Security researchers are warning that attackers appear to have stepped up scanning for vulnerable Zyxel products, including VPN gateways, access point controllers and firewalls. A recently disclosed vulnerability in the company's firmware can create a hard-coded backdoor.
This edition of the ISMG Security Report features an analysis of the very latest information about the SolarWinds hack. Also featured are discussions of "zero trust" for the hybrid cloud environment and data privacy regulatory trends.
After the occupation of the U.S. Capitol by pro-Trump rioters Wednesday, an emergency response plan to ensure federal computers were locked down apparently was not activated, some experts say. As a result, federal security teams are likely scrambling to detect and repair any damage done.
Reacting to reports claiming hackers may have used JetBrains' TeamCity tool as an initial infection vector during the attack against SolarWinds, JetBrains CEO Maxim Shafirov says the company has not been contacted by investigators. But he says customer misconfiguration of TeamCity could have enabled a hack.
"Multisectoral" authentication can help to ensure that government benefits are provided to the right recipients, says Joni Brennan, president of the Digital ID & Authentication Council of Canada.
Although two earlier executive orders from President Donald Trump banning the use of the Chinese-made apps TikTok and WeChat are still hung up in the courts, the president has issued a new executive order banning eight other Chinese apps, citing threats they pose to national security, economy and foreign policy.
The massive pro-Trump demonstrations that saw large crowds riot and then occupy the U.S. Capitol building in Washington pose a significant potential cybersecurity threat as protesters appear to have gained access to at least one lawmaker's office, along with computer systems and other devices, some experts say.
A U.K. court denied Julian Assange bail Wednesday as the U.S. Justice Department prepares to appeal a judge's ruling earlier this week rejecting its request to extradite the WikiLeaks founder to the U.S. to face criminal charges. Assange will remain in a high-security prison during the appeals process.
The U.S. National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. NSA also advises other organizations to take the same steps.
As investigators probe the SolarWinds hack, they're finding that the supply chain campaign appears to have deeply compromised more than the 50 organizations originally suspected. Meanwhile, the federal agencies overseeing the investigation now officially believe a Russian-linked hacking group is responsible.
Citrix is urging customers to implement a newly provided enhancement to its ADC and Gateway devices that is designed to block attackers from abusing the Datagram Transport Layer Security, or DTLS, protocol to amplify distributed denial-of-service attacks.
Lawmakers who participated in the bipartisan Cyberspace Solarium Commission applauded Congress' override of President Donald Trump's veto of the National Defense Authorization Act, pointing to its 77 cybersecurity provisions, including restoration of the position of national cyber director at the White House.
A British judge has denied a Justice Department request to extradite WikiLeaks founder Julian Assange to the U.S. to face criminal charges related to hacking government computers and then publishing classified information. U.S. prosecutors plan to appeal.
Researchers at the security firm Intezer have detected a new Golang-based worm that is targeting Windows and Linux servers with monero cryptomining malware.
A firmware vulnerability in about 100,000 Zyxel products, including VPN gateways, access point controllers and firewalls, can be used to install a hardcoded backdoor that could give threat actors remote administrative privileges, according to the security firm Eye Control. Users are urged to patch the flaw.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.