Information Security Wire

Woodstock Wire: Information Security Wire

SANS Announces 13th Holiday Hack Challenge and 2nd KringleCon infosec conference

Enterprise - The Register - Sign up, tune in, expand your knowledge, and compete in hacking contests
Promo On December 9, SANS will launch its second annual...
Sun, 08 Dec 2019 22:37:36 - #security

Okta One-Minute Case Study: Priceline

Infosec - Okta Blog - As you plan your travels home for the holidays, it's apps like Priceline that help you get there. Recently they needed to make a...
Sun, 08 Dec 2019 22:14:06 - #identity #security

VMware addresses ESXi issue disclosed at the Tianfu Cup hacking competition

Infosec - Security Affairs - VMware has addressed a critical remote code execution vulnerability in ESXi that was disclosed recently at the Tianfu Cup...
Sun, 08 Dec 2019 22:14:05 - #vmware #security

Report: Organizations remain vulnerable to increasing insider threats

Infosec - Malwarebytes Unpacked - The latest data breach at Capital One is a noteworthy incident not because it affected over 100 million customer records,...
Sun, 08 Dec 2019 22:14:04 - #cybersecurity #databreach #firewall #security

8 common pen testing mistakes and how to avoid them

Infosec - CSO Online - One of the most effective ways to uncover flaws and weaknesses in your security posture is to have a third party carry out planned...
Sun, 08 Dec 2019 22:14:03 - #cybersecurity #security

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Infosec - Security Affairs - Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in...
Sun, 08 Dec 2019 22:14:02 - #ubuntu #security

Chris Carter From FireEye Honored as Security Channel Chief of the Year

Business Wire - Chris Carter from FireEye wins Security Channel Chief of the Year at the Channel Partner Insight Innovation Awards 2019.
Sun, 08 Dec 2019 22:13:59 - #fireeye #security

44 million Microsoft users reused passwords in the first three months of 2019

Enterprise - ZDNet News - Microsoft used a database of three billion publicly leaked credentials to identify users who reused passwords.
Sun, 08 Dec 2019 17:37:36 - #microsoft #security

Why do I need Cyber Security Awareness Training for my employees?

Infosec - FraudWatch Intl - Recent research shows that human error is responsible for more than 90% of data breaches. 90%. Let that sink in for a minute....
Sun, 08 Dec 2019 03:36:41 - #cybersecurity #antivirus #databreach #phishing #security

Unique Countermeasures in Active Phishing Campaign Avoids Security Tools

Infosec - The PhishLabs Blog - PhishLabs' Email Incident Response analysts recently identified a phishing campaign leveraging novel tactics in the ongoing...
Sun, 08 Dec 2019 03:36:40 - #microsoft #phishing #security

Microsoft Defender ATP Brings EDR Capabilities to macOS

Infosec - Dark Reading - Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
Sun, 08 Dec 2019 03:36:39 - #microsoft #threatprotection #security

The Human Factor: 5 Reasons Why Cybersecurity Is a People Problem

Infosec - Dark Reading - The industry can only go so far in treating security as a challenge that can be resolved only by engineering.
Sun, 08 Dec 2019 03:13:29 - #cybersecurity #security

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

Infosec - The Hacker News - OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security...
Sun, 08 Dec 2019 03:13:26 - #security

The evolutions of APT28 attacks

Infosec - Security Affairs - Analyzing how tactics, techniques and procedures of the Russia-linked APT28 cyberespionage group evolve over the time.
Sun, 08 Dec 2019 03:13:25 - #microsoft #cybersecurity #fireeye #security

Retailers, prepare wisely: DDoS remains a holiday threat

Enterprise - ZDNet Blogs - A distributed denial of service attack can turn a retailer's holiday season from merry to miserable. Learn how to protect yourself.
Sat, 07 Dec 2019 23:30:05 - #ddos #security

In 2020, cyberattacks are going to get personal

Enterprise - Silicon Republic - In 2020 and beyond, security and risk professionals will discover that cybersecurity decisions have broader societal implications...
Sat, 07 Dec 2019 23:30:04 - #cybersecurity #phishing #ai #gdpr #acquisition #machinelearning #ccpa #security

Attackers Continue to Exploit Outlook Home Page Flaw

Infosec - Dark Reading - FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch...
Sat, 07 Dec 2019 21:13:58 - #fireeye #microsoft #security

