( The Record) Kaseya starts patch rollout After reaching out to 22,000 domain owners, the company was able to secure 60% of the impacted addresses. THe company received a list of 1.3 million compromised email addresses from a law enforcement partner, and began reaching out in April to owning organizations and service providers to reset passwords to secure them. The security firm Spamhaus announced over 780,000 email accounts compromised by the pernicious botnet have been recovered. ( Bleeping Computer) Emotet compromised emails recovered Microsoft also announced it had awarded $13.6 million in bug bounties to security researchers over the past 12 months, about the same as last year and the highest numbers reported by any vendor for yearly payouts. Microsoft encourages all Windows users to apply the patch and offers guidance on registry settings needed to make sure your system is secure. Microsoft says those relied on an insecure configuration of a registry setting related to Point and Print. Microsoft clarified that its patch for the “PrintNightmare vulnerability “is working as designed and is effective.” Last week we reported how security researchers developed a way around the patch. ( The Daily Beast) Microsoft defends its PrintNightmare patch Microsoft claimed to have cut off 94 percent of Trickbot’s server infrastructure in 2020 ahead of the US election. This comes as the cybersecurity firm Bitdefender reports there is evidence of increased Trickbot activity, with malware updating for further intelligence gathering and victim monitoring. The Daily Beast reports that Microsoft worked with ISPs to visit people’s houses in Brazil and elsewhere in Latin America to replace routers compromised by the Trickbot malware. Want a step-by-step guide on what you should be looking for? Visit /risk to help make sure your data is protected. Varonis is here to help mitigate the blast radius of such attacks. Still in the news is REvil’s ransomware attack on Kaseya VSA servers. The country also recently updated its regulatory laws to require government approval of all foreign stock listings. This comes as large tech platforms have increasingly come under scrutiny in the country, with the company Didi facing app delistings and security audits in the wake of its recent IPO. or Hong Kong, and ByteDance founder Zhang Yiming decided to delay the listing in late-March. The company had reportedly been mulling a listing in the U.S. The Wall Street Journal’s sources say ByteDance indefinitely suspended its plans to go public after Chinese government officials advised the company to address data-security risks. ( The Record) ByteDance delays IPO over “data-security concerns” About 40% of blocked domains were new and awaiting categorization, with business-related content, pornography, and information technology the most commonly blocked domains after that. The accidental blocks appear to be when authorities used a broad DNS filtering regular expression that did not account when a shorter domain might be part of a larger one. The researchers found that 311,000 domains were blocked overall, although 41,000 domains appear to have been blocked by accident. Overall, 534 million distinct domains were tested, with 411 million domains checked daily. ( TechCrunch) The scope of China’s Great Firewall internet censorshipĪcademics at US and Canadian universities created a tool called GFWatch, which accessed domains from inside and outside China’s internet and looked at how the country’s Great Firewall impacted connections at the DNS level. RiskIQ specializes in finding assets, devices and services that can be accessed outside of a company’s firewall, and its services will be rolled into Microsoft’s flagship security offerings.Microsoft said the acquisition will help its customers keep an eye out for supply chain attack risks. Bloomberg’s sources say the deal could be worth over $500 million. Microsoft confirmed it intends to acquire the San Francisco startup, which provides threat intelligence and cloud-based software as a service. The site currently lists more than $32 million in ransom payments for 2021. Security researchers and law enforcement officials can download the database for free. The site doesn’t contain any personal or victim-identifying information. It provides a running total of ransoms paid out in bitcoin, using self-reported incidents of ransomware attacks. Jack Cable, a security architect with the Krebs Stamos Group, noticed that nobody was collecting public data despite the bitcoin ledger being publicly viewable, so he launched a crowdsourced ransom payments tracking website called Ransomwhere. Ransomwhere site hopes to provide transparency
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |