Trilight Security - a Top Staff Augmentation Company in 2023

Trilight Security is thrilled to announce that TrueFirms has recognised us a top Staff Augmentation Company in 2023. Years of efforts and excellence in providing top cybersecurity and IT talents to hi-tech companies in the EU, the U.S., and other regions of the world have led to this new recognition of Trilight Security by the industry community. 

TrueFirms is a online platform that helps connect businesses to a trusted and verified service provider. Through data-driven recommendations, and artificial intelligence, TrueFirms allows to quickly find the supplier that best suits the needs of any kind.

Trilight Security, among other services, specialises in providing different types of cybersecurity, IT infrastructure, and software development professionals to companies wishing to augment their internal teams, or struggling with service delivery to their end clients.

Send your personnel requests to [email protected] and we will definitely help you!


Webinar 16.06.22: Sophos Adaptive Cybersecurity Ecosystem

REGISTRATION

Trilight Security and Hermitage Solutions invite you to take part in an online event, devoted to Adaptive Cybersecurity Ecosystem (ACE) of Sophos, in particular, its endpoint protection component, Sophos Intercept X.

Agenda:

  1. Sophos company introduction.
  2. Adaptive Cybersecurity Ecosystem (ACE), a quick Sophos portfolio overview, "Cyber Kill Chain".
  3. Sophos Intercept X (CIXA endpoint protection). Different protection levels explained.

Speaker:

Mindaugas Kadunas, Sophos Presales Engineer at Hermitage Solutions.

Date:

16.06.2022, 12:00 CET, duration 45 minutes.

Registration:

To register for the event respond to this message with your contact details in signature, of follow this link to learn more about the event and fill a small registration form.

About Trilight Security

Trilight Security OÜ is a cybersecurity services provider offering reliable and affordable managed security services, managed detection & response, and SOCaas services to customers across Europe. More information can be found on our website.

About Hermitage Solutions

Hermitage Solutions is a leading value-added distributor of cybersecurity and innovative infrastructure solutions in the Baltic states that provide IT security products and services for enterprises and SMB in various industries. More information can be found at our website.

REGISTRATION


Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

The Hacker News reports on new attacks by hackers on bank ATM-machines.

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards.

Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, with some of the group's tactics, techniques, and procedures sharing overlaps with that of another cluster dubbed UNC1945.

Read further on the Hacker News


U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

A very comprehensive list of free cybersecurity tools recommended by U.S. Cybersecurity Agency you may find in the news published by the Hacker News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture.

The "Free Cybersecurity Services and Tools" resource hub comprises a mix of 101 services provided by CISA, open-source utilities, and other implements offered by private and public sector organizations across the cybersecurity community.

Read further on the Hacker News


Critical Flaws Discovered in Cisco Small Business RV Series Routers

The Hacker News reported on serious flaws found in budget Cisco routes.

Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs.

Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers.

Read further in The Hacker News


QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices

The Hacker News reported on new type of Ransomware.

"DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to immediately update QTS to the latest available version."

A query on IoT search engine Censys shows that at least 3,687 devices have been encrypted by the DeadBolt ransomware so far, with most NAS devices located in the U.S., Taiwan, France, Italy, the U.K., Hong Kong, Germany, the Netherlands, Poland, and South Korea.

Read more on The Hacker News


Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

The Hacker News reported on important patch released by Cisco.

Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system.

Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request.

Read further on The Hacker News


Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware

The Hacker News describes he way how the Microsoft flaw is being utilized by hackers.

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines.

"The stealer is a PowerShell script, short with powerful collection capabilities in only ~150 lines, it provides the adversary a lot of critical information including screen captures, Telegram files, document collection, and extensive data about the victim's environment," SafeBreach Labs researcher Tomer Bar said in a report published Wednesday.

Read more on The Hacker News


Navigating The Threat Landscape 2021: From Ransomware to Botnets

The Hacker News studies Global Threat Landscape Report which indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021.

When new threats emerge, attackers take advantage of them, however, most businesses are only aware of the current threats. Organizations struggle to address these threats due to their resource sophistication and their lack of understanding of evolving threat landscapes. For these reasons, organizations need visibility on the advanced threats especially targeting their infrastructure. This article will outline the evolution in the cyber threat landscape 2021.

Read further on The Hacker News


Penetration Testing Your AWS Environment: A CTO's Guide

The Hacker News explains how AWS environment should assessed from the point of view of cybersecurity.

There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible. Broadly, the key focus areas for most penetration testing projects involving AWS:

  • Your externally accessible cloud infrastructure
  • Any application(s) you're building or hosting
  • Your internal cloud infrastructure
  • Your AWS configuration itself
  • Secrets management

Read further on The Hacker News