Woodstock Wire: Information Security Wire
Slashdot - After Russia's massive breach of both government and private networks in the U.S., American intelligence officials "have expressed anger that Microsoft did not detect the attack earlier
Sun, 03 Jan 2021 20:49:36 - #solarwinds #cybersecurity #microsoft #security
Enterprise - Palo Alto Networks Blog - On Dec. 13, the world learned of the now-infamous SolarWinds supply-chain attack. The "SolarStorm" threat group infected countless SolarWinds Orion servers with a Trojanized DLL file and eluded detection for months.
Sun, 03 Jan 2021 20:49:35 - #paloaltonetworks #solarwinds #cybersecurity #cloud #azure #machinelearning #threatprotection #domains #security
Tech - The Verge - The Russia-linked SolarWinds hack which targeted US government agencies and private corporations may be even worse than officials first realized, with some 250 federal agencies and business...
Sun, 03 Jan 2021 20:49:24 - #solarwinds #supplychain #security
Tech - BGR - Microsoft revealed that the SolarWinds hackers were able to breach its security and access sensitive source code, although they could not make any changes to it.
The company said that the hackers did not access production services or customer data,...
Sun, 03 Jan 2021 20:49:20 - #coronavirus #solarwinds #microsoft #security
Infosec - EFF Deeplinks - Government knowledge of what sites activists have visited can put them at risk of serious injury, arrest, or even death. This makes it a vitally important priority to secure DNS. DNS over HTTPS (DoH) is a protocol that encrypts the Domain...
Sun, 03 Jan 2021 20:49:16 - #domains #security
Infosec - Security Affairs - Cybercriminals are abusing Facebook ads in a large-scale phishing scam aimed at stealing victims' login credentials.
Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads. Threat actors...
Sun, 03 Jan 2021 20:49:14 - #cybersecurity #phishing #godaddy #security
Enterprise - ChannelE2E - Five steps new SolarWinds CEO Sudhakar Ramakrishna should take amid Orion vulnerability clean-up & pending SolarWinds MSP (N-able) spin-out.
Fri, 01 Jan 2021 22:13:16 - #solarwinds #security
Enterprise - ChannelE2E - Barracuda research shows how cybercriminals are using spear phishing, business email compromise and COVID-19 pandemic-related scams.
Fri, 01 Jan 2021 22:13:15 - #coronavirus #cybersecurity #phishing #security
Infosec - Office of Inadequate Security - Ellen Nakashima reports: Russian government hackers engaged in a sweeping series of breaches of government and private-sector networks have been able to penetrate deeper into Microsoft's systems than previously known, gaining...
Fri, 01 Jan 2021 17:35:03 - #microsoft #security
Infosec - The Hacker News - Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking...
Fri, 01 Jan 2021 17:35:02 - #firewall #security
Infosec - Record by Recorded Future - We're going to be powering up machines that have been touched for a year. Organizations might want to think twice before putting out a big PR release that they're going back to the office on a certain date. Figuring out how...
Fri, 01 Jan 2021 17:35:01 - #phishing #cybersecurity #security
Infosec - WeLiveSecurity - Is the message real or fake? Take our Phishing Derby quiz to find out how much you know about phishing.
Fri, 01 Jan 2021 17:13:23 - #phishing #security
Infosec - Threatpost - Reflecting on 2020's record-breaking year of spam and inbox threats.
Fri, 01 Jan 2021 17:13:22 - #security
Enterprise - dinCloud - We are in the midst of the largest remote work scenario in the history of modern technologies. With nearly everyone working from home (WFH), the overall threat surface has swelled exponentially.
Thu, 31 Dec 2020 21:20:09 - #cybersecurity #coronavirus #dincloud #digitaltransformation #quantum #security
Infosec - CyberScoop - Microsoft said Thursday that the SolarWinds hackers were able to access company source code, although the technology giant described the incident as largely harmless in an update to an internal investigation.
Thu, 31 Dec 2020 21:13:17 - #fireeye #solarwinds #microsoft #cybersecurity #security
Infosec - Dark Reading - Malicious SolarWinds Orion backdoor installed in Microsoft's network led to the attackers viewing some of its source code.
