0 Comments
The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an “incomplete fix” for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that
0 Comments
A student at East Carolina University has been charged with cyber-stalking after allegedly posing as a member of a rival fraternity to upload a racist post to social media. A police investigation was launched after an offensive message, purporting to be from the university’s Theta Chi chapter, was uploaded anonymously to Yik Yak in August. 
0 Comments
Today marks a significant and exciting step forward for the combined McAfee Enterprise and FireEye businesses as we create a pure play, cybersecurity market leader. I’m incredibly proud to be writing this as the newly appointed CEO of this combined business. Keeping nations and large enterprises safe is – I believe – one of the
0 Comments
Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that’s engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server. The malware family, dubbed “FontOnLake” by Slovak cybersecurity firm ESET, is said to feature “well-designed
0 Comments
An international psychic mail fraud scheme that sold the promise of good fortune to tens of thousands of victims has been shut down by a United States court. Earlier today, the US District Court for the Southern District of Florida entered a permanent injunction against three residents of France and two corporate defendants who had been carrying
0 Comments
ESET researchers discover a malware family with tools that show signs they’re used in targeted attacks ESET researchers have discovered a previously unknown malware family that utilizes custom and well-designed modules, targeting systems running Linux. Modules used by this malware family, which we dubbed FontOnLake, are constantly under development and provide remote access to the
0 Comments
An “aggressive” financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks. Cybersecurity firm Mandiant attributed the intrusions to
0 Comments
What is chaos engineering is and how to get started? What are the different types of tests and how does it compare to other options? These were questions that Holly Grace Williams, founder of Akimbo Core, aimed to tackle during a technical session at the Digital Transformation EXPO Europe 2021. The ‘A Chaos Podcast Presents: A Beginner’s
0 Comments
Did you know, the timing of Hispanic Heritage Month coincides with the Independence Day celebrations of several Latin American nations? At McAfee Enterprise, we’re celebrating Hispanic Heritage Month by recognizing some of our amazing employees and asking them about their heritage and the impact it had on their career and journey to cybersecurity. Read my
0 Comments
A high-severity code injection vulnerability has been disclosed in 23andMe’s Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution.
0 Comments
A working group appointed by the International Association of Scientific, Technical and Medical Publishers (STM) has published a new set of guidelines to tackle the issue of doctored images in scientific research papers.  The recommendations of the Standards and Technology Committee (STEC) include a three-tier classification system that editors can use to flag suspicious content, and detailed
0 Comments
A good time to check if someone is using your identity is before it even happens.  One of identity theft’s several downsides is how people discover they’ve become a victim in the first place—by surprise. They go to rent an apartment, open a line of credit, or apply for financing, only to discover that their finances or reputation has taken a hit because of identity thief.   And those
0 Comments
Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations’ infrastructure, and technology while remaining in the dark and successfully evading security solutions. Boston-based cybersecurity company Cybereason dubbed the attacks “Operation Ghostshell,” pointing
0 Comments
A voucher scheme launched by the Northern Ireland Assembly to stimulate economic growth following Covid-19 lockdowns is having an identity crisis.  Under the £145m High Street Spend Local Scheme, the approximately 1.4 million residents of Northern Ireland who are aged 18 and over are eligible to apply for a £100 Spend Local voucher.  The voucher takes the form
0 Comments
Welcome back to our executive blog series, where I chat with some of the pivotal players behind McAfee Enterprise to hear their takes on today’s security trends, challenges, and opportunities for enterprises across the globe. Dive into the conversation below with Vice President, Global Commercial, Britt Norwood. Q: What’s the first career you dreamed of having
0 Comments
Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence, once again demonstrating how technology meant to secure the environment prior
0 Comments
by Paul Ducklin As you probably know (or, at least, as you know now!), October is Cybersecurity Awareness Month, which means it’s a great opportunity to do three things: Stop. Think. Connect. Those three words were chosen many years ago by the US public service as a short and simple motto for cybersecurity awareness. 5
0 Comments
A former Facebook employee is to appear before a US Senate subcommittee tomorrow after blowing the whistle on the company’s alleged prioritization of profit above user welfare.  Frances Haugen, a 37-year-old data scientist from Iowa, revealed yesterday that it was she who leaked internal research carried out by Facebook to the Wall Street Journal. This research formed the
0 Comments
We hope you’ve enjoyed Cyber Awareness month. This year’s theme asked us all to do our part to stay safer online. The idea is that if we each take steps to secure our lives online, then together we all contribute to creating a safer, more secure internet. Of course, it’s our job to help you #BeCyberSmart. With that in mind, we’ve pulled together all the safety tips we featured in October. From family
0 Comments
A newly discovered data exfiltration mechanism employs Ethernet cables as a “transmitting antenna” to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research. “It’s interesting that the wires that came to protect the air-gap become the vulnerability of the air gap in this attack,” Dr. Mordechai Guri, the head of R&D in
0 Comments
The owner of two chains of American luxury department stores has warned 4.6 million Neiman Marcus customers that their personal data may have been exposed in a security incident that happened 17 months ago.  Neiman Marcus Group, which owns the Neiman Marcus and Bergdorf Goodman department stores, as well as the high-end home goods line
0 Comments
You can’t automate every business process. While I love automation and promote the concept, I know its limitations. This viewpoint needs to be recognized and observed as more security officials implement automation within their organizations. I’d estimate that for most enterprises, the first 80 percent of migrating and integrating processes to automation is easy to