In a series of data breach notifications, IT services giant Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack. Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue. As a managed service provider (MSP), Cognizant remotely manages many of its clients to fix issues, install patches, and monitor their security. READ MORE...
CAPTCHAs, those puzzles with muffled sounds or blurred or squiggly letters that websites use to filter out bots (often unsuccessfully), have been annoying end users for more than a decade. Now, the challenge-and-response tests are likely to vex targets in malware attacks. Microsoft recently spotted an attack group distributing a malicious Excel document on a site requiring users to complete a CAPTCHA, most likely in an attempt to thwart automated detection by good guys. READ MORE...
The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat (APT) group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations in Ukraine and Russia. More recently, researchers have spotted the group attacking a few high-profile organizations in the military sector and diplomatic missions, both in Eastern Europe. READ MORE...
Security experts at Intego are warning Apple Mac users of a new in-the-wild malware threat, which masquerades as an installer for Adobe Flash Player. The malware, which Intego says appears to be a variant of OSX/Shlayer and OSX/Bundlore, was found hiding on webpages. Using the disguise of an Adobe Flash Player update is hardly new for malware, but what is more unusual is how the malware attempts to hide its activities from both the computer user and security software. READ MORE...
A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google's market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry's failure to protect browsers as they are used more for email, payroll and other sensitive functions. Alphabet Inc's Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month. READ MORE...
A newly discovered software vulnerability could allow hackers to remotely exploit home internet routers, offering a foothold for breaking into the devices running on those networks. Researchers say the flaw in routers made by Netgear - revealed this week by cybersecurity company GRIMM and Trend Micro's Zero Day Initiative (ZDI) - underscores the long-running challenge of improving security in a market that prizes affordable and functional networking equipment. READ MORE...
Otorio's incident response team identified a high-score vulnerability in OSISoft's PI System. They immediately notified OSIsoft Software of the vulnerability, which OSIsoft filed with ICS-CERT (ICSA-20-163-01). Installed in some of the world's largest critical infrastructure facilities, OSIsoft Software's PI System is a data management platform that accesses a broad range of core OT network assets in the sites it serves. READ MORE...
Zoom Video Communications has decided to extend the benefits of end-to-end encryption (E2EE) not only to paying Zoom customers, but to those who create free accounts, as well. The decision was reached after much public outcry by privacy-minded users and privacy advocates. As famed cryptographer and privacy specialist Bruce Schneier noted, "we are learning - in so many areas - the power of continued public pressure to change corporate behavior." READ MORE...