As the chief information security officer (CISO) for IBM, I’m often asked by peers and colleagues, “What do you think of Zero Trust?” Or, perhaps more often, “What strategies are you using to keep IBM protected?”   First, many vendors in the security industry are looking at zero trust security from the wrong perspective. S

The cybersecurity talent gap is real. The 2019/2020 Official Annual Cybersecurity Jobs Report predicts that there will be 3.5 million security jobs left unfilled globally by 2021. The cybersecurity profession hit a 0% unemployment rate and the pay is good. So, why are security leaders struggling to fill positions? It could be because they are looking for th

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347, could be exploited by local authenticated attackers to gain access to sensitive information. “A vulnerability in Cisco Webex

Security vulnerabilities in modern communication protocol GTP used by mobile network operators can be exploited by attackers to target 4G/5G users. Researchers at cybersecurity firm Positive Technologies Security have discovered several vulnerabilities in communication protocol GPRS Tunnelling Protocol (GTP), that is used by mobile network operators (MNO

Maze ransomware operators hit Threadstone Advisors LLP, a US corporate advisory firm specialising in mergers ‘n’ acquisitions. Threadstone Advisors LLP, a corporate advisory firm specialising in mergers ‘n’ acquisitions, is the last victim of the Maze ransomware operators. MAZE ransomware operators have stolen the data of the co

This post includes the details of the Coronavirus-themed attacks launched from May 31 to June 13, 2020. Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected between May 31 and June 13, 2020. June 4, 2020 – North

Amazon, IBM and now Microsoft ban the sale of facial recognition technology to police departments and are urging for federal laws to regulate its use. Microsoft has joined Amazon and IBM in banning the sale of facial recognition technology to police departments, the tech giants are also urging for federal laws to regulate the use of these solutions. Mi

Threat actors continue to use COVID-19 lures, Google is reporting an increase in Coronavirus-themed phishing attempts in Brazil, India, and the UK. While Coronavirus spreads on a global scale, threat actors continues to use COVID-19 lures, in April Google announced that the Gmail malware scanners have blocked around 18 million phishing and malware emails

One of the most recent threats is the info stealer TroyStealer, first shared by Abuse.ch on Twitter, and targeting Portuguese users. The world of cybercrime is changing, and more and more malware variants have spread every day. To keep your system safe, one of the things you can do is following a cyber doctrine focused on the threats that lunk on the web.

Florence City in Alabama will pay a $300,000 ransom worth of Bitcoins after its computer system was infected with a ransomware. The Council of Florence City voted unanimously at an emergency meeting this week pay the ransom requested by attackers that hit the City’s system. The payment will me made using the city’s insurance fund in an effort to pre

Russia-linked Gamaredon APT use a new module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. Reseaerchers from ESET reported that Russia-linked Gamaredon APT has a new tool in its arsenal, it is a module for Microsoft Outlook that creates custom emails with malicious documents and send

A hack-for-hire group tracked as Dark Basin targeted thousands of journalists, advocacy groups, and politicians worldwide over 7 years. Researchers from Citizen Lab uncovered the operations of a hack-for-hire group tracked as Dark Basin that targeted thousands of journalists, elected and senior government officials, advocacy groups, and hedge funds worldw

Microsoft addressed a Server Message Block (SMB) protocol issue, named SMBleed, that could allow an attacker to leak kernel memory remotely, without authentication. Recently released Microsoft June 2020 Patch Tuesday updates also address a vulnerability in the Server Message Block (SMB) protocol dubbed SMBleed (CVE-2020-1206) that could allow an atta

VMware has addressed a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products. VMware has addressed a high-severity information disclosure vulnerability, tracked as CVE-2020-3960, that affects its Workstation, Fusion and vSphere virtualization products. The CVE-2020-3960 flaw was discove

Slovak police seized wiretapping devices connected to Govnet government network and arrested four individuals, including the head of a government agency. Slovak National Criminal Agency (NAKA) seized wiretapping devices connected to the Govnet network and arrested four individuals, including the head of a government agency, who was responsible for managin