The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols.
The National Security Agency (NSA) is lighting a fire under system administrators who are dragging their feet to replace insecure and outdated Transport Layer Security (TLS) protocol instances.
The agency this week released new guidance and tools to equip companies to update from obsolete older versions of TLS (TLS 1.0 and TLS 1.1) to newer versions of the protocol (TLS 1.2 or TLS 1.3).
TLS (as well as its precursor, Secure Sockets Layer, or SSL) was developed as a protocol aimed to provide a private, secure channel between servers and clients to communicate. However, various new attacks against TLS and the algorithms it uses have been revealed – from Heartbleed to POODLE – rendering the older versions of the protocol insecure.
minute read
Share this article:
Despite being a mostly run-of-the-mill ransomware strain, Babuk Locker’s encryption mechanisms and abuse of Windows Restart Manager sets it apart.
Only a few days into the new year, one of the first new ransomware strains of 2021 has been discovered. Dubbed Babuk Locker, the ransomware appears to have successfully compromised five companies thus far, according to new research.
The research author, Chuong Dong, a computer science student at Georgia Tech, said that he first saw the ransomware mentioned in a tweet by a security researcher who goes by “Arkbird” on Twitter. He then discovered information about Babuk on RaidForums, which is a forum for sharing databases of breaches and leaks.
minute read
Share this article:
More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.
Security experts are warning hackers are ramping up attempts to exploit a high-severity vulnerability that may still reside in over 100,000 Zyxel Communications products.
Zyxel, a Taiwanese manufacturer of networking devices, on Dec. 23 warned of the flaw in its firmware (CVE-2020-29583) and released patches to address the issue. Zyxel devices are generally utilized by small businesses as firewalls and VPN gateways.
Fast forward to this week, several security researchers have spotted “opportunistic exploitation” of Zyxel devices that have not yet received updates addressing the vulnerability.
The widespread compromise affecting key government agencies is ongoing, according to the U.S. government.
The U.S. government has identified Russia as the “likely” culprit behind the widespread SolarWinds cyberattack that has so far affected multiple federal agencies and private-sector companies. Cyberespionage is cited as the motivation behind the attack, which the feds characterized as ongoing.
In a rare joint statement by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI) and the National Security Agency (NSA), the agencies said a task force assigned to investigate the incident has found indications that Russia was behind the attack, something many government officials and security experts had already suspected.
minute read
Share this article:
Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.
After shrinking in 2020, cybersecurity budgets in 2021 climb higher than pre-pandemic limits. Authentication, cloud data protection and application monitoring will top the list of CISO budget and cybersecurity priorities. According to experts, these are just a few of the themes to dominate the year ahead.
Here is round-robin of expert opinions illuminating the year ahead.
Home is Where the Attacks Will Happen in 2021
There is no question IT staffs are still reeling from the massive work-from-home shift that forced them to rethink cybersecurity and placed new dependencies on technologies such as cloud services and digital collaborative tools such as Zoom, Skype and Slack. Those 2020 trends will have a lasting impact.