Search results for: software


Researchers uncover ZuoRAT malware targeting home-office routers

Black Lotus Labs discovered a new remote access trojan (RAT) called ZuoRAT, which targets remote workers via their small office/home office (SOHO) devices, including models from ASUS, Cisco, DrayTek and NETGEAR. Overview of campaign elements ZuoRAT is part of a complex campaign that went undetected for nearly two years. The tactics, techniques and procedures (TTPs) that analysts observed bear the markings of what is likely a nation-state threat actor. The campaign included ZuoRAT – a … More


VMware vSphere+ and vSAN+ provide centralized cloud-based infrastructure management

VMware unveiled VMware vSphere+ and VMware vSAN+ to help organizations bring the benefits of the cloud to their existing on-premises infrastructure with no disruption to their workloads or hosts. These new offerings will help customers enhance their infrastructure by providing centralized cloud-based infrastructure management, integrated Kubernetes, access to new hybrid cloud services, and a flexible subscription model. “VMware vSphere+ and VMware vSAN+ represent the next major evolution of those foundational solutions that customers know and … More


Peer Software partners with Pulsar Security to help enterprise customers combat ransomware attacks

Peer Software announced the formation of a strategic alliance with Pulsar Security. Through the alliance, Peer Software will leverage Pulsar Security’s team of cyber security experts to continuously monitor and analyze emerging and evolving ransomware and malware attack patterns on unstructured data. PeerGFS, an enterprise-class software solution that eases the deployment of a modern distributed file system across multi-site, on-premises and cloud storage, will utilize these attack patterns to enable an additional layer of cyber … More


Trends to watch when creating security strategy for the next two years

Executive performance evaluations will be increasingly linked to ability to manage cyber risk; almost one-third of nations will regulate ransomware response within the next three years; and security platform consolidation will help organizations thrive in hostile environments, according to the top cybersecurity predictions revealed by Gartner. In the opening keynote at the Gartner Security & Risk Management Summit in Sydney, Richard Addiscott, Senior Director Analyst and Rob McMillan, Managing VP at Gartner discussed the top … More


Hexagon appoints Paolo Guglielmini as CEO

Hexagon AB announced that Paolo Guglielmini will succeed Ola Rollén as President and CEO of Hexagon AB, effective 31 December 2022. Gun Nilsson has decided to step down as CEO for Hexagon’s principal shareholder MSAB on 1 October and consequently leave her position as Chairman of Hexagon AB at the Annual General Meeting (AGM) 2023. MSAB, in consultation with Hexagon’s nomination committee, has the intention to propose Ola Rollén as new Chairman of the Board … More

Dawn Cappelli

OT security: Helping under-resourced critical infrastructure organizations

In this Help Net Security interview, Dawn Cappelli, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles that prevent them improving their cybersecurity posture, and explains how the recently set up OT-CERT she’s heading can help asset owners and operators of industrial infrastructure. [The answers have been lightly edited for clarity] Supply chain risks are compounded … More


Clearview fine: The unacceptable face of modern surveillance

The UK’s Information Commissioner’s Office (ICO) has issued its third largest ever fine of £7.5m. It was imposed on Clearview AI, the controversial facial recognition company that has already been on the wrong end of similar decisions from regulators in Italy, France and Australia. Clearview collected more than 20 billion images of people’s faces from Facebook and other social media platforms. It then sold access to those to private companies and institutions such as police … More

week in review

Week in review: Log4Shell exploitation, DevSecOps myths, 56 vulnerabilities impacting OT devices

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: QNAP NAS devices hit by DeadBolt and ech0raix ransomware Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage (NAS) appliances of a new DeadBolt ransomware campaign. Fake voicemail notifications are after Office365, Outlook credentials A phishing campaign using fake voicemail notifications has been and is still targeting various US-based organizations, in an attempt to grab employees’ Office365 … More


Cyware completes SOC 2 Type 2 Compliance for data security

Cyware announces the successful completion of the System and Organization Controls (SOC) 2 Type 2 Audit for the trust services criteria relevant to Security (“applicable trust services criteria”) set forth in TSP section 100, Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria). The achievement highlights the company’s commitment to the highest levels of data security. SOC 2 is a reporting framework created by the American Institute of Certified … More


IOTech Edge XRT 2.0 simplifies the development of time-critical OT applications

IOTech released Edge XRT 2.0, an open software platform designed for time-critical and embedded OT applications at the industrial IoT edge. Edge XRT 2.0 greatly simplifies the development of OT applications and enables faster time-to-market for new edge systems. It is hardware agnostic, independent of the silicon provider (Intel or ARM) and operating system. Users have complete deployment flexibility. They can deploy it as a native application, containerized and/or into a virtualized environment. With its … More


Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns

If your organization is running VMware Horizon and Unified Access Gateway servers and you haven’t implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability (CVE-2021-44228) in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency (CISA) has advised on Thursday. The agency accompanied the warning with detailed technical information and indicators of compromised related to two separate incident response engagements they and the United States Coast Guard … More


SolarWinds Next-Generation Build System improves enterprise software security

SolarWinds unveils its new Next-Generation Build System, a transformational model for software development. The new software build process is a key component of the company’s Secure by Design initiative to make SolarWinds a model for enterprise software security. The software development and build process improvements were made in an accelerated timeline over the past year in response to the highly sophisticated SUNBURST cyberattack, which targeted SolarWinds and other technology companies. The Next-Generation Build System includes … More