Thu, 31 Dec 2020 21:13:16 - #solarwinds #microsoft #security
Business Wire - Thoma Bravo announced the completion of its strategic growth investment in Venafi, the inventor and leading provider of machine identity management
Thu, 31 Dec 2020 21:13:15 - #identity #security
Tech - GeekWire - An illicit account associated with the widespread SolarWinds hack was used to view some of Microsoft's internal source code, the company disclosed Thursday morning.
Microsoft says its investigation found that the account was unable to modify...
Thu, 31 Dec 2020 20:33:32 - #solarwinds #cybersecurity #microsoft #security
Infosec - Security Affairs - Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers.
Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers.
Thu, 31 Dec 2020 18:13:30 - #cybersecurity #jenkins #android #security
Infosec - Security Affairs - T-Mobile has disclosed a data breach that exposed customers' network information (CPNI), including phone numbers and calls records.
T-Mobile has disclosed a data breach exposing customers' account's information. The T-Mobile security...
Thu, 31 Dec 2020 18:13:29 - #databreach #cybersecurity #t-mobile #security
Enterprise - ZDNet News - US federal agencies must update by the end of the year or take all SolarWinds Orion apps offline.
Thu, 31 Dec 2020 00:36:05 - #solarwinds #security
Infosec - Security Affairs - US Cybersecurity and Infrastructure Security Agency (CISA) urges US federal agencies to update the SolarWinds Orion software by the end of the year.
The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its official...
Wed, 30 Dec 2020 23:33:52 - #solarwinds #cloud #azure #microsoft #supplychain #cybersecurity #security
Infosec - RiskIQ - There will be many more breaches like the one of SolarWinds.
Moving into 2021 and beyond, the ability to view your organization from the outside-in, as attackers do, will be the best defense against these internet-scale attacks by advanced APTs....
Wed, 30 Dec 2020 23:33:50 - #fireeye #solarwinds #riskiq #security
Infosec - CyberScoop - Every massive breach comes with a trail of lawsuits and regulatory ramifications that can last for years. Home Depot, for instance, only last month settled with a group of state attorneys general over its 2014 breach.
Wed, 30 Dec 2020 23:33:49 - #solarwinds #fireeye #cybersecurity #microsoft #security
Enterprise - IT World Canada - The past year has been an unpleasant rollercoaster ride that has forced businesses to adapt quickly to new, and in many cases, strict rules and limitations. Amid this global "readjustment," there have been many developments in cybersecurity...
Wed, 30 Dec 2020 18:31:17 - #cybersecurity #fortinet #security
Domains - CircleID - The Internet Corporation for Assigned Names and Numbers organization (ICANN org) announced that all of the current 1,195 generic top-level domains (gTLDs) have deployed Domain Name System Security Extensions (DNSSEC).
Wed, 30 Dec 2020 18:13:31 - #cybersecurity #security
Infosec - Malwarebytes Unpacked - In 2020, we experienced a major shift. Much of the world pitched in to limit the spread of the coronavirus, with people changing their daily routines to include a mixture of working from home, standing in socially-distanced lines,...
Wed, 30 Dec 2020 18:13:24 - #coronavirus #cybersecurity #solarwinds #threatintelligence #microsoft #vmware #domains #security
Infosec - Security Affairs - Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view users' private docs.
Google has addressed a flaw in its feedback tool that is part of multiple of its services...
Wed, 30 Dec 2020 18:13:23 - #security
Infosec - The Akamai Blog - On October 2020, the Akamai Technical Enablement and Education (TE&E) Team -- responsible for creating product-training certifications for employees (Global Services and Support [GSS]), customers (Akamai University), and channel partners...
Wed, 30 Dec 2020 16:35:59 - #akamai #security
Infosec - Recorded Future - The recent expansive intrusion campaign of over half a dozen government agencies and as-yet unknown other organizations...
Wed, 30 Dec 2020 16:35:58 - #fireeye #solarwinds #threatintelligence #microsoft #cisco #supplychain #security
Infosec - Dark Reading - Global pandemic and the easy availability of for-hire services and inexpensive tool sets gave adversaries more opportunities to attack.
Wed, 30 Dec 2020 16:35:57 - #ddos #security
Infosec - Office of Inadequate Security - WELP reports: The Financial Times was the first to break this story earlier today (29th December 2020. This breach occurred when GetSchooled (getschooled.com), a charity founded by the Bill & Melinda Gates Foundation in...
