Information Security Wire

Woodstock Wire: Information Security Wire

The best password advice right now

Infosec - CSO Online - Ever since NIST submitted SP 800-63 Digital Identity Guidelines for review a few years ago, the computer security world has been...
Wed, 19 Sep 2018 13:50:22 - #cybersecurity #security

Making your own Kali Linux Metapackages

Infosec - Kali Linux - One of the many useful things we can do with APT is create metapackages, which are effectively empty packages that declare a list...
Wed, 19 Sep 2018 13:50:21 - #security

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Infosec - Security Affairs - Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency...
Wed, 19 Sep 2018 13:50:20 - #oracle #microsoft #hadoop #cybersecurity #botnet #redis #paloaltonetworks #mongodb #bigdata #elasticsearch #security

RDP Access to Hacked Servers Still a Thriving Business on Deep & Dark Web

Infosec - Flashpoint - Deep & Dark Web markets selling remote desktop protocol (RDP) access to hacked servers or tools that scan for and brute-force these...
Wed, 19 Sep 2018 13:50:19 - #microsoft #cybersecurity #botnet #phishing #security

Putting the privilege back into access management

Enterprise - The Register - The anatomy of a privileged account hack
Promo At 2pm UK we've got a live broadcast in which we speak to privileged access management...
Wed, 19 Sep 2018 13:13:21 - #cybersecurity #security

DevOps and the Dark Pools of Security Technical Debt

Enterprise - - We live in a world of digital transformation where organizations across industries are embracing initiatives around automation,...
Wed, 19 Sep 2018 13:13:16 - #devops #security

New XBash malware combines ransomware, coinminer, botnet, and worm features in deadly combo

Enterprise - ZDNet News - New XBash malware strain targets both Linux and Windows servers
Wed, 19 Sep 2018 12:40:26 - #cybersecurity #botnet #security

Securing New Application Architectures in the Cloud: Understanding the Developer Mindset

Enterprise - Palo Alto Networks Blog - "Get out of the way of your developers or lose them to someone who will."
- Adrian Cockcroft

The cloud is changing...
Wed, 19 Sep 2018 12:40:24 - #paloaltonetworks #iaas #googlecloud #security

​Five computer security questions you must be able to answer right now

Enterprise - ZDNet News - If you can't answer these basic questions, your security could be at risk.
Wed, 19 Sep 2018 12:40:20 - #cybersecurity #security

Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows

Enterprise - Palo Alto Networks Blog - Executive Summary:
Unit 42 researchers have found a new malware family that is targeting Linux and Microsoft Windows...
Wed, 19 Sep 2018 12:13:49 - #microsoft #hadoop #cybersecurity #botnet #domains #redis #paloaltonetworks #mongodb #bigdata #elasticsearch #mirai #cloud #aws #security

A vigilante botnet is taking out crypto-jacking malware

Tech - Digital Trends - A new botnet is on the rise but it isn't being used to take down websites or hack servers, it's going after crypto-jacking malware....
Wed, 19 Sep 2018 11:39:57 - #cybersecurity #botnet #security

SolarWinds MSP Launches SolarWinds Threat Monitoring Service Program

Globe Newswire - Technology - Program Is Designed to Expand the Market Opportunity for MSPs to Deliver Managed Security Services in Partnership with SolarWinds...
Wed, 19 Sep 2018 11:13:16 - #solarwinds #security

New McAfee Consumer Portfolio Delivers Enhanced Speed, Effectiveness and Security Features

Business Wire - Today, McAfee, the device-to-cloud cybersecurity company, launched the latest version of its consumer security portfolio, focused on system performance,...
Tue, 18 Sep 2018 16:13:24 - #cybersecurity #security

Symantec and Starboard Announce Board Refreshment Plan and Director Appointments

Business Wire - Symantec Corp. (NASDAQ: SYMC) today announced that its Board of Directors (the "Board") has enacted a refreshment plan, including the appointment...
Tue, 18 Sep 2018 16:13:23 - #security

RiskIQ's Q2 Mobile Threat Landscape Report Finds Blacklisted Apps on the Rise, Scams Get Mobile

Globe Newswire -
Tue, 18 Sep 2018 12:13:15 - #riskiq #security

5 steps to create a zero trust security model

Infosec - CSO Online - The zero trust approach to enterprise security proposed by analyst firm Forrester Research nearly a decade ago can be challenging...
Mon, 17 Sep 2018 12:13:58 - #security

