• Search for:
    11 Jan, 2022
    ‘Wormable’ Flaw Leads January 2022 Patch Tuesday
    Cybersecurity , , , , , , , , , , , , , , , ,

    Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another. …

    Read More‘Wormable’ Flaw Leads January 2022 Patch Tuesday

    16 Apr, 2021
    Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?
    Cybersecurity, VMware , , , , , , , , , , , , , , , , , ,

    On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy. …

    Read MoreDid Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

    16 Apr, 2021
    Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?
    Cybersecurity, VMware , , , , , , , , , , , , , , , , , ,

    On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy. …

    Read MoreDid Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

    10 Oct, 2020
    Report: U.S. Cyber Command Behind Trickbot Tricks
    Cybersecurity , , , , , , ,

    A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command. …

    Read MoreReport: U.S. Cyber Command Behind Trickbot Tricks

    13 Jan, 2020
    Cryptic Rumblings Ahead of First 2020 Patch Tuesday
    Cybersecurity , , , , , , , , , , ,

    Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020. …

    Read MoreCryptic Rumblings Ahead of First 2020 Patch Tuesday