How Small Businesses Can Fight Cybercrime With Threat Intelligence

Infosec - Recorded Future - When most people think about threat intelligence, they think about large organizations. Perhaps a telecom provider that needs...
Sat, 07 Dec 2019 21:13:57 - #cybersecurity #threatintelligence #verizon #security

LastPass Goes Passwordless

Globe Newswire - Technology - LastPass Identity solution now provides passwordless login experience for business customers LastPass Identity solution now provides...
Sat, 07 Dec 2019 21:13:51 - #lastpass #security

Microsoft: Spear-phishing email has doubled in a year, so here's how to beat it

Enterprise - ZDNet News - Microsoft warns of 'laser' phishing attacks that are so well-crafted even techies can't spot them.
Sat, 07 Dec 2019 20:36:05 - #microsoft #phishing #security

IM RAT spy tool seller raided, busted, kicked offline

Infosec - Naked Security - The spyware gave complete control of victimized computers, sold for as little as$25, and was bought by 14,500 hackers worldwide.
Fri, 06 Dec 2019 21:36:24 - #security

DigiCert and Ubisecure partner for next-generation Legal Entity Identifier organization identity solutions

Business Wire - DigiCert and Ubisecure announce their collaboration to help solve organizational identity challenges by adding LEIs into future DigiCert offerings.
Fri, 06 Dec 2019 21:36:23 - #digicert #security

Most Malicious Ads Target Windows Users: Devcon

Enterprise - Channelnomics - Ubiquity of Windows 10 makes it an attractive target for bad actors
Fri, 06 Dec 2019 01:36:52 - #microsoft #android #cybersecurity #antivirus #ipados #security

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Infosec - Threatpost - The Microsoft applications are vulnerable to an OAuth authentication flaw that could enable Azure account takeover.
Thu, 05 Dec 2019 16:13:37 - #microsoft #cloud #azure #security

3 Modern Myths of Threat Intelligence

Infosec - Dark Reading - More intelligence does not lead to more security. Here's why.
Thu, 05 Dec 2019 16:13:36 - #threatintelligence #security

Five "W's" for Vulnerability Management

Infosec - TripWire - The State of Security - As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming...
Thu, 05 Dec 2019 16:13:35 - #tripwire #security

Security for Cloud Services: IaaS Deep Dive

Infosec - TripWire - The State of Security - In this, the final post in my series on considerations for managing your security with cloud services, we...
Thu, 05 Dec 2019 16:13:34 - #tripwire #iaas #security

Threat Stack Announces Support for AWS Fargate

Business Wire - Threat Stack, a leader in cloud security and compliance for infrastructure and applications, today announced support for AWS...
Thu, 05 Dec 2019 16:13:25 - #cloud #aws #security

Millions of SMS messages exposed in database security lapse

Tech - TechCrunch - A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers,...
Thu, 05 Dec 2019 14:13:11 - #cybersecurity #security

The latest variant of the new Ginp Android Trojan borrows code from Anubis

Infosec - Security Affairs - Security experts discovered an Android banking Trojan, dubbed Ginp, that steals both login credentials and credit card data.
Thu, 05 Dec 2019 13:36:42 - #android #cybersecurity #security

The chain of trust in Apple's devices

Infosec - The Mac Security Blog - A lot of computer security is based on trust. Your devices verify that you are, indeed, an authorized user, through the...
Thu, 05 Dec 2019 13:13:32 - #cybersecurity #security

Dutch National Cyber Security Centre warns ransomware infected thousands of businesses

Infosec - Security Affairs - According to a confidential report from the Dutch National Cyber Security Centre (NCSC), at least 1,800 companies were infected...
Thu, 05 Dec 2019 13:13:28 - #sophos #cybersecurity #security

Vulnerable Docker instances targeted in cryptocurrency mining campaign

Enterprise - SiliconANGLE - Unknown hackers have launched a new campaign that is actively scanning for vulnerable Docker instances to inject cryptomining...
Wed, 04 Dec 2019 17:13:07 - #cybersecurity #docker #security

IoT beacon device is tamper-resistant

Media - eeNews Europe - Swiss based cyber security company WISeKey has partnered with ON Semiconductor and Tatwah to design a secure IoT beacon...
Wed, 04 Dec 2019 15:36:24 - #onsemi #microcontroller #cybersecurity #iot #devkit #wearables #identity #security

