433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (727) 493-2351

Major News Events

When a major news event happens, cyber criminals will take advantage of the incident and send phishing emails with a subject line related to the event. These phishing emails often include a link to malicious websites, an infected attachment or are a scam designed to trick you out of your money.
http://news.poseidon-us.com/SBfY78

Video: Phishing ZIP With Malformed Filename, (Sun, Oct 31st)

This is a video for my diary entry “Phishing ZIP With Malformed Filename”, where I show how to use my zipdump.py tool to visualize the special characters inside malformed filenames.
http://news.poseidon-us.com/SBdRdn

Week in review: Popular npm package hijacked, zero trust security key tenets, wildcard certificate risks

Here’s an overview of some of last week’s most interesting news, articles and interviews: Apple fixes security feature bypass in macOS (CVE-2021-30892) Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection (SIP) bypass in macOS, and CVE-2021-30883, an iOS flaw that’s actively exploited by attackers. SolarWinds hackers are going after cloud, managed and IT service providers Nobelium, the … More → The post Week in review: Popular npm package hijacked, zero trust security key tenets, wildcard certificate risks appeared first on Help Net Security.
http://news.poseidon-us.com/SBcp3P

Week in review: Popular npm package hijacked, zero trust security key tenets, wildcard certificate risks

Here’s an overview of some of last week’s most interesting news, articles and interviews: Apple fixes security feature bypass in macOS (CVE-2021-30892) Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection (SIP) bypass in macOS, and CVE-2021-30883, an iOS flaw that’s actively exploited by attackers. SolarWinds hackers are going after cloud, managed and IT service providers Nobelium, the … More → The post Week in review: Popular npm package hijacked, zero trust security key tenets, wildcard certificate risks appeared first on Help Net Security.
http://news.poseidon-us.com/SBcp3P

ITOCHU invests $31.5M in SilverSky to improve the cybersecurity programs of its subsidiary companies

SilverSky announced that ITOCHU International, Inc., the North American company of Tokyo-based ITOCHU Corporation, has signed an agreement to invest $31.5 million in SilverSky. Significantly bolstering SilverSky’s ability to scale its operations worldwide, the ITOCHU investment broadens the company’s access to the Japanese market as well as all of APAC. Additionally, ITOCHU is set to leverage SilverSky’s service capabilities to improve the cybersecurity programs of its around 290 subsidiary companies around the globe. Founded in … More → The post ITOCHU invests $31.5M in SilverSky to improve the cybersecurity programs of its subsidiary companies appeared first on Help Net Security.
http://news.poseidon-us.com/SBc1rQ

Remote Desktop Protocol (RDP) Discovery, (Sat, Oct 30th)

I have noticed a surge in probe against the RDP service in the past 2 weeks. In August, a remote code execution (RCE) critical patch was released to fix an exploit related to CVE-2021-34535 which include a POC to exploit this vulnerability. This vulnerability is also affecting Microsoft Hyper-V Manager “Enhanced Session Mode” [5] and Microsoft Defender&#x27s Application Guard (WDAG) [6].
http://news.poseidon-us.com/SBbTmX