News

Blog  TrustNet is a cybersecurity and compliance industry leader renowned for innovative and robust solutions. We are dedicated to safeguarding digital ecosystems against the evolving threats of today. With an ever-increasing reliance on technology, TrustNet...

Blog  The Education Cybersecurity Summit 2023 took place in New York City on December 8, 2023. This event allowed technology professionals in the government and educational sectors to learn about the latest efforts to defend against cyber threats. This issue...

Blog  The Data Connectors Cybersecurity Conference, which took place in Atlanta on November 30th, 2023, was a significant event for anyone involved in cybersecurity. Held at the Cobb Galleria Centre, this conference allowed attendees to learn about the latest...

Blog  iWave, one of the industry's top-rated fundraising intelligence providers, recently announced their acquisition of Nonprofit Operating System (NonprofitOS), a revolutionary generative AI platform designed by fundraisers for fundraisers. NonprofitOS is...

Online alcohol delivery service company, Drizly and its former CEO are facing a series of sanctions from the Federal Trade Commission (FTC) for violating data privacy rules. The FTC has imposed unprecedented personal liability on the former CEO, which will impact him...

The Department of Defense's bug bounty program, known as Hack the Pentagon, is launching its third iteration. This time, it will focus on the facility control system network. The third iteration of the program, which is known as Hack the Pentagon 3.0, will look into...

Two of the most popular open-source ventures have identified several weaknesses, Google and Apache. The vulnerabilities may be used to access various proprietary information stealthily and provide access to lateral movement in a firm. Moreover, the glitch may be used...

  The AICPA has revised and updated the SOC 2 guidelines. There are no changes to the SOC 2 trust services criteria (commonly referred to as control objectives) however, there are new and revised “points of focus.” At the core, the points of focus provide...

A new sneak attack is hitting the computer systems of corporate workers by redirecting users to fake download sites for popular productivity software, such as Zoom. Researchers at Cyble revealed that the attackers behind the new strain, which is known as Rhadamanthys...

The field of cybersecurity is constantly evolving due to the rapid advancements in technology and the constantly changing threat of cybercrime. To stay informed and be prepared for the future, it is important to understand what experts predict for cybersecurity in...

Artificial intelligence (AI) has become commonplace in many aspects of our lives in recent years. We have seen AI used to automate customer service helplines, improve the accuracy of facial recognition software, and even power...

The Biden Administration is set to release a comprehensive National Cyber Strategy that will work to strengthen the security of our nation's digital infrastructure and protect us from malicious cyber threats. This strategy comes when cybersecurity is more important...

For most Americans, the holidays are full of shopping, festive candlelight dinners, and family gatherings. However, for some consumers, one number on their credit card statement stands out among all those other numbers—the dollar amount from unauthorized charges made...

A security breach has been discovered within the LastPass password manager service. More information to come in the coming weeks. Keep your LastPass account safe by changing your master password and creating a new unique one-time recovery key. The LastPass team is...

Twilio and Cloudfare employees have seen targeted attacks against them in a much larger phishing campaign. The phishing campaign has successfully compromised 9,931 accounts across 130 different organizations. The campaign focused on the abuse of identity and access...

An ongoing supply chain attack has seen the spread of the W4SP Stealer virus. So far, the malicious Python packages have infected over 100 persons. In a technical write-up, Checkmarx researcher Josef Harush echoes that the threat actor is still active and sending out...

Both large and medium-sized organizations need help to offset increasing data losses and a steep increase in downtime. As if this was not enough, organizations must also be content with high recovery costs after a cyber-attack. A cyberattack costs an organization...

Sullivan was arrested and charged with two felonies: obstruction of justice and misprision. During his tenure as Chief Security Officer (CSO) at Uber (April 2015–November 2017), the firm suffered a data breach in which over 50 million customers and drivers' personal...

Microsoft's Mark of the Web (MOTW) is a security feature that prevents malicious files and attachments from being downloaded or opened. However, two independent vulnerabilities exist in various versions of Windows that allow attackers to bypass this protection. Will...

Venafi, a company that makes artificial ID solutions, recently conducted a study to learn more about the effects of cloud complexities on cybersecurity. According to a poll conducted by Venafi among 1,101 security decision-makers (SDMs) at enterprises with over 1,000...

According to the security firm, a threat actor headquartered in China utilized tainted vSphere Installation Bundles to plant multiple backdoors in targeted computers. VMware published urgent new mitigation measures and advice for customers of its vSphere virtualized...

