implementation of CISA Emergency Directive 21-02, which on March 3 reque