📊 2023 OpenText Cybersecurity Threat Report
Everything you need to know about being a community member.
Experts share their insights on cyber threats and evolving security risks
Archive for all of our Threat Reports
A place for all things Cryptocurrency
This program enables approved testers to preview builds before official release
Library of monthly updates for Webroot and Carbonite
So many issues! Buttons in the desktop dashboard panel stops working randomly, namely the 'Learn more', 'Get started ' and also the button that allows you to submit a suspicious URL for analysis. And the mobile app is even worse because it just zaps out the batter life of the device. I'm using the latest version of the mobile app and my phone is Pixel 4a (4g) It takes forever to connect with someone when you can their support number plus since I am outside of the USA, it's very costly too.
A few months back ,bought my first laptop (A U530 Lenovo from best buy). Came with 1 year of WEBROOT. SHORT HISTORY....This is my second computer--- First was a DELL DESKTOP/year 2000..... Loved that DELL, in it's day, was Considered a serious set up. This new laptop.....makes that DELL look like a 10 dollar calculator! lol 13 years with that DELL.....dealt with NORTON, MACEFFEE,AVAST AVG---ANTI-VIRUS PROGRMS.... Now I got this new laptop, and betting WEBROOT BLOWS AWAY the previously listed anti-virus programs. When I open Webroot, I see the way to change options, I can click on a SCAN NOW........ But , THE QUESTION.... HOW DO I UPDATE(not set update times,but UPDATE with a click?) HOW DO I SEE THAT The computer ever UPDATED? After owning this laptop for months,no Idea if WEBROOT ever updated........Prolly did,,but no idea how to tell? AVAST and AVG always gave the option to "UPDATE NOW"
September 20, 2023 By Caitlin Rawling Nearly 200,000 Pizza Hut Australia customers have had their data leaked, following a cyber attack earlier this month.On Wednesday, a spokesperson for Pizza Hut Australia told ABC it became aware of the cyber incident in early September, where an unauthorised third party accessed some of the company's data.According to DataBreaches.net, hacking group ShinyHunters are allegedly the group behind the hack.The spokesperson said the data is limited to the Australian market and does not impact Pizza Hut's operations in any other country. >> Full Article <<
TransUnion denies suffering a breach after a hacker publishes 3GB of data allegedly stolen from the credit reporting firm. September 21, 2023 By Ionut Arghire Credit reporting firm TransUnion this week denied being breached, after a hacker published online 3Gb of information allegedly stolen from the company’s systems.TransUnion’s announcement comes two days after a threat actor using the moniker ‘USDoD’ published on a cybercrime forum a database allegedly containing the information of roughly 58,000 individuals.The leaked personally identifiable information included name, sex, date and place of birth, age, employer, passport data, financial transaction details, credit score, and more. >> Full Article <<
Researchers Say Breach Illustrates Why Schools Are Major Targets for Cybercriminals September 21, 2023 By Marianne Kolbasuk McGee An Ohio community college is notifying 290,000 people of a data theft breach this spring that may have compromised their personal, financial and health information.In a breach notification Wednesday, Lakeland Community College did not provide any details on the attack, which occurred between March 7 and March 31, but the Vice Society ransomware group earlier this year had listed the college on its data leak website."This particular ransomware operation seemed to focus on the education sector - presumably because they found it to be a lucrative niche," said Brett Callow, a threat analyst at security firm Emsisoft. >> Full Article <<
September 21, 2023 By Sead Fadilpašić Hackers are targeting large corporations with ValleyRAT (Image credit: Shutterstock) A new malware strain called ValleyRAT is being deployed among large organizations around the world, researchers have warned.Cybersecurity experts from Proofpoint published a report alleging that Chinese businesses on the mainland, but also other firms elsewhere, are being targeted by multiple new malware strains, possibly used by more than one new threat actor.Among those is a new tool called ValleyRAT: “The campaigns distributing this malware were conducted in Chinese, and, following the trend of other Chinese malware campaigns, the majority used invoice themes related to various Chinese businesses,” the researchers said, stating that they saw multiple campaigns distributing this particular malware. >> Full Article <<
Cisco will boost its cybersecurity capabilities by shelling out $28 billion to buy Splunk, which Cisco says will drive the next generation of AI-enabled security and observability. September 21, 2023 By Eduard Kovacs Cisco on Thursday announced that it has entered into a definitive agreement to acquire data analysis, security and observability solutions provider Splunk (NASDAQ: SPLK) in a deal valued at $28 billion. The networking giant is prepared to pay $157 per share in cash for Splunk, with the acquisition expected to close by the end of the third quarter calendar year 2024. Cisco said the deal will help accelerate revenue growth and gross margin expansion.Following the acquisition, Splunk President and CEO Gary Steele will join Cisco’s executive team and will report to Cisco CEO and Chair Chuck Robbins. >> Full Article <<
