Hacking Group Observed Installing Weave Scope Tool to Gain Visibility and Control of Business Cloud Environments
The threat detection and response firm Intezer has observed a hacking group using the Weave Scope visualization and monitoring tool to gain visibility into and take control of compromised Docker and Kubernetes cloud environments. The hacking group, referred to as TeamTNT by Intezer, is known to target Docker and Kubernetes systems and has been observed using a credential-stealing worm to discover and exfiltrate AWS login credentials....
Almost a Quarter UK Corporate-Owned Computers and Smartphones Have No Antivirus Software Installed
A worrying percentage of businesses are not adequately protecting the devices they issue to their employees, according to new research commissioned by Kaspersky. Kaspersky commissioned Arlington Research to conduct interviews with 2,000 UK adult consumers in June 2020 to gain a better understanding of the state of cybersecurity at UK businesses. 32% of respondents said they had been provided with a desktop computer by their employer,...
Adobe Patches 12 Critical Flaws in Experience Manager, InDesign, and Framemaker
Adobe has released patches to correct 18 flaws on September 2020 Patch Tuesday. The flaws exist in Adobe Experience Manager, Adobe InDesign, and Adobe Framemaker. 12 of the vulnerabilities have been rated critical, with the rest rated important. 5 patches have been released to correct critical cross-site scripting vulnerabilities in Adobe Experience Manager (CVE-2020-9732, CVE-2020-9734, CVE-2020-9740, CVE-2020-9741, and...
September 2020 Patch Tuesday: Microsoft Fixes 129 Vulnerabilities; 20 Critical
Microsoft has issued patches to correct 129 vulnerabilities on September 2020 Patch Tuesday, 32 of which are remote code execution vulnerabilities and 20 have been rated critical. The vulnerabilities are spread across 15 products. While there is a large number of critical vulnerabilities in this month’s round of updates, none of the vulnerabilities are currently being exploited in the wild, although exploits for some of the flaws are...
Losses to BEC Attacks Increased by 48% in Q2, 2020
New data released by Agari show there has been a significant increase in losses to business email compromise attacks in Q2, 2020, increasing by 48% from the previous quarter. Business email compromise (BEC) is a form of email fraud in which an attacker compromises an email account of an organization and uses that account to commit fraud against the organization or business contacts. Typically, these attacks aim to fraudulently obtain...