Information Security Wire

Woodstock Wire: Information Security Wire

Hackers can use a critical Window bug to access computers on a network in seconds

Tech - BGR - Homeland Security issued an emergency alert on Friday for a severe Windows vulnerability called Zerologon that would allow hackers to gain access to any computer of a network within minutes.
The Cybersecurity and Infrastructure Security Agency (CISA)...
Tue, 22 Sep 2020 16:35:47 - #samsung #cybersecurity #security

Homeland Security issues rare emergency alert over 'critical' Windows bug

Tech - TechCrunch - Homeland Security's cybersecurity advisory unit has issued a rare emergency alert to government departments after the recent disclosure of a "critical"-rated security vulnerability in server versions of Microsoft Windows.
The Cybersecurity...
Tue, 22 Sep 2020 14:36:55 - #cybersecurity #microsoft #security

9 top anti-phishing tools and services

Infosec - CSO Online - Phishing ranks low on the list of cyberattacks in terms of technological sophistication. Even more sophisticated phishing variants like spear phishing (focused and often personalized phishing attacks) and whaling (phishing attacks focused...
Tue, 22 Sep 2020 13:13:23 - #cybersecurity #phishing #security

How CISOs Can Foster Effective Comms and Build a Cybersecurity Program

Infosec - TripWire - The State of Security - For many organizations, security flows from the top down. That's a problem when executives don't emphasize security as much as they should. Cisco learned as much in its CISO Benchmark Study "Securing What's Now and What's...
Tue, 22 Sep 2020 13:13:21 - #ciso #cisco #cybersecurity #tripwire #security

Employee Burnout is Putting Your Organization's Security at Risk

Infosec - TripWire - The State of Security - Burnout is a health hazard in any high-stress workplace, especially in any industry where highly skilled professionals must tackle urgent demands at unpredictable intervals and where effective response is time-sensitive...
Tue, 22 Sep 2020 13:13:20 - #tripwire #security

Fileless Malware Tops Critical Endpoint Threats for 1H 2020

Infosec - Threatpost - When it comes to endpoint security, a handful of threats make up the bulk of the most serious attack tools and tactics.
Tue, 22 Sep 2020 13:13:19 - #cybersecurity #security

Harvard Researchers Say These Countries Have the Greatest Cybersecurity Skills

Infosec - Record by Recorded Future - When it comes to cybersecurity, countries like North Korea, Iran, and Israel garner plenty of headlines. But according to a
Tue, 22 Sep 2020 13:13:17 - #cybersecurity #security

Curating Your Personal Security Intelligence Feed

Infosec - Recorded Future - Our guest is Sal Aurigema, associate professor of computer information systems at the University of Tulsa. He shares his experience in nuclear engineering and serving aboard submarines in the U.S. Navy, his shift to the intelligence...
Mon, 21 Sep 2020 21:13:33 - #cybersecurity #usnavy #security

FBI sees spike in credential stuffing attacks

Infosec - Barracuda - The cyber division of the Federal Bureau of Investigations (FBI) has issued a private industry advisory warning of a spike in credential stuff attacks aimed at financial services firms.
Billions of credentials available on the Dark Web are...
Mon, 21 Sep 2020 21:13:31 - #phishing #cybersecurity #botnet #security

Is domain name abuse something companies should worry about?

Infosec - Malwarebytes Unpacked - Even though some organizations and companies may not realize it, their domain name is an important asset. Their web presence can even make or break companies. Therefor, "domain name abuse" is something that can ruin your reputation.
Mon, 21 Sep 2020 21:13:30 - #databreach #phishing #domains #security

US House Passes IoT Cybersecurity Improvement Act

Infosec - Security Affairs - The U.S. House of Representatives passed the IoT Cybersecurity Improvement Act, a bill that aims at improving the security of IoT devices.

