MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. Composed of the most frequent and critical errors that result in serious hardware vulnerabilities, the list includes a total of 12 entries, with five additional weaknesses that scored just ..
Tag : NEWS&INDUSTRY
The NSA and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the first in a series of guidance documents for securing 5G cloud infrastructure. The guidance comes from the Enduring Security Framework (ESF), a public-private partnership between the NSA, CISA, the Defense Department, the intelligence community, as well as IT, communications, and ..
Minnesota-based IT management and software powerhouse HelpSystems expanded its year-long cybersecurity shopping spree with a new deal to acquire data loss prevention specialists Digital Guardian. Financial terms of the acquisition were not released. Digital Guardian is a late-stage Massachusetts-based startup that raised $173 million over multiple venture capital funding rounds. The company has gained ..
A Worcester, Mass. health care network says someone hacked into its employee email system, potentially exposing the personal information of thousands of patients. UMass Memorial Health notified patients earlier this month if their information was involved in the breach, which occurred between June 2020 and January. The personal data included Social Security numbers, insurance information ..
Microsoft on Thursday published information on a vulnerability in Apple’s macOS platform that could allow an attacker to bypass System Integrity Protection (SIP) and modify operating system files. Tracked as CVE-2021-30892 and named “Shrootless” by Microsoft, the vulnerability exists in the method used to install Apple-signed packages with post-install scripts. To successfully exploit the vulnerability, ..
A Russian national has been extradited from South Korea to the United States to face charges for his alleged role in the cybercriminal organization behind the TrickBot malware. The man, Vladimir Dunaev, 38, allegedly was part of the TrickBot group from November 2015 through August 2020, stealing money and information and damaging the computers of ..
Europol and Norwegian Police on Friday announced the arrests of 12 individuals suspected of being involved in ransomware attacks launched against companies around the world, including critical infrastructure organizations. According to Europol, the suspects played various roles in ransomware attacks that impacted more than 1,800 victims across 71 countries, including many major corporations that suffered ..
A cyberattack on Papua New Guinea’s finance ministry briefly disrupted government payments and operations, officials said late Thursday. Ransomware infiltrated and compromised a core server at the department of finance last week, hampering the government’s access to foreign aid, its ability to pay cheques and carry out other basic functions in the midst of a ..
A Chrome 95 update released by Google on Thursday patches two actively exploited Chrome vulnerabilities, as well as flaws that were disclosed recently at a Chinese hacking contest. The actively exploited vulnerabilities are tracked as CVE-2021-38000, which has been described as an insufficient validation of untrusted input in Intents, and CVE-2021-38003, an inappropriate implementation issue ..
India’s Supreme Court on Wednesday ordered an independent investigation into the alleged government use of Pegasus spyware on journalists, opposition politicians and activists with the chief justice calling the implications “Orwellian”. India was one of 45 countries where tens of thousands of numbers were targeted by the spyware made by Israeli firm NSO, according to ..
