15 Jun 2021

Critical remote code execution flaw in thousands of VMWare vCenter servers remains unpatched

Thousands of internet-facing VMWare vCenter servers are still impacted by critical vulnerabilities despite patches being released weeks ago, warn researchers. The vulnerabilities impact the centralized management utility Center Server. VMWare issued patches for the two critical bugs on May 25, however, not all servers have adhered to recommendations and implemented

Read More
14 Jun 2021

Chinese Trolls Show That Information Can’t Be Stopped, Nor Should It Be

Beijing has been engaged in a battle for public opinion for several years, aggressively promoting a positive vision of China to counter criticisms for its involvement in human rights violations, intellectual property theft, currency manipulation, its engagement with Taiwan and the South China Sea disputes, and its suspected involvement in the COVID-19 outbreak.  In 2017, senior Party leaders acknowledged that “the main battlefield for public opinion” occurs on the extensive borderless Internet where people receive their news, express their thoughts, and promote and argue their political and ideological viewpoints.  Beijing understands how the Internet is essential in disseminating China-friendly narratives, while at the same time deflecting criticisms and reassigning blame.  In essence, it is how Beijing seeks to preserve its image while tarnishing those of others.

Read More
14 Jun 2021

REvil Hits US Nuclear Weapons Contractor

Sol Oriens, a US subcontractor for the Department of Energy that works on nuclear weapons was hit by a cyberattack last month that was allegedly the work of the infamous REvil ransomware gang. REvil posted a statement to its website that states that the malicious organization boasts the right to

Read More
14 Jun 2021

Global Police Close Record Number of Fake Pharma Sites

Over 110,000 fake websites and online marketplaces advertising fraudulent pharmaceuticals have been shut down as part of an international crackdown on fake pharma sites, according to the global policing organization Interpol. Interpol states that the operation, deemed Operation Pangea XIV, involved customs, law enforcement, and regulatory officers from 92 different

Read More
14 Jun 2021

McDonald’s Suffers Data Breach

McDonald’s has suffered from a data breach that has impacted customers and employees located in South Korea and Taiwan. The breach, which was the result of a cyberattack, also affected company operations in the United States. An unauthorized third party allegedly broke into the system of McDonald’s Cope. and accessed

Read More
14 Jun 2021

Cybersecurity, like Espionage, Is an Infinite Game

Game theory, the study of competition and conflict, tells us there are two types of games: Finite Games and Infinite Games. Understanding that cybersecurity, like espionage, is an infinite game, should inform our all our actions in cyberspace. This post provides suggested considerations for businesses, individuals and governments seeking advantage in this infinite game.

Read More
11 Jun 2021

Gaming Giant EA Suffers Major Data Breach

Gaming giant Electronic Arts has suffered from a major data breach that includes details pertaining to game source code and tools for several popular games. Cybercriminals claimed to have breached the company in blog posts published on underground hacking forums. These posts advertised 780GB of data for sale. EA later

Read More
11 Jun 2021

‘Fancy Lazarus’ Cyberattackers Ramp up Ransom DDoS Efforts

APT group “Fancy Lazarus” has been ramping up its ransom DDoS efforts in several new campaigns against US entities. The group is known for masquerading as various APT groups to distract security researchers. Researchers state the APT group is launching a new series of attacks using a combination of the

Read More
11 Jun 2021

Police Grab Slilpp, Biggest Stolen-Logins Market

On Thursday, the US Department of Justice announced that a multinational operation had led to the seizure of Slilpp, a massive and popular marketplace for selling online logins and credentials. At the time of the takedown, authorities note that there were more than 80 million login credentials for sale used

Read More
11 Jun 2021

Lax security around URL shortener exposed PII of US retailer Carter’s customer base

US retailer Carter’s has suffered from a data leak that exposed the personally identifiable information (PII) of hundreds of thousands of customers. However, unlike many data leaks, the incident was not the result of an unsecured bucket or misconfigured cloud storage system, rather the leak was caused by relaxed security

Read More