Record Number of Critical and High Severity Vulnerabilities Were Logged to the NIST NVD in 2020
A record number of critical and high severity vulnerabilities were logged to the National Institute of Standards and Technology (NIST) and its National Vulnerability Database (NVD) in 2020. THE NVD is a repository of Common Vulnerabilities and Exposures (CVEs) reported by security professionals, researchers and vendors. It is used by security teams around the world to stay up to date with security vulnerabilities as they are discovered.
Security Researchers Discover Helpdesk Software Vulnerability
After auditing the security of Helpdesk Software solution Deskpro in accordance with the company's Responsible Disclosure Bug Bounty Program, the Checkmarx Security Research Team discovered a severe cross-site scripting (XSS) issue that can be exploited multiple ways. Tim Wade, our technical director, says that exploitable software vulnerabilities will inevitably occur. When they do, some adversaries may be in a position to take advantage of them.
Vectra Extends Cloud Identity Detection Capabilities With Microsoft Azure AD
Vectra is the first NDR solution to offer universal control over data and identities to meet growing privacy and compliance concerns. Vectra announces extended coverage and integrates directly with Azure AD, giving full coverage of all federated SaaS applications and stopping attackers earlier in the kill chain.
La mutuelle des soignants MNH paralysée par un rançongiciel
Un groupe de cybercriminels a revendiqué l’infiltration et le chiffrement des données de la mutuelle du personnel hospitalier. Ils exigent une importante rançon et les employés n’ont plus accès à leurs ordinateurs infectés.
Hackers Accessed a Florida Town Water Treatment Facility System and Changed Chemical Levels
Someone has managed to break into a Florida town water treatment facility ICS (Industrial Control System) platform and changed the chemical levels of substances, rendering the water unsafe to consume. Fortunately, the people responsible for the facility’s operation realized the change and stopped the contaminated water from reaching the supply network.
Hacker Tries to Poison Water Supply of Florida Town
A threat actor hacked into the computer system of the water treatment facility in Oldsmar, Fla., and tried to poison the town’s water supply by raising the levels of sodium hydroxide, or lye, in the water supply. The attack happened just two days before NFL’s Super Bowl LV was held nearby in Tampa Bay, according to local authorities.
Hacker Breaks Into Florida Water Treatment Facility, Changes Chemical Levels
Public utilities, including power and water systems, have been prime cyberattack targets for years. Recently, hackers broke into a water treatment facility in Florida, gained access to an internal ICS platform and changed chemical levels, making the water unsafe to consume.
Experts React: Hackers Try To Contaminate Florida Water Supply
Yesterday the news broke that a hacker compromised a water treatment facility system in Florida via remote access software TeamsViewer and used their access to increase the Sodium Hydroxide in the water to dangerous, poisonous levels. Thankfully the situation was avoided when an employee noticed actions being executed on the computer and followed what changes were being made and quickly reversed them.
5 Critical Questions Raised by Water Treatment Facility Hack
As the investigation into the hacking of a water treatment facility in Florida continues, cybersecurity experts say the incident points to the urgent need to enhance operational technology security. The lesson to be learned is that public sector organizations that provide critical services - which are largely unregulated for security - need some scrutiny on their IT and OT security.
World Economic Forum Calls Cybersecurity One of the "Key Threats of the Next Decade
Cybersecurity took center stage in the 16th edition of the World Economic Forum's Global Risks Report alongside the COVID-19 pandemic, climate change, and debt crises. Since 2004 the report has detailed the most critical risks facing the world and has highlighted cyberattacks and data breaches as far back as 2012.
Hidden Dangers of Microsoft 365's Power Automate and eDiscovery Tools
Our CEO, Hitesh Sheth, discusses the ways threat actors are bypassing preventative security measures. As organizations increasingly embrace hybrid cloud environments, cyberattackers are taking advantage by using privileged access and legitimate applications to execute attacks and carry out malicious actions.
Office 365 Threats and Inversion of the Corporate Network
Our CTO, Oliver Tavakoli, discusses how the adoption and daily use of cloud and SaaS (software-as-a-service) applications surged in 2020 and presented many new threats. Recently, two Office 365 tools have emerged as valuable to attackers: Power Automate and eDiscovery Compliance Search.
Billions of Passwords Offered for $2 in Cyber-Underground
A “compilation of many breaches” – COMB for short – has been leaked on the cyber-underground, according to researchers. The so-called COMB contains a staggering 3.27 billion unique combinations of cleartext email addresses and passwords.
Hack The U.S. Army: What Cybersecurity Skills Does It Take?
The allure of trying to find vulnerabilities in large-scale organizations such as the U.S. Army and Air Force is considered a challenge for not only the hackers who participate in these programs but also for the government agencies sponsoring these events, since cybersecurity is now an increasing priority for the Defense Department
Experts Reaction On Hackers Steal Foxtons Customer Data
It has been reported today that thousands of customers’ financial details held by one of Britain’s biggest estate agents are being freely accessed on the dark web. Foxtons Group was victim to a malware attack in October last year when hackers targeted the company, with it closing down its web portal for home sellers, renters, and landlords.
Hack The U.S. Army: What Cybersecurity Skills Does It Take?
Tim Wade of Vectra AI shares why anyone who wants to participate in the U.S. Army's bug bounty challenge should brush up on understanding specific military systems and networks.
SOC Teams Spend Nearly a Quarter of Their Day Handling Suspicious Emails
Security professionals know that responding to relentless, incoming streams of suspicious emails can be a labor-intensive task, but a new study shared exclusively with SC Media in advance indicates just how time-consuming it actually is.
Data Privacy Day 2021: Aftermath - Part 2
Tim Wade, our technical director on the CTO team, shares his thoughts on personal privacy and society.
Here’s where AI will advance in 2021
Artificial intelligence continues to advance at a rapid pace. Even in 2020, a year that did not lack compelling news, AI advances commanded mainstream attention on multiple occasions. A team of Vectra's data scientists share their thoughts on AI trends to look out for in 2021.
Top Cybersecurity Experts Raise Awareness for Responsible Data Privacy Practices
This year’s initiative on Data Privacy Practices highlighted the state of the global data privacy landscape, examining it through the lens of the pandemic and other major events that have impacted and disrupted the way people live, work and interact.
Is Trickbot Botnet Making a Comeback?
The Trickbot botnet appears to be making a comeback this month with a fresh campaign that is targeting insurance companies and legal firms in North America, according to an analysis published by Menlo Security.
A global sting has taken down the Emotet botnet – but is it gone for good?
A global sting operation has taken down critical infrastructure behind the Emotet botnet, which criminals have used to steal and extort millions of dollars. But security experts are divided on whether this will have a long-term effect on the spread of one of the world’s most dangerous security threats.
Emotet taken down but for how long?
To severely disrupt the EMOTET infrastructure, law enforcement teamed up together to create an effective operational strategy. It resulted in this week’s action whereby law enforcement and judicial authorities gained control of the infrastructure and took it down from the inside.
USCellular Suffers Data Breach; Hackers Accessed its CRM Software
UScellular, the fourth-largest wireless carrier in the U.S. with 4.9 million customers, has been hacked. Jennifer Geisler, our CMOthis is another proof point too breaches.
New WEF Global Risk Report Names Cybersecurity Challenges as Fourth Greatest Danger to Global Economy
The 2021 World Economic Forum (WEF) Global Risk Report, used for over a decade by organizations around the world as a risk assessment tool, has named “cybersecurity challenges” as the fourth most pressing danger to the global economy.