What is Wireshark? What this essential troubleshooting tool does and how to use it

Infosec - CSO Online - Wireshark is the world's leading network traffic analyzer, and an essential tool for any security professional or systems administrator....
Mon, 17 Sep 2018 12:13:57 - #security

Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

Infosec - The Hacker News - It's 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze.
Mon, 17 Sep 2018 12:13:39 - #security

Google Android team found high severity flaw in Honeywell Android-based handheld computers

Infosec - Security Affairs - Experts at the Google Android team have discovered high severity privilege escalation vulnerability in some of Honeywell Android-based...
Mon, 17 Sep 2018 12:13:38 - #cisco #android #security

What Is the Most Important Skill Cyber Security Professionals Can Possess? The Experts Weigh In

Infosec - TripWire - The State of Security - The cyber security field is booming, with demand for cyber security professionals far outpacing supply. This...
Mon, 17 Sep 2018 12:13:37 - #tripwire #cybersecurity #security

Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day

Enterprise - The Register - Nothing is secure, everything is hackable. Wisdom
Comment It has never been easier to conduct a cyber attack. There now exists...
Mon, 17 Sep 2018 12:13:36 - #cybersecurity #security

Equifax IT staff had to rerun hackers' database queries to work out what was nicked - audit

Enterprise - The Register - And let security kit fail for 10 months due to bad cert
Equifax was so unsure how much data had been stolen during its 2017 mega-hack...
Mon, 17 Sep 2018 12:13:35 - #security

Amazon aims to crack down on employees who sell confidential info to merchants

Tech - Digital Trends - Amazon's massive growth in recent years has led to an internal black market where some employees are paid for insider data or...
Mon, 17 Sep 2018 11:39:06 - #security

More Devices, More Hacking: Five Ways to Thwart Rise in Cyber Threats

Business Wire - FIVE WAYS TO THWART RISE IN CYBER THREATS. Matrix Integration Experts Provide Needed Advice for October's National Cyber Security...
Sun, 16 Sep 2018 20:13:42 - #cybersecurity #security

FireEye Named the Leader in External Threat Intelligence Services Evaluation by Leading Independent Research Firm

Business Wire - FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that it was named the Leader in the Forrester Research,...
Sun, 16 Sep 2018 20:13:39 - #fireeye #threatintelligence #security

Venafi Survey: 86 Percent of Security Professionals Say World at Cyber War

Business Wire - 40% of the IT security professionals participating in Venafi's survey believe a nation-state cyber attack has already cost human lives
Sun, 16 Sep 2018 20:13:37 - #cybersecurity #security

Nexusguard research reveals 500 percent increase in average DDoS attack size

Business Wire - The average DDoS attack quintupled in size to more than 26 Gbps in Q2 2018 compared to the same period last year, according to Nexusguard.
Sun, 16 Sep 2018 20:13:30 - #ddos #security

Zscaler Achieves AWS Security Competency Status for Zero Trust

Business Wire - Zscaler Achieves AWS Security Competency Status for Zero Trust
Sun, 16 Sep 2018 20:13:28 - #zscaler #cloud #aws #security

New FireEye Email Threat Report Underlines the Rise in Malware-Less Email Attacks

Business Wire - FireEye has released the results of its biannual Email Threat Report. Analysis is based on a sample set of over half-a-billion emails from 1H...
Sun, 16 Sep 2018 20:13:27 - #fireeye #security

DDoS Attacks Increase 40% Year on Year Confirms Corero Networks

Business Wire - DDoS attack frequency has risen 40% in 1H:2018, reports Corero Network Security (LSE: CNS), a leading provider of real-time DDoS defense solutions.
Sun, 16 Sep 2018 20:13:26 - #ddos #security

Survey Finds Sizable Number of Adults Want to Reskill for Cybersecurity Careers

Business Wire - A new survey from Champlain College Online shows that not only are the majority of Americans concerned about cybersecurity threats, but many...
Sun, 16 Sep 2018 18:13:15 - #cybersecurity #security

GDPR's First 100 Days: What's Next for the Industry?