Phishers keep an eye on the news and use this knowledge to their advantage, as evidenced by the Capital One lures, which took advantage of the bank's recently formed collaboration with Authentify. Capital One's recent cooperation with Authentify has been used in a...

Blog  Enhancing the security of the software supply chain is just as important as ensuring that physical goods and components can move smoothly from the origin to the endpoint to reach their destinations successfully. To that end, three federal agencies, the...

The Oklahoma Student Loan Authority (OSLA) and EdFinancial recently announced that over 2.5 million loanees were the victims of a severe data breach that has compromised their personal information. The target of the attack was a Lincoln, Nebraska-based web portal and...

Flaws in the authentication process mean compromised security for businesses that contract with major cloud providers for services, data storage, and protection. One of the most significant weaknesses in their armor occurs when customers are allowed to enter usernames...

Browsers restrict webpages from accessing various forms of user data, and the user retains their right to share information with a website. However, a recent discovery reveals that Google Chrome has a security flaw that allows websites to change data contained in the...

Two of the most popular open-source ventures have identified several weaknesses, Google and Apache. The vulnerabilities may be used to access various proprietary information stealthily and provide access to lateral movement in a firm. Moreover, the glitch may be used...

Cyberspace has enjoyed relative peace over the past few years due to a significant decline in ransomware attacks. This tranquility may be attributed to the combined efforts of several international intelligence agencies and various tech companies to eradicate...

Hackers use a zero-day vulnerability in Zimbra to inject a malicious payload onto vulnerable webmail servers using the PGP decryption exploit they ported during a recent Black Hat 2022 conference. To take control of the victim's email account, the hacker would first...

A Zeus variant that first surfaced in August 2016 called Zeppelin has resurfaced and is now being used to compromise Web servers to distribute its payload. The threat researchers at Forcepoint Security Labs said they first started seeing new Zeppelin malware samples...

Organizers of DEF CON, the world's largest hacker conference, have announced a date for its 20th anniversary in Las Vegas. The event took place from August 7 to August 10, just after Black Hat USA in a move organizers say will allow both events to grow and be...

North Korea's state-sponsored ransomware operators have launched a campaign targeting healthcare organizations in the United States. This is according to an advisory issued by the Federal Bureau of Investigations (FBI) and the Infrastructure Security Agency (CISA)....

The Cisco Talos Threat Analytic and Research Unit has picked up several threats and vulnerabilities in the popularly used industrial cellular gateway IoT. The affected device, called the R1510, was created by a Chinese company called Robustel. The product is designed...

Blog  Users and administrators should update to a new version of Chrome released by Google last week to address seven flaws in the browser, according to the US Cybersecurity and Infrastructure Agency (CISA). Google published an advisory on January 6, 2019....

Last Thursday, at RSA Conference in San Francisco, the researchers from Wiz.io unveiled an open-source cloud middleware database on GitHub that details the particular middleware agents that Amazon Web Services (AWS), Google, and Microsoft put on their cloud customers'...

Blog  SAN FRANCISCO (BUSINESSWIRE) JUNE 6, 2022 – TrustNet is proud to announce we have won the following award from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine: “Editor’s Choice in Managed Security Service...

As the use of biometric data becomes more widespread, it is important to consider the potential risks associated with its use. While biometric data can provide increased security, there are a number of factors that should be considered when using this type of data....

Although ChromeLoader may appear to be a run-of-the-mill browser hijacker that merely reroutes users to advertising sites, its use of PowerShell might represent a greater danger by allowing for further and more sophisticated malicious activity such as the spread of...

Worried about fraud, employers are shifting to authentication technologies that are both secure and user-friendly. But there's a catch. Adversaries are actively exploiting a readily exploitable vulnerability in the Microsoft Support Diagnostic Tool (MSDT) in Windows,...

Zyxel firewalls are currently (as of May 2022) under a cyberattack after a critical security flaw was disclosed last week, allowing unauthenticated, remote arbitrary code execution. The flaw, CVE-2020-9054, exists in the XML parser of Zyxel's network-attached storage...

Microsoft has discovered a new variant of the Sysrv botnet that includes a recent Spring Cloud Gateway vulnerability in its arsenal. Since at least late 2020, the Sysrv botnet has been active, attempting to exploit known security flaws in access interfaces in order to...

