Operation Pawn Storm | Breaking Cybersecurity News | The Hacker News

Two days ago, The Hacker News (THN) reported about the Zero-day vulnerability in the freshly patched Adobe Flash Player . The vulnerability was exploited in the wild by a well-known group of Russian hackers, named " Pawn Storm ," to target several foreign affairs ministries worldwide. The zero-day flaw allowed hackers to have complete control of the users' machine, potentially putting all the Flash Player users at a potentially high risk. Since then, there was no patch available to make flawed utility safe. However, Adobe has now patched the zero-day vulnerability, along with some critical vulnerabilities whose details are yet to be disclosed. Yesterday, the company published a post on their official security bulletin ( APSB15-27 ) detailing the risks associated with the zero-day and how a user can get rid of them. The critical vulnerabilities are assigned following CVE numbers: CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 Also, Adobe is kn

Really a bad weekend for Internet users. Three previously unknown critical zero-day vulnerabilities were revealed in Adobe's Flash Player over the weekend, thanks to Hacking team data Breach in which 400GB of internal data were leaked over the Internet. Now, a new zero-day vulnerability has been reported in Oracle's Java that is reportedly being exploited in the wild by hackers to target government armed forces. Cybercriminals are actively exploiting the Java-based zero-day flaw in an attempt to target U.S. defense agencies and members of NATO, Trend Micro security researchers warned in a blog post published Sunday. According to researchers, the vulnerability affects only the latest version of Java, version 1.8.0.45. Though the older Java versions, Java 1.6 and 1.7 are not at all affected by this zero-day exploit. So far, there isn't many details disclosed about the Java zero-day bug, considering a patch is yet to be released by Oracle. Although hackers are exploi

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.