Browsing tag
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with […]
Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests,” […]
DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts. Tracked as CVE-2022-1162, the issue has a CVSS score of 9.1 and is said to have been discovered internally by the GitLab team. “A hardcoded password was set for […]
Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems. These issues were discovered by researchers from Rapid7, who notified Sage Group of their […]
Security researchers have discovered the first known malware, dubbed “Siloscope,” targeting Windows Server containers to infect Kubernetes clusters in cloud environments. “Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers,” said Unit 42 researcher Daniel Prizmant. “Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run […]
Having a good data leak prevention plan is a must for all organizations today. In today’s world, when companies rely on all kinds of new emerging technologies for carrying out their business, it’s no less than a challenge to prevent sensitive information from being breached, either maliciously or accidentally. This is because the wider the […]
We have always been stating that for any enterprise, security is not just about solutions and the technical aspects, it includes the human element as well. Every single employee who is part of an enterprise is responsible for the overall infrastructure security and hence there are some common security mistakes that, if avoided, could help […]
Network data loss prevention, as the term itself suggests, is all about preventing loss of sensitive data from a computer network. Thus, it can be defined as the technology that’s used to secure all the communications that are part of an organization’s network. This would include securing email, web applications, FTP etc. Organizations use different […]
Taking into account that more and more information is in electronic format, as professionals in the business sector and, specifically, in Information Security, our fundamental mission is to protect it. As we have heard or read on many occasions, the loss of sensitive information can occur accidentally or maliciously, but in any case, it can […]