EC-Council Announces Free Phishing-Protection Solution Amid The COVID-19 Outbreak

OhPhish Helps Remote Workers and Businesses Fight Phishing Attacks – From the Editors at Cybercrime Magazine ALBUQUERQUE, N.M., March 23, 2020 /ECCouncil.org/ As the novel coronavirus (COVID-19) pandemic progresses across the world, cybercriminals are taking advantage of the situation resulting in a spike of phishing scams on remote workforce and corporate systems. While working from…

Emotet Malware Rears Its Ugly Head Again

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2020-9327PUBLISHED: 2020-02-21 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. CVE-2020-9329PUBLISHED: 2020-02-21 Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. CVE-2020-7907PUBLISHED: 2020-02-21 In the JetBrains Scala plugin before…

OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution

By Alexander Elkholy (Threats Analyst) A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems. What is the vulnerability about? Discovered by Qualys…

What’s The Difference Between An Incident And An Actual Loss Of Protected Data?

Information loss leads to devastating financial repercussions and brand reputation – Robert Johnson, III, President & CEO at Cimcor, Inc Chicago, Ill. – Feb. 20, 2020 Inadequate and ineffective technologies are often the culprit behind the failure of compliance mandates and initiatives for many organizations. Vulnerabilities can be a challenge for organizations to manage but…

Heading to RSA: NSA Brings Innovative Ideas to Cybersecurity Industry

FORT MEADE, Md., Feb. 12, 2020 — The breadth of talent and expertise across the private industry offers vast potential for collaboration. The RSA Conference — an annual security gathering hosting educational, professional, networking, and awards programs — offers one of the largest opportunities for NSA to bolster partnerships and continue to build understanding of…

Managed Defense: The Analytical Mindset

When it comes to cyber security (managed services or otherwise), you’re ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an analyst’s trained eyes and investigative process are the deciding…