Wed, 30 Dec 2020 16:35:56 - #gatesfoundation #melindagates #security
Wed, 30 Dec 2020 16:35:54 - #cybersecurity #security
Infosec - Security Affairs - Microsoft says that SolarWinds hackers aimed at compromising the victims' cloud infrastructure after deploying the Solorigate backdoor (aka Sunburst).
The Microsoft 365 Defender Team revealed that the goal of the threat actors behind...
Wed, 30 Dec 2020 16:35:53 - #solarwinds #cloud #azure #microsoft #supplychain #cybersecurity #security
Infosec - Dark Reading - Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
Wed, 30 Dec 2020 16:35:52 - #security
Globe Newswire - Technology - WISeKey's Identity Blockchain Technology Secures Commercial and Recreational Drones and Improves Safety
Tue, 29 Dec 2020 18:13:36 - #blockchain #drones #security
Infosec - Threatpost - David "moose" Wolpoff at Randori explains how hackers pick their targets, and how understanding "hacker logic" can help prioritize defenses.
Tue, 29 Dec 2020 18:13:35 - #security
Infosec - The Daily Swig - We take a look back at some of the best offensive security tools that were launched over the past three months
Tue, 29 Dec 2020 18:13:34 - #security
Business Wire - Code42, the Insider Risk Management leader, won a pair of industry awards, which recognize companies and solutions for innovations in cybersecurity.
Tue, 29 Dec 2020 18:13:33 - #code42 #cybersecurity #security
Globe Newswire - Technology - U.S. cybersecurity services firm expands compliance and penetration testing teams U.S. cybersecurity services firm expands compliance and penetration testing teams
Tue, 29 Dec 2020 17:37:28 - #acquisition #cybersecurity #security
Infosec - Kali Linux - Many of you may have known about the show Mr Robot and its unique connection to Kali Linux. But there is a little bit more that we have not talked about due to NDAs. But it appears the mystery is over, the red tape has been removed, and we...
Tue, 29 Dec 2020 17:37:27 - #robotics #gitlab #kalilinux #security
Infosec - Threatpost - The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data.
Tue, 29 Dec 2020 17:37:26 - #databreach #security
Infosec - The Akamai Blog - In terms of cyberthreats and digital risk, 2020 has been all about DDoS attacks. We've seen threat actors launch record breaking 1.44 Tbps and 809 Mpps attacks, cybercriminals conduct the largest global DDoS extortion campaign, and a...
Tue, 29 Dec 2020 17:37:25 - #equinix #coronavirus #hybridcloud #cybersecurity #digitaltransformation #digitalcommerce #ddos #akamai #datacenter #security
Infosec - Dark Reading - Eight cybersecurity leaders go deep on their most valuable (and very human) takeaways from a year like no other we've known.
Tue, 29 Dec 2020 17:37:24 - #cybersecurity #security
Infosec - The Hacker News - Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website.
Tue, 29 Dec 2020 17:37:23 - #security
Infosec - Security Affairs - Cybersecurity and Infrastructure Security Agency (CISA) released a tool for detecting potentially malicious activities in Azure/Microsoft 365 environments.
The Cybersecurity and Infrastructure Security Agency (CISA)'s Cloud Forensics...
Tue, 29 Dec 2020 17:13:48 - #cloud #azure #microsoft #cybersecurity #security
Infosec - CSO Online - Malvertising definition
Malvertising, a word that blends malware with advertising, refers to a technique cybercriminals use to target people covertly. Typically, they buy ad space on trustworthy websites, and although their ads appear legitimate,...
Tue, 29 Dec 2020 17:13:47 - #cybersecurity #security
Infosec - TripWire - The State of Security - If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities....
Tue, 29 Dec 2020 17:13:46 - #tripwire #security
Infosec - TripWire - The State of Security - As if dealing with COVID-19 were not enough, 2020 turned out to be a banner year for another troublesome strain of virus- ransomware. Malicious actors grew more sophisticated, daring and brutal. They also hit a number...
Tue, 29 Dec 2020 17:13:45 - #coronavirus #cybersecurity #tripwire #security
Infosec - CSO Online - Data security and data privacy are both necessary to completely protect corporate data assets. But most companies spend most of their time on the former and much less on the latter.
Tue, 29 Dec 2020 17:13:44 - #cybersecurity #security