How to Become FedRAMP Authorized: A Step-by-Step Guide for Cloud Service Providers Achieving FedRAMP (Federal Risk and Authorization Management Program) authorization is a significant milestone for any cloud service provider (CSP) aspiring to work with U.S. federal agencies. This authorization not only opens doors to lucrative government contracts but also signals a CSP’s commitment to […]
FedRAMP ComplianceFedRAMP Compliance FAQs: Navigating the Path to Secure Cloud Usage in U.S. Government In the realm of U.S. federal information technology, FedRAMP (Federal Risk and Authorization Management Program) stands as a pivotal framework. Its importance in ensuring secure cloud solutions for government agencies cannot be overstated. As such, it’s natural for cloud service providers (CSPs), […]
FedRAMP Compliance
A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. “PikaBot’s operators ran phishing campaigns, targeting victims via its two components — a loader and a core module — which enabled unauthorized remote access and allowed the execution of arbitrary commands through an […]
Cyber News
Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. “The analyzed threat campaign appears to end in one of two ways, either the selling of ‘access’ to the compromised host, or the […]
Cyber News
This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN: The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication. […]
Cyber News
Clients of a pregnancy care clinic in Ontario have had their personal information exposed to hackers. I’m sure I don’t need to tell anyone who has made use of the services of a midwife, that a lot can happen in nine months… Read more in my article on the Hot for Security blog.
Cyber News
Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork that helps create stronger campaigns and projects by encouraging collaboration among employees […]
Cyber News
A security flaw has been disclosed in Kyocera’s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. “This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to capture or relay Active Directory hashed credentials if the ‘Restrict […]
Cyber News
Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. “These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly,” Fortinet […]
Cyber News