Dell Exploring Sale of RSA Security: Report

Enterprise - Channelnomics - Company could ask for $1 billion for the cybersecurity business
Wed, 04 Dec 2019 14:38:08 - #vmware #dell #cybersecurity #secureworks #pingidentity #acquisition #hybridcloud #security

Complete Cloud Native Security Is Here

Enterprise - Palo Alto Networks Blog - By Ron Harnik, senior product marketing manager, and Patrick Chang, senior director, product marketing
Prisma Cloud...
Wed, 04 Dec 2019 14:38:07 - #devops #paloaltonetworks #iaas #kubernetes #serverless #security

New Employees Can Be a Cybersecurity Risk. Here Are 5 Simple Practices You Can Teach Them During Onboarding

Girl Power: Female CEOs - Inc.com - Teach new employees these best practices to mitigate cybersecurity risk.
Wed, 04 Dec 2019 14:13:18 - #cybersecurity #security

CCPA's impact will reach far beyond California

Web Marketing - Digital Commerce 360 - Do your customers know what kinds of consumer data you collect and how you use it? If consumers wanted to find the answer,...
Wed, 04 Dec 2019 14:13:14 - #ccpa #security

Companies Need to Rethink What Cybersecurity Leadership Is

Think - HBR.org - A framework for boards and C-suite executives.
Wed, 04 Dec 2019 13:36:59 - #cybersecurity #security

Adobe revealed that the Magento Marketplace was hacked

Infosec - Security Affairs - Adobe discloses security breach impacting Magento Marketplace users

Adobe discloses a security breach that affected the...
Wed, 04 Dec 2019 13:36:45 - #magento #cybersecurity #security

Harnessing the Power of the People: Cloudflare's First Security Awareness Month Design Challenge Winners

Infosec - Cloudflare - Grabbing the attention of employees at a security and privacy-focused company on security awareness presents a unique challenge;...
Wed, 04 Dec 2019 13:36:44 - #lastpass #security

7 mobile security threats that may catch you by surprise

Infosec - CSO Online - Even if you're usually savvy about cybersecurity, anyone can have a vulnerable moment (in our writer's case, it was his mother's...
Wed, 04 Dec 2019 13:36:42 - #cybersecurity #security

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Infosec - Security Affairs - Microsoft revealed that the new Dexphot cryptocurrency miner has already infected more than 80,000 computers worldwide.
Wed, 04 Dec 2019 13:36:40 - #microsoft #cybersecurity #security

Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers

Infosec - The Hacker News - You can relate this:

While working on my laptop, I usually prefer sitting at a corner in the room from where no one should...
Wed, 04 Dec 2019 13:13:24 - #security

Someone pretended to be a mayor and the government gave him a .gov domain

Tech - Mashable - You can pretend to be anyone on the internet. Even the mayor of a small town.
A security researcher did just that and acquired an...
Wed, 04 Dec 2019 13:13:20 - #cybersecurity #godaddy #domains #security

Only a few 2020 US presidential candidates are using a basic email security feature

Tech - TechCrunch - Just one-third of the 2020 U.S. presidential candidates are using an email security feature that could prevent a similar attack...
Wed, 04 Dec 2019 13:13:16 - #phishing #cybersecurity #security

Hackers mass-scan for Docker vulnerability to mine Monero cryptocurrency

Media - The Next Web - A hacking group is reportedly performing a mass-scan of the internet in search of vulnerable ports on systems using enterprise...
Tue, 03 Dec 2019 17:13:23 - #docker #security

Hackers steal $48.7M in Ethereum from South Korean cryptocurrency exchange Upbit

Media - The Next Web - South Korean cryptocurrency exchange Upbit has reported that hackers have ransacked its Ethereum "hot wallet," stealing 342,000...
Tue, 03 Dec 2019 17:13:19 - #security

Senators Introduce Sweeping Online Privacy Legislation

Media - PYMNTS.com - A group of key Senate Democrats on Tuesday (Nov. 26) unveiled a far-reaching online privacy bill that levies tough new punishments...
Tue, 03 Dec 2019 17:13:13 - #ccpa #security

Twistlock Is Now Prisma Cloud Compute Edition

Enterprise - Palo Alto Networks Blog - Twistlock is proud to announce our first major...
Tue, 03 Dec 2019 15:37:04 - #microsoft #datacenter #paloaltonetworks #cloud #azure #firewall #googlecloud #aws #serverless #security