Information Security Wire

Woodstock Wire: Information Security Wire

3 Ways to Protect Your Business from Spear-Phishing Attacks

Infosec - FraudWatch Intl - Running your business involves protecting your valuable assets, and this goes further than putting a lock on your property, office furniture, and cars. You must also keep your customer and employee data safe. Unfortunately, many cybercriminals...
Fri, 27 Nov 2020 02:14:03 - #cybersecurity #phishing #security

5 Facts Hackers Do Not Want You To Know: How They Operate

Infosec - FraudWatch Intl - Cybercrime has become more common in recent years, and hackers are expected to commit more crimes now that the digital world is becoming more powerful than ever. Cybercriminals may be masterminds when it comes to the ins and outs of...
Fri, 27 Nov 2020 02:14:02 - #databreach #cybersecurity #threatintelligence #smartphone #security

5 Tips to Avoid Falling for Phishing Scams Amid the Holidays

Infosec - FraudWatch Intl - The holidays are fast approaching, and people are busy preparing for it, and so are the scammers. Because of this, you can even call it the season for phishing! During this frenetic time of the year, where most people are shopping online,...
Fri, 27 Nov 2020 02:14:01 - #antivirus #phishing #cybersecurity #security

Reducing Security Talent Attrition by Increasing Diversity

Enterprise - Information Week - CIOs and other IT leaders must attract, retain and hire professionals with broad cybersecurity skills, but that's not as easy as it sounds. Here's some advice.
Fri, 27 Nov 2020 02:13:54 - #cybersecurity #security

FBI: Fake versions of our site could be used for cyberattacks, so watch out

Enterprise - ZDNet News - The FBI is concerned dozens of domains that are designed to look like its own could be used in future disinformation campaigns and cyberattacks.
Fri, 27 Nov 2020 02:13:38 - #cybersecurity #security

Why SAD DNS Isn't So Sad with SOLIDserver

Enterprise - EfficientIP - DNS is at the middle of any communication intent, making it a popular target for hackers, who always manage to find new ways to attack such a critical service. Sometimes, it is not the engine itself which is faulty, but another piece of...
Fri, 27 Nov 2020 02:13:36 - #phishing #cybersecurity #efficientip #security

Zero Trust architectures: An AWS perspective

Enterprise - Amazon AWS Blog - Our mission at Amazon Web Services (AWS) is to innovate on behalf of our customers so they have less and less work to do when building, deploying, and rapidly iterating on secure systems. From a security perspective, our customers seek...
Fri, 27 Nov 2020 01:35:06 - #iot #firewall #bezos #cloud #aws #digitaltransformation #waf #ciso #cybersecurity #ddos #security

Penetration testing isn't enough, you need to activate full offensive operations

Enterprise - The Register - SANS Institute expands course lineup to help you think like a hacker
Promo When it comes to cyber attacks, it's not enough to just sit there, hoping miscreants will pass you by. You have to think like a hacker, stress testing your own systems...
Fri, 27 Nov 2020 01:35:00 - #cybersecurity #security

Securely Streamline Code Signing for DevOps and DevSecOps

Enterprise - DevOps.com - Introducing code-signing provides security within the application, but teams should take care to understand and implement the process effectively Digital certificate management, with hundreds or thousands of certificates required to support...
Thu, 26 Nov 2020 23:35:58 - #devops #security

Botnets have been silently mass-scanning the internet for unsecured ENV files

Enterprise - ZDNet News - Threat actors are looking for API tokens, passwords, and database logins usually stored in ENV files.
Thu, 26 Nov 2020 23:35:51 - #cybersecurity #botnet #security

Surprise! There's a Whole Lot of Ransomware Out There

Enterprise - The ChannelPro Network - Ransomware perps have been very busy this year. New research from Datto and Sophos shows how busy, as well as how much damage they're doing and how they're getting around cyber-defenses.
Thu, 26 Nov 2020 23:35:50 - #cybersecurity #sophos #security

Monitoring failed login attempts on Linux

Enterprise - Network World News - Repeated failed login attempts on a Linux server can indicate that someone is trying to break into an account or might only mean that someone forgot their password or is mistyping it. In this post, we look at how you can check for...
Thu, 26 Nov 2020 23:35:49 - #ubuntu #security

FireEye shells out $186m on security automation firm

Enterprise - CRN-UK - Cybersecurity vendor acquires Respond Software as it receives $400m strategic investment

FireEye has acquired cybersecurity automation specialist Respond Software for $186m.
Respond is billed as a "cybersecurity investigation automation"...
Thu, 26 Nov 2020 23:13:15 - #fireeye #mandiant #acquisition #machinelearning #threatintelligence #cybersecurity #security

Microsoft report: Cybersecurity a concern for remote businesses

Enterprise - Silicon Republic - Transitioning to a remote working world hasn't been easy, particularly when it comes to information security. That's the subject of a new report from Microsoft, which highlights some of the challenges employees and companies are facing...
Thu, 26 Nov 2020 23:13:12 - #cybersecurity #phishing #microsoft #security