The U.S. House of Representatives last week passed the IoT Cybersecurity Improvement Act,...
Mon, 21 Sep 2020 21:13:29 - #iot #identity #ibm #cybersecurity #security

5 ways cybercriminals can try to extort you

Infosec - WeLiveSecurity - What are some common strategies cybercriminals employ in extortion schemes and how can you mitigate the chances of falling victim to a cyber-shakedown?
Sun, 20 Sep 2020 21:41:12 - #cybersecurity #security

Mitigating Cyber-Risk While We're (Still) Working from Home

Infosec - Dark Reading - One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
Sun, 20 Sep 2020 21:41:11 - #cybersecurity #security

Email threat types: Spam

Infosec - Barracuda - Spam is unsolicited bulk email messages, also known as junk email. Spammers typically send an email to millions of addresses, with the expectation that only a small number will respond to the message. Spammers gather email addresses from a...
Sun, 20 Sep 2020 21:41:10 - #phishing #security

Raking the floods: How to protect UDP services from DoS attacks with eBPF

Infosec - Cloudflare - Cloudflare's globally distributed network is not just designed to protect HTTP services but any kind of TCP or UDP traffic that passes through our edge. To this end, we've built a number of sophisticated DDoS mitigation systems, such as Gatebot,...
Sun, 20 Sep 2020 21:41:09 - #ddos #security

All You Need to Know about SASE, the Cutting-Edge Technology

Infosec - CDNetworks - SASE is short for Secure Access Service Edge. SASE was introduced by Gartner by the end of last year. It combines network security functions (i.e. SWG, CASB, FWaaS and ZTNA) with WAN capabilities (i.e. SD-WAN) to support enterprises' need...
Sun, 20 Sep 2020 21:39:06 - #iot #cybersecurity #sd-wan #digitaltransformation #datacenter #security

Palo Alto Networks Completes Acquisition of The Crypsis Group

Infosec -
Sun, 20 Sep 2020 21:39:05 - #paloaltonetworks #acquisition #security

How IT Security Organizations are Attacking the Cybersecurity Problem

Infosec - Dark Reading - The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming...
Sun, 20 Sep 2020 21:39:03 - #coronavirus #cybersecurity #security

Skills and traits of a business-savvy CISO

Infosec - CSO Online - What does it mean to be 'business-savvy?'
Sun, 20 Sep 2020 21:39:01 - #ciso #security

Building Your Team up to Win the Security Arms Race

Infosec - TripWire - The State of Security - In a fast-changing world, stopping to assess your success isn't really an option anymore. It is increasingly important that security teams are constantly proving their worth and tracking their successes with a view to...
Sun, 20 Sep 2020 21:39:00 - #tripwire #security

DDoS Attacks Rose 151% in First Half of 2020

Infosec - Dark Reading - Attacks grew in number, size, and sophistication as the coronavirus pandemic took hold.
Sun, 20 Sep 2020 21:38:59 - #coronavirus #ddos #security

DDoS Attacks Skyrocket as Pandemic Bites

Infosec - Threatpost - More people being online during lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers.
Sun, 20 Sep 2020 21:38:58 - #ddos #security

5 Questions to Ask Yourself About Your Third-Party Risk

Infosec - Recorded Future - From lawyers, to marketing agencies, to office supply providers, your organization relies on third parties to keep the business in business. While critical to continued success, every vendor introduces risk to your organization.
Multiply...
Sun, 20 Sep 2020 21:38:57 - #threatintelligence #supplychain #security

Report Looks at COVID-19's Massive Impact on Cybersecurity

Infosec - Threatpost - Cynet's report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spearphishing as an initial attack vector, and the approaches being used...
Sun, 20 Sep 2020 21:38:55 - #coronavirus #cybersecurity #security

New Report Explains COVID-19's Impact on Cyber Security

Infosec - The Hacker News - Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks.

Of course, malicious emails would contain subjects relating to Covid-19,...
Sun, 20 Sep 2020 21:38:53 - #coronavirus #cybersecurity #security

New MrbMiner malware infected thousands of MSSQL DBs

Infosec - Security Affairs - A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner.