NVIDIA, famous for designing graphics processing units and integrated circuits, recently became the latest victim of a serious cyberattack. Officials confirm that the incident occurred on February 23, 2022, resulting in the online leaking of employee credentials. "We...

Leading research and marketing firm CyberEdge Group, which serves companies in the cybersecurity industry, just published its ninth Cyberthreat Defense Report (CDR). This report acts as the standard for gauging organizations’ security postures, documenting the...

Cybersecurity concerns have gained even greater significance in the recent Russia-backed SolarWinds sabotage and the Ukrainian war. In response, the US House and Senate will soon pass the Cyber Incident Reporting for Critical Infrastructure Act of 2022.  Shortly after...

Recent security vulnerabilities in popular software package managers are raising concerns among digital safety experts. When these flaws compromise machines, it may be possible for hackers to get their hands on sensitive information, including source code and access...

Although mobile devices are portable, powerful, and convenient, their use in employees' jobs is coming at a price. The very features that make them compelling also render them especially vulnerable to hacking. Data shows that nearly one-third of zero-day attacks now...

When cybercriminals target sensitive data or charge companies or agencies a ransom to retrieve their encrypted information, the consequences can be dire. In response, Congress has passed a bill that will require that entities who deal with critical US security-related...

According to security experts, a popular WordPress plugin contains a bug that could compromise user data and even hijack vulnerable websites. The solution is to update as soon as possible. The plugin, UpDraftPlus, is commonly used to back up users' data. As a result,...

The adoption of cloud-based services continues to accelerate. In fact, 97 percent of those surveyed in recent Confluera research indicated that their organizations expect to expand their cloud deployments. To that end, many are enhancing the scope and extent of their...

Thanks to intense media focus on the issue, the end-users of digital products should be much more aware of the dangers of data breaches. Nevertheless, every indication is that cyber attacks such as phishing schemes continue to increase in severity. In fact, a...

Security experts are driving our attention to the Log4Shell vulnerability in Java again. It has been around for several months. Although this new vulnerability known as CVE-2021-42392 has not yet been published in the National Vulnerability Database (NVD), experts are...

Your information security vigilance can never be allowed to flag. Recently, the Federal Trade Commission underscored the importance of that point about the newly discovered Log4 Shell vulnerability. Companies that fail to take preemptive action by installing a patch...

Along with the good cheer and gifts that are hallmarks of the holiday season comes a much less welcome phenomenon: phishing attacks. The vast majority, well over 90 percent, are conducted through a company’s email system. During that high-traffic time between...

On the surface, ransomware attacks seem sophisticated and complex. Seemingly out of nowhere, criminals gain access to a company's or institution's data or systems, locking the rightful owners out unless and until they pay a hefty price. Due to their random and...

In roughly the 5th century BC, the Chinese strategist Sun Tzu wrote a treatise that has long been one of the most famous military classics in the entire world. Its themes have profoundly affected not only Asian warfare but also have expanded to influence legal...

Just when it seemed like the furor around the supply attack on SolarWinds by a Russian-affiliated threat actor, Dark Halo had died down, sobering new allegations came to the fore. Researchers at Kaspersky revealed that they believe there to be a new backdoor (named...

WatchGuard Technologies' latest quarterly Internet Security Report laid out the most pressing security trends and malware threats impacting the digital universe. The document also specified the cutting-edge endpoint intelligence strategies that have been developed to...

The headlines continue to buzz with news about ransomware attacks launched against educational institutions, hospitals, corporations, and banks. A recent TrendMicro report confirms that these third-party malware attacks remain prevalent. They happen when...

In December of 2020, after much fanfare, the CD Project Group launched Cyberpunk 2077. However, contrary to the hype, the game was riddled with bugs and soon earned a cascade of blistering customer feedback. Two months later, hackers capitalized on the game's bugs,...

The post-pandemic “new Normal” impacts all aspects of our lives, including the job site. Even when COVID was at its peak, collaboration among staff members scattered across the country and around the world happened thanks to adaptations in organizational technology...

Georgia-based fertility clinic Reproductive Biology Associates is one of the latest victims of the recent rash of ransomware attacks plaguing our country. Data from an estimated 38,000 victims were compromised as a result of this breach. Reproductive Biology...

Google Docs can provide your organization with excellent tools to promote real-time collaboration among team members at different locations. However, this cloud-based service can also be used by criminals to breach company's security protocols. As is often the case,...