Web Marketing -
Sun, 16 Sep 2018 17:39:15 - #gdpr #security

Strong Worldwide Security Appliance Growth Continues in Q2 2018 with UTM Leading the Way, According to IDC

Think - IDC - According to the IDC Worldwide Quarterly Security Appliance Tracker, the total security appliance market experienced year-over-year revenue...
Sun, 16 Sep 2018 16:13:15 - #security

A new CSS-based web attack will crash and restart your iPhone

Tech - TechCrunch - A security researcher has found a new way to crash and restart any iPhone - with just a few lines of code.
Sabri Haddouche tweeted...
Sun, 16 Sep 2018 01:13:05 - #cybersecurity #security

State cybersecurity authorities issue warning over Hurricane Florence scams

Infosec - CyberScoop - As Hurricane Florence rips through North and South Carolina, scammers and hackers will very likely look to exploit the storm for...
Sun, 16 Sep 2018 01:13:04 - #cybersecurity #phishing #security

Five Weakest Links in Cybersecurity That Target the Supply Chain

Infosec - Threatpost - Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta...
Sun, 16 Sep 2018 00:38:23 - #supplychain #cybersecurity #security

Is two-factor authentication (2FA) as secure as it seems?

Infosec - Malwarebytes Unpacked - Two-factor authentication (2FA) was invented to add an extra layer of security to the-now considered old-fashioned and...
Sun, 16 Sep 2018 00:38:22 - #cybersecurity #phishing #security

Files With 42 Million Emails and Passwords Found On Free Hosting Service

Infosec - Office of Inadequate Security - Ionut Ilascu reports: A huge database with email addresses, passwords in clear text, and partial credit card...
Sun, 16 Sep 2018 00:38:21 - #cybersecurity #security

How identity layering improves data flow

Infosec - CSO Online - Back in the day, a new idea was floated called "layered security." It was a model that helped an organization plan out how to secure...
Sun, 16 Sep 2018 00:38:20 - #oracle #security

How Strategic Threat Intelligence Informs Better Security Decisions

Infosec - Recorded Future - Key Takeaways
Threat intelligence is often thought of as a single function, but in reality, it can be broken down into four...
Sun, 16 Sep 2018 00:38:19 - #cybersecurity #threatintelligence #security

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

Infosec - Security Affairs - New Firmware Flaws Resurrect Cold Boot Attacks
A team of security researchers demonstrated that the firmware running on nearly...
Sun, 16 Sep 2018 00:38:18 - #lenovo #dell #cybersecurity #security

FBI loses another cybersecurity expert to private sector

Infosec - CyberScoop - Another cybersecurity expert at the FBI is headed for the private sector.
Trent Teyema, the FBI's section chief for cyber readiness...
Sun, 16 Sep 2018 00:14:06 - #cybersecurity #security

On our four-year anniversary, a look into the future of ProtonMail

Infosec - ProtonMail - Four years ago, over 10,000 people contributed to our crowdfunding campaign and jumpstarted our mission to create a more secure...
Sun, 16 Sep 2018 00:14:05 - #android #cybersecurity #robotics #security

What is Vulnerability Management Anyway?

Infosec - TripWire - The State of Security - Vulnerability management (VM) programs are the meat and potatoes of every comprehensive information security...
Sun, 16 Sep 2018 00:14:04 - #tripwire #security

Mastering Container Security: Docker, Kubernetes and More

Infosec - TripWire - The State of Security - Bolting on security after the fact. It's been a common approach to software security for decades. We architect,...
Sun, 16 Sep 2018 00:14:02 - #tripwire #docker #kubernetes #security

What Cloud Migration Means for Your Security Posture

Infosec - TripWire - The State of Security - It shouldn't come as a surprise to anyone reading this article that there has been a major shift towards businesses...
Sun, 16 Sep 2018 00:14:01 - #microsoft #tripwire #security

4 Trends Giving CISOs Sleepless Nights

Infosec - Dark Reading - IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
Sun, 16 Sep 2018 00:14:00 - #iot #security

Patch Tuesday: Microsoft plugs zero-day hole exploited by PowerPool

Infosec - WeLiveSecurity - Microsoft and Adobe have each shipped out their scheduled batches of patches to address security flaws in their respective software
Sun, 16 Sep 2018 00:13:59 - #microsoft #security

Microsoft purges 3,000 tech support scams hiding on TechNet

Infosec - Naked Security - Microsoft has taken down thousands of ads for tech support scams that infested the company's TechNet support domain.
Sun, 16 Sep 2018 00:13:58 - #microsoft #security

Security Vulnerability in Smart Electric Outlets

Infosec - Schneier on Security - A security vulnerability in Belkin's Wemo Insight "smartplugs" allows hackers to not only take over the plug, but use...
Sun, 16 Sep 2018 00:13:57 - #iot #security