A group of hackers is launching brute-force attacks on MSSQL servers with the...
Sun, 20 Sep 2020 21:38:52 - #cybersecurity #botnet #threatintelligence #arm #microsoft #security

More Cyberattacks in the First Half of 2020 Than in All of 2019

Infosec - Dark Reading - The pandemic-related shift to remote work and the growing availability of ransomware-as-a-service were two major drivers, CrowdStrike says.
Sun, 20 Sep 2020 21:38:50 - #cybersecurity #security

Experts warn of surge in DDoS attacks targeting education institutions

Infosec - Security Affairs - Experts warn of a surge in the DDoS attacks against education institutions and the academic industry across the world.

While the popularity of online learning is increasing due to the ongoing Coronavirus pandemic, threat actors...
Sun, 20 Sep 2020 21:38:49 - #coronavirus #cybersecurity #ddos #security

Elite Threat Intelligence That Disrupts Adversaries

Infosec - Recorded Future - Industry analysts have characterized threat intelligence as evidence-based, actionable assessments about existing or emerging threats.
At Recorded Future, we've taken this notion to the next level. Elite threat intelligence is not only...
Sun, 20 Sep 2020 21:38:48 - #threatintelligence #security

How To Write for The Record

Infosec - Record by Recorded Future - The Record by Recorded Future is looking for talented freelance writers to cover the untold stories of cybersecurity. These can
Sun, 20 Sep 2020 21:38:47 - #cybersecurity #security

Chinese hacking groups are bullying telecoms as 2020 goes on, CrowdStrike says

Infosec - CyberScoop - Six suspected Chinese hacking groups have zeroed-in on entities in the telecommunications sector in the first half of this year, according to CrowdStrike research published Tuesday.
While CrowdStrike did not identify the groups by name, attackers...
Sun, 20 Sep 2020 21:38:46 - #coronavirus #fireeye #threatintelligence #security

Chinese State-Backed Hackers Target the Vatican, Again

Infosec - Record by Recorded Future - Hackers sometimes come back for seconds - even if they're caught. Just days after being exposed for targeting the Vatican and
Sun, 20 Sep 2020 21:38:45 - #security

Back Despite Disruption: RedDelta Resumes Operations

Infosec - Recorded Future - Insikt Group(r) researchers used proprietary Recorded Future Network Traffic Analysis and RAT controller detections, along with common analytical techniques, to continue tracking...
Sun, 20 Sep 2020 21:13:55 - #antivirus #cybersecurity #phishing #microsoft #security

Auth0 is Named to the 2020 Forbes Cloud 100

Globe Newswire - Technology - Recognition highlights Auth0 as a top private cloud company for third consecutive year
Sun, 20 Sep 2020 20:39:58 - #auth0 #security

Zscaler and New York University Teach Cloud Security Expertise to Cybersecurity Master's Students

Globe Newswire - Technology - Partnership with Tandon School of Engineering Giving Students Hands-on Experience in SASE and Zero Trust through Zscaler Certifications Partnership with Tandon School of Engineering Giving Students Hands-on Experience in SASE and Zero Trust...
Sun, 20 Sep 2020 20:39:56 - #zscaler #cybersecurity #security

JumpCloud Announces Okta Integration

Globe Newswire - Technology - New integration makes it easy for admins to securely manage identities and access to cloud based and on premise resources
Sun, 20 Sep 2020 20:14:08 - #okta #security

Altium TASKING Automotive Development Tools Now Support Embedded IT Security From ESCRYPT

Business Wire - Altium TASKING has joined forces with ESCRYPT, a leading provider of IT security solutions in embedded systems, to enhance automotive cybersecurity.
Sun, 20 Sep 2020 19:13:36 - #cybersecurity #security

Valimail DMARC Monitor and Valimail Enforce Now Available in the Microsoft Azure Marketplace

