Find My LibraryIT Security News
-
Microsoft Patch Tuesday, March 2022 Edition
Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users (that we know of), and relatively few "critical" fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here's a look at the security weaknesses Microsoft says are most likely to be targeted first.
-
Internet Backbone Giant Lumen Shuns .RU
Lumen Technologies, an American company that operates one of the largest Internet backbones and carries a significant percentage of the world's Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen's decision comes just days after a similar exit by backbone provider Cogent, and amid a news media crackdown in Russia that has already left millions of Russians in the dark about what is really going on with their president's war in Ukraine.
-
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug.
-
The Uncertain Future of IT Automation
While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks.
-
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
The 'TLStorm' vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.
-
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel.
-
Conti Ransomware Group Diaries, Part IV: Cryptocrime
Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies, what it was like on a typical day at the Conti office, and how Conti secured the digital weaponry used in their attacks. This final post on the Conti conversations explores different schemes that Conti pursued to invest in and steal cryptocurrencies.
-
Novel Attack Turns Amazon Devices Against Themselves
Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers.
-
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked.
-
NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware
NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.
first ... 25 26 27 28 29 more {structure:child_listing:channel}