Hackers are using Google services to bypass email defence, researchers warn

Enterprise - IT World Canada - Threat actors are increasingly using Google services such as Forms, Firebase and Sites to get around email defences that look for suspicious code and URLs, security vendor Armorblox has warned.
In a blog released this morning, the company...
Thu, 26 Nov 2020 22:36:19 - #phishing #microsoft #security

DDoS Attacks Are Surging Both in Frequency and Sophistication

Domains - CircleID - Cloudflare's new report warns about the significant increase of DDoS attacks and their level of sophistication. The numbers doubled from Q1 to Q2 and doubled again in Q3, resulting...
Thu, 26 Nov 2020 20:33:58 - #cybersecurity #ddos #security

What Marketers Need to Know About the California Privacy Rights Act

Web Marketing - CMS Wire - Remember CCPA? Now give it an adrenaline shot. Californian consumers now have more personal data protection rights than ever before. The state this month passed Proposition 24, or the California Privacy Rights Act (CPRA), which amends provisions...
Thu, 26 Nov 2020 20:33:56 - #ccpa #security

Sophos notifies data leak after a misconfiguration

Infosec - Security Affairs - The cyber-security firm Sophos is notifying customers via email about a security breach that took place earlier this week.

ZDNet reported that the cyber-security firm Sophos is notifying customers via email about a security breach,...
Thu, 26 Nov 2020 19:14:18 - #cybersecurity #firewall #sophos #security

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Infosec - Security Affairs - Researcher discovers a zero-day vulnerability in Windows 7 and Windows Server 2008 while he was working on a Windows security tool.

The French security researcher Clement Labro discovered a zero-day vulnerability was discovered while...
Thu, 26 Nov 2020 19:14:17 - #cybersecurity #microsoft #security

SSH-backdoor Botnet With 'Research' Infection Technique

Infosec - Security Affairs - Security expert Tolijan Trajanovski analyzed an SSH-backdoor Botnet that implements an interesting 'Research' infection technique.

In a recent tweet, the malware researcher @0xrb shared a list containing URLs of recently captured...
Thu, 26 Nov 2020 19:14:16 - #iot #antivirus #cybersecurity #botnet #security

Emerging Public Cloud Security Challenges in 2020 and Beyond

Infosec - TripWire - The State of Security - According to last year's Gartner forecast, public cloud services are anticipated to grow to $USD 266.4 billion by the end of this year, up from $USD 227.8 billion just a year ago. Clearly, cloud computing is making its...
Thu, 26 Nov 2020 19:14:15 - #cloud #tripwire #security

What is a Look-alike Domain?

Infosec - The PhishLabs Blog - By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive.
Cybercriminals register hundreds of thousands of look-alike domains each year with the goal of impersonating...
Thu, 26 Nov 2020 19:14:14 - #phishing #cybersecurity #domains #security

Look Beyond the 'Big 5' in Cyberattacks

Infosec - Dark Reading - Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
Thu, 26 Nov 2020 19:14:13 - #cybersecurity #security

Do You Know Who's Lurking in Your Cloud Environment?

Infosec - Dark Reading - A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
Thu, 26 Nov 2020 19:14:11 - #googlecloud #security

Networking giant Belden says hackers accessed data on employees, business partners

Infosec - CyberScoop - Belden, a U.S. manufacturer of networking and industrial cable products, said Tuesday that unidentified attackers had accessed and copied data on current and former employees, and some of its business partners.
The St. Louis-based company,...
Thu, 26 Nov 2020 19:14:09 - #cybersecurity #belden #tripwire #security

IoT cybersecurity bill passed by Senate

Infosec - Malwarebytes Unpacked - Days before taking a week-long Thanksgiving recess, the US Senate passed an almost mundane cybersecurity bill that, if approved by the President, will improve security guidelines and protocols for Internet of Things (IoT) devices...
Thu, 26 Nov 2020 19:14:08 - #iot #acquisition #cybersecurity #identity #security

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

Infosec - The Hacker News - cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection...
Thu, 26 Nov 2020 19:14:06 - #security

Is Cybersecurity Smart Enough to Protect Automated Buildings?

Infosec - TripWire - The State of Security - Hacked air conditioning and plummeting elevators? Imagine that you are in an elevator in a high rise building when suddenly the elevator starts to plummet with no apparent stopping mechanism other than the concrete foundation...
Thu, 26 Nov 2020 19:14:05 - #cybersecurity #tripwire #security

Latest Version of TrickBot Employs Clever New Obfuscation Trick

Infosec - Dark Reading - The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
Thu, 26 Nov 2020 19:14:04 - #cybersecurity #security

FinTech Threat: The Malicious Insider

Infosec - SecurityInnovation.com - Whether motivated by personal financial gain, revenge, dissatisfaction, or the desire for respect, one of the biggest threats to your organization is sitting right underneath your nose. Out of the whopping 41,686 security...
Thu, 26 Nov 2020 19:14:03 - #databreach #cybersecurity #verizon #security

Study: Certifications Boost Salaries Substantially

Infosec - ISC2 Blog - While skills shortages remain a major challenge in cybersecurity, those who work in the field have ample opportunities to boost their salaