Entries by govanguard

United States: Biden Administration Supply Chain Reports Deeper Dive #3: White House 100-Day Review of Semiconductor and Advanced Packaging Supply Chain Recommends Strengthening Export Control

On June 8, 2021, the White House published a set of reports on the 100-day interagency reviews (“Reports”) conducted pursuant to Executive Order 14017 (“Supply Chain EO”), which assessed supply chain risks and vulnerabilities for several supply chains, including those relating to semiconductor manufacturing and advanced packaging, and made policy recommendations to address those risks. The Reports […]

Source

Reboot of PunkSpider Tool at DEF CON Stirs Debate

Researchers will release a reboot of a controversial tool that crawls the web to identify back-end vulnerabilities in websites in the hopes that companies will quickly fix them and reduce security risks. However, experts have mixed feelings about the tool called PunkSpider, created by the analytics firm QOMPLX. They fear the tool could be hijacked […]

Source

Podcast: Why Securing Active Directory Is a Nightmare

This week, Microsoft rushed out a fix for a Windows NT LAN Manager exploit dubbed “PetitPotam” that forces remote Windows systems to reveal password hashes that can be easily cracked. The frenzy begs the question: Why is securing Microsoft Active Directory (AD) such a nightmare? When security researcher Gilles Lionel first identified the bug last […]

Source

Multijurisdictional: 2021 Virtual Global Trade Conference

Welcome to our Virtual Global Trade Conference, a virtual offering for all our clients and friends worldwide. Baker McKenzie’s international trade compliance lawyers from around the world discussed the major developments impacting international trade, in nine one-hour sessions which took place from 13 to 15 July 2021. Session 1: Overview & Trade Policy Landscape Speakers: John […]

Source

No More Ransom Saves Victims Nearly €1 Over 5 Years

To date, the No More Ransom repository of ransomware decryptors has helped more than 6 million victims recover their files, keeping nearly a billion euros out of the hands of cybercriminals, according to a Monday release. Launched five years ago, No More Ransom is maintained via cooperation between the European Cybercrime Centre and several cybersecurity […]

Source

Your Healthcare Third-Party Risk Management Program May Be Overdue for a Check-Up

By Michael Parisi, Vice President, Business Development & Adoption, HITRUST Breaches, ransomware, and other cybersecurity attacks are often introduced through third-party vulnerabilities. Underscoring this high degree of risk, the Ponemon Institute reports, “Over half of organizations have experienced a data breach caused by third parties that led to the misuse of sensitive or confidential information.” […]

Source

Zimbra Server Bugs Could Lead to Email Plundering

Zimbra webmail server has two flaws that could let an attacker paw through the inbox and outbox of all the employees in all the enterprises that use the immensely popular collaboration tool, researchers say. In a Tuesday writeup, SonarSource called it a “drastic” situation, given Zimbra’s popularity and the highly sensitive nature of the scads […]

Source

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution (RCE) and authenticated privilege escalation on the client-side. The Dutch Institute for Vulnerability Disclosure (DIVD) on Monday issued a public advisory warning that the service and clients should be kept off the internet until there’s a patch. Kaseya Unitrends is […]

Source