Business Wire - Valimail, the provider of zero-trust, identity-based anti-phishing solutions, today announced the availability of Valimail DMARC Monitor and Valimail Enforce in the Microsoft Azure Marketplace, an online store providing applications and services...
Sun, 20 Sep 2020 19:13:25 - #cloud #azure #microsoft #security

DDoS Attacks Increase by 151% in First Half Of 2020

Business Wire - Today, Neustar released its latest cyberthreats and trends report revealing significant shifts in DDoS attack patterns in the first half of 2020.
Sun, 20 Sep 2020 19:13:23 - #ddos #security

Exabeam and Code42 Announce Strategic Partnership to Detect and Respond to Risk from Insider Threats

Business Wire - Exabeam, the Smarter SIEM(tm) company, and Code42, the leader in insider risk detection and response, today announced a strategic partnership to help security and insider threat teams quickly detect, investigate and respond to data exfiltration, and reduce...
Fri, 18 Sep 2020 19:36:40 - #code42 #cybersecurity #security

Code42 Unveils Incydr: Detection and Response for Insider Threats

Business Wire - Code42 announced the Code42 Incydr product, a new SaaS offering that protects organizations' intellectual property, source code and trade secrets.
Fri, 18 Sep 2020 17:13:11 - #code42 #security

UK NCSC releases the Vulnerability Disclosure Toolkit

Infosec - Security Affairs - The British National Cyber Security Centre (NCSC) released a guideline, dubbed The Vulnerability Disclosure Toolkit, for the implementation of a vulnerability disclosure process.

The UK National Cyber Security Centre (NCSC) has released...
Tue, 15 Sep 2020 14:30:51 - #cybersecurity #security

Introducing Mandiant Solutions - Augmenting and Automating Security Teams with Industry-Leading Cyber Security Expertise and Threat Intelligence

Business Wire - FireEye forms Mandiant Solutions group to bring new, controls-agnostic offerings to market that are applicable to every security team.
Tue, 15 Sep 2020 14:30:48 - #fireeye #cybersecurity #security

Considering a career in cybersecurity? Baseline tools can give you a quick start

Enterprise - Microsoft -
Tue, 15 Sep 2020 14:13:39 - #microsoft #security

Integrating AWS CloudFormation security tests with AWS Security Hub and AWS CodeBuild reports

Enterprise - Amazon AWS Blog - The concept of infrastructure as code, by using pipelines for continuous integration and delivery, is fundamental for the development of cloud infrastructure. Including code quality and vulnerability scans in the pipeline is essential...
Tue, 15 Sep 2020 14:13:38 - #cloud #aws #security

COVID cybercrime: Ten disturbing statistics to keep you awake tonight

Enterprise - ZDNet News - Nine out of 10 coronavirus domains are scams. Half a million Zoom accounts are for sale on the Dark Web. Brute-force attacks are up 400 percent. And there's more. So much more.
Tue, 15 Sep 2020 14:13:28 - #coronavirus #cybersecurity #security

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Infosec - Security Affairs - CISA published an advisory on China-linked groups targeting government agencies by exploiting flaws in Microsoft Exchange, Citrix, Pulse, and F5 systems.

CISA published a security advisory warning of a wave of attacks carried out...
Tue, 15 Sep 2020 13:13:40 - #cybersecurity #sd-wan #microsoft #security

Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released

Infosec - TripWire - The State of Security - A joint cybersecurity advisory released on September 1st detailed technical methods for uncovering and responding to malicious activity including best practice mitigations and common missteps. A collaborative effort,...
Tue, 15 Sep 2020 13:13:39 - #cybersecurity #tripwire #security

Security Through an Economics Lens: A Guide for CISOs

Infosec - Dark Reading - An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.
Tue, 15 Sep 2020 13:13:37 - #cybersecurity #security

E-Commerce Sites Hit With New Attack on Magento

Infosec - Dark Reading - The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.
Tue, 15 Sep 2020 13:13:36 - #magento #security