News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Category: Stories

Ransomware: Every 2nd company attacked in the first half of the year
June 27, 2022
| No comments
| Stories
Ransomware: Every 2nd company attacked in the first half of the year

A Cohesity study shows that almost half of companies have been attacked by ransomware in the last six months. A lack of collaboration between IT and security teams makes organizations more vulnerable to cyber threats. Many companies are more susceptible to cyber attacks such as ransomware attacks because IT and security officers (SecOps) work poorly together. This is shown by a study by Cohesity, a leading provider of data management solutions. Most IT and security decision-makers are convinced that both teams should share responsibility for their company's holistic data security strategy - i.e. from the prevention of cyber attacks to backup...

Read more

Ransomware & OneDrive: Attackers delete version backups
June 26, 2022
| No comments
| Stories

Proofpoint has discovered potentially dangerous Microsoft Office 365 features that attackers use to delete recovery version files stored on SharePoint and OneDrive in order to more easily blackmail victims. Ransomware attacks traditionally target data across endpoints or network drives. Until now, IT and security teams have believed that cloud drives are more resilient to ransomware attacks. After all, the now well-known “AutoSave” feature, along with versioning and the good old recycle bin for files as a backup, should have sufficed. But that might not be the case for much longer. Vulnerability in Microsoft 365 and OneDrive Proofpoint…

Read more

Vulnerabilities in the Siemens network management system
June 24, 2022
| No comments
| Stories
Vulnerabilities in Siemens' network management system

Team82 discovers 15 vulnerabilities in Siemens' network management system (SINEC NMS). Vulnerabilities allow denial of service attacks, credential harvesting, and remote code execution. The security researchers from Team82, the research department of the specialist for the security of cyber-physical systems (CPS) in industry, healthcare facilities and companies Claroty, have discovered a total of 15 vulnerabilities in the Siemens network management system (SINEC NMS). For example, CVE-2021-33723 allows attackers to escalate their privileges and CVE-2021-33722 allows remote code execution using a path traversal attack. All versions prior to V1.0 SP2 Update 1 are affected. Siemens advises users to upgrade to V1.0 SP2 Update 1 or a…

Read more

Attacks on MS Office apps using homograph phishing
June 22, 2022
| No comments
| Bitdefender, Stories
Attacks on MS Office apps using homograph phishing

According to a new study by Bitdefender Labs, all MS Office applications (including Outlook, Word, Excel, OneNote and PowerPoint) are vulnerable to international domain name (IDN) homograph phishing attacks in order to redirect users to different addresses. Bitdefender has consistently observed such homograph phishing for several months and strongly advises companies to take countermeasures to avoid associated risks. Bitdefender Labs reported this issue to Microsoft in October 2021 and the Microsoft Security Response Center has confirmed the results as valid. It is still unclear if or when Microsoft will fix this problem...

Read more

Attack Surface Threat Report shows unmanaged attack surfaces
June 20, 2022
| No comments
| Stories
Attack Surface Threat Report shows unmanaged attack surfaces

Palo Alto Networks' security research team evaluated more than 100 companies across multiple industries to map their unmanaged attack surfaces. The results have been compiled in the current Attack Surface Threat Report. Seasoned security professionals know that while zero-days make the headlines, the real problems arise from the dozens of small decisions that are made every day in an organization. Even a single accidental misconfiguration can create a weak point in the defense. Targeting Oversights and Misconfigurations Opportunistic attackers are increasingly targeting these oversights and misconfigurations as it…

Read more

Triple penalty: ransomware extortion, data loss, fines
June 17, 2022
| No comments
| Sophos, Stories
Triple penalty: ransomware extortion, data loss, fines

Negligent companies are quickly punished threefold: first ransomware extortion, then data loss, and last but not least, the penalty fee for a poor recovery plan. That's how complex ransomware can invade company resources. Last year, ransomware brought a US company that produces fuel to its knees. Behind this were criminal "partner companies" of the notorious DarkSide group. A typical example of a RaaS (ransomware as a service) attack: a small core team of criminals develops malware, makes it available to other bad guys, and handles victims' ransoms. However, they lead the actual attack...

Read more

Employees want an alternative to the password
June 15, 2022
| No comments
| Stories
Employees want an alternative to the password

A survey of 1.010 employees reveals common mistakes and problems related to passwords. 45 percent of employees in German companies would like an alternative to the password. Almost every fifth German uses the names of pets, children or their favorite football team as passwords. This is according to a study by Beyond Identity, the invisible multi-factor authentication (MFA) provider. More than 1.000 German employees were asked about password hygiene and the most common mistakes made when using passwords were made visible. The most important results at a glance 42 percent of those surveyed already have more…

Read more

Ransomware Report Q1 2022: Ransomware Associated Vulnerabilities
June 13, 2022
| No comments
| Stories

Ivanti Q1 2022 Ransomware Report: The study shows a 7,5% increase in ransomware-associated APT groups, a 6,8% increase in actively exploited and trending vulnerabilities, and a 2,5% increase in ransomware -Familys. Ivanti has published the results of the Ransomware Index Report Q1 2022. The report finds a 7,6% increase in ransomware-associated vulnerabilities in the first quarter of 2022. Most of these vulnerabilities are exploited by the Conti ransomware group, which rallied behind the Russian government after invading Ukraine and sought support…

Read more

Report: What about the IT security of German companies?
June 10, 2022
| No comments
| Stories
Report: What about the IT security of German companies?

Concerns, risks and confidence - what about the IT security of German companies? Infoblox's 2022 Global State of Security Report reveals where and how the human factor is at work in security. The last two pandemic years have turned IT security in companies upside down. In its "Global State of Security Report 2022", Infoblox, a leading provider of cloud-first DNS management and security, looks at the fears and dangers as well as the measures that security managers in companies are taking to manage the increasingly complex IT landscape to secure. It turns out that the human factor in...

Read more

Cyber ​​risks in the software supply chain
June 8, 2022
| No comments
| Stories
Cyber ​​risks in the software supply chain

Log4Shell or Solarwinds are typical examples of attacks on companies through their software supply chain. It is characteristic that cybercriminals do not gain direct access to the target company, but attack via a back door. A comment from Trend Micro. If you look back at some recent attacks (esp. Solarwinds or Log4Shell), you will notice that they are playing more and more "over gangs". This means that the attackers no longer attack target companies directly, but via their (software) supply chain. Whether victims are attacked via compromised Solarwinds updates or vulnerabilities in Log4Shell - in both...

Read more

© 2024 MedPressIT GbR
Cookie Settings