A selection of this week’s more interesting vulnerability disclosures and cyber security news. I certainly have some ‘wow’ items for you this week. The first just does not bear thinking about as to the potential impact this breach could have – it really is an horrorfic ‘wow’: We know that BEC fraud schemes hope to take pot luck at a busy employee’s lapse of proceedure, but when they really have you in their eyes, the grip can be just ‘wow’.
In the previous posts of this series, we discussed how you can secure your infrastructure at scale by applying security policies as code to continuously monitor your environment with the Config Validator policy library and Forseti. In this article, we’ll discuss how you can reuse the exact same policies and Terraform Validator to preventively check your infrastructure deployments, and block bad resources from being deployed in Google Cloud Platform (GCP).
According to the recent research on cyber security, a significant amount of security breaches happens due to human error. In this article, we took a closer look at cyber security protocols that can help you eliminate the human error and keep your organization safe. The recent research on cyber security illustrates that a great number of security breaches take place because of human error.
What is Dridex malware? Dridex is a strain of banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, Dridex attackers can steal banking credentials and other personal information on the system to gain access to the financial records of a user.
CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware.
The shopping season is upon us, and like it or not there are lots of individuals who would love to replace your happiness with their sadness. Thus, at this festive time of the year, it is imperative to give some thought and prep time to you and your family’s shopping habits and the security that surrounds those habits. If you’re like most people, you will NOT be using cash for all your holiday purchases.
Summary The Great Cannon is a distributed denial of service tool (“DDoS”) that operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable.
Ransomware, a type of malicious software or malware, is designed to deny access to computer systems or sensitive data until ransom is paid. While ransomware has been around for decades, ransomware attacks are becoming more sophisticated, spreading through phishing emails, spear phishing, email attachments, vulnerability exploits, computer worms and other attack vectors.
Docker is an awesome technology, and it’s prevalent in nearly every software developer’s workflow. It is useful for creating identical environments and sharing them between development, testing, production, and others. It’s a great way to ship a reliable software environment between systems or even to customers. However, like with any technology, one must know how to be secure when using it.
What is Sextortion? Sextortion is a way of criminally extorting money from a victim or forcing the victim to carry out an act unwillingly. More often than not, the attacker threatens to publicly release embarrassing, personal images or video footage of the victim. Pornographic blackmail is commonly the angle used in sextortion.
