02 Apr 2021

North Korean hackers are targeting researchers through fake offensive security firm

A North Korean hacking group has created a fake offensive security firm. For strategic context on the meaning of this activity and what business leaders should do about it see: C-Suite Considerations Regarding Current Geopolitical Tensions The actors are believed to be state sponsored by North Korea’s ruling party and

Read More
22 Feb 2021

Python programming language hurries out update to tackle remote code vulnerability

Python 3.9.1 and 3.8.8 have been rushed out by the Python Software Foundation after two security flaws. One of the two flaws is remotely exploitable, but only threatens to knock a machine offline. This remote code execution vulnerability is being tracked as CVE-2021-3177. The release of the new system upgrades

Read More
01 Feb 2021

Cloud Security Startup Armo Emerges from Stealth with $4.5M

With $4.5 million in funding and a mission to strengthen security for the cloud, Armo’s platform emerged from stealth. According to Armo, the increased reliance on Kubernetes as the container orchestration platform with cloud technologies gives limited visibility and security for cloud-native platforms.  Armo utilizes a Workload Fabric Tool aimed

Read More
01 Feb 2021

Hacker group inserted malware in NoxPlayer Android emulator

A popular Android emulator has been compromised by a mysterious hacking group. A handful of victims across Asia were targeted in a supply chain attack, leaving malware on their device. The attack targeted BigNox, the company that creates NoxPlayer. NoxPlayer emulates Android apps on Windows or macOS desktops. Slovak Security

Read More
25 Jan 2021

Crypto-Jacking Campaign Linked to Iranian Company

Researchers at British anti-malware vendor Sophos traced recent crypto-jacking attacks targeting SQL servers back to an Iran-based software company. The attacks consisted of threat actors installing the MrbMiner crypto-miner on target servers, utilizing software created, controlled, and hosted by an Iranian company. Sophos stated that they were unable to determine

Read More
15 Jan 2021

NSA Recommends Smart Use of DNS Resolvers

From Dark Reading: The National Security Agency recommended that enterprises use only their designated DNS resolver in DNS traffic and avoid third-party resolvers. Domain Name System technology, or DNS over HTTPS, DoH, can be abused by attackers. Companies using only their designated DNS server is the safest route and all

Read More
14 Jan 2021

Ring trials customer video end-to-end encryption for smart doorbells

Ring has created a preview of end-to-end encryption for home video feeds. The feature is being rolled out to customers this week by the Amazon-owned smart doorbell. After feedback proves the encryption to be successful, the encryption will eventually be offered to users as an opt-in feature. Ring has come

Read More
14 Jan 2021

43% of financial services orgs plan to increase private cloud investments

Nutanix revealed the financial services industry findings of its report for organizations’ plans for adopting different types of clouds. The findings show a digital transformation with 50% of respondents stating that COVID-19 had caused them to increase their investment in the hybrid cloud. The hybrid cloud is the only IT

Read More
14 Jan 2021

Google exposes malicious exploits targeting Windows and Android users

Due to Google’s Project Zero, zero-day vulnerabilities and bugs that could infect systems with malware can be uncovered. The project has unveiled a group of vulnerabilities that could have affected a large amount of customers had they not been discovered and patched. Two malicious servers were discovered hoping to pursue

Read More
13 Jan 2021

Capcom, the game developer behind Resident Evil, Street Fighter and DarkStalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.

Last November, a ransomware attack was launched against Capcom and it keeps getting worse. Up to 400,000 customers’ personal data was compromised, adding 40,000 customers to the original number the company had known. The breach was detected on November 2, and by November 19, Capcom said personal and corporate data

Read More