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics. September 21, 2023 By Nate Nelson A initial access broker (IAB) is still running rampant despite being tracked for seven years by researchers, and despite striking up a predictable tune when it comes to the tools and tactics used to compromise organizations (and pave the way for follow-on ransomware attacks).Between July 2020 and July 2022, Secureworks identified five separate intrusions by the group it tracks as "Gold Melody" (aka UNC961 to Mandiant, and Prophet Spider to CrowdStrike). Each of the attacks was snuffed out early, thanks in part to the group's extensive yet predictable tactics, techniques, and procedures (TTPs), researchers have noted.Yet to Rafe Pilling, director of threat research for Secureworks' Counter Threat Unit, "the thing that stood out is they
September 21, 2023 By Pierluigi Paganini Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that could’ve enabled attackers to access its databases.Exail, a French high-tech industrial group, left exposed a publicly accessible environment (.env) file with database credentials, the Cybernews research team has discovered.The company, formed in 2022 after ECA Group and iXblue merged, specializes in robotics, maritime, navigation, aerospace, and photonics technologies, making it a particularly juicy target for attackers.The company fixed the issue after being contacted by our research team. We reached out to Exail for further comment but did not receive a response before publishing. >> Full Article <<
September 21, 2023 By Bill Toulas A previously unknown threat actor dubbed 'Sandman' targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named 'LuaDream.'This malicious activity was discovered by SentinelLabs in collaboration with QGroup GmbH in August 2023, who named the threat actor and malware after the backdoor's internal name of 'DreamLand client.'The operational style of Sandman is to keep a low profile to evade detection while performing lateral movement and maintaining long-term access to breached systems to maximize its cyberespionage operations. >> Full Article <<
Hi Webroot Team, Newbie here. Can we audit device per sites if Web Threat Shield extension for Browser is enabled or disabled? Also, if the Web Threat Shield extension is disabled from a device with Webroot client program, does it mean that if the User accessed a malicious site, Webroot would not block it? Thank you.
The splash screen that indicates Webroot Secure Anywhere is active keeps reappearing. I’ve restarted PC several times. Still keeps happening. Any suggestions?\I would ignore it, but the splash screen becomes an active window and interrupts whatever I’m doing.. Thanks
I seem to be missing something. I assume I’m just blind.Where in the documentation is the new Business Admin Console documented? We’re now on version 6.7, yet all I can find is documentation for the traditional console.
This should be simple: we run a large multi-site network with a number of admins.I need to see the status of our Admins:Name and email, 2FA status, admin type (all on current console) Most recent login date Any login failure info you can provideI can’t see ANY way to discover which admins haven’t logged in. Not in the old or new console, not in API reporting. :(How to solve it?
I was really excited to see this Application, we use Rapid7 and there was no good way to get this data into IDR. My excitement was quickly diminished immediately after I installed this software. Why create a software that is to redirect logs, and in this case to a SIEM and not make it run as a service? I tested it, right after I set it up, I monitored the service running and as soon as I logged off my admin account the service stopped and I can only assume the logging stopped as well. Is there anyway to run this as a service? I really don’t need to see the Scrolling CLI, that feature is pretty much pointless.
Recently updated Webroot Solution last night in one of our Automate Servers as we have two, but our first instance now no longer displays the plugin menu popup when accessed from Tools in Automate.Has the update broken this?As on our Server 2, V3.2.1.242 works fine when trying to access the plugin menu.
I need to block all websites except for my competitor (limited website) that are allowed on the macos. This is a very locked down environment. I don’t see a way to block “ALL websites” and only allow just a handful.
Hello guys,Is there anyone here who knows how to change policy settings via cellphone, sometimes I'm in a condition where I can't open my laptop, but I have to change the policy settings, whereas via cellphone I can only create a new policy without making changes to it, even I can't change the user endpoint policy. Thanks
The Total Security Complete App for my android phone is extremely difficult to manipulate and understand. It does not work anything like the Microsoft version. Not only does it look entirely different, but I cannot even figure out when the security expires.The old app which was somewhat different than the Microsoft version was much easier than the current app to navigate and fine information.With the new app you must add additional basic coverage such as password manager by totally resigning into that coverage although a basic coverage with the Total Security package.I ask why the change to the new app when the old one worked so much better and was easier to navigate. Please review and advise if this situation can be addressed.
We are having an issue with the Business Webroot where users are able to install more Entities than the assigned number of End Point Seats.This is causing issues with us, as we are getting billed for these additional Entities, and do not seem to have any control as to warn users, or stop them doing this.I have raised this in the past, but no solution was provided, other than to get an alert, and then sort out this issue manually.We are finding management of this is requiring more time resource overhead than what is worth reselling the Webroot product for.We simply seek to block sites being able to install and license Entities over and above the assigned number of End Point Seats allocated to the Site.Is there a way to achieve blocking Sites adding more Entities than the assigned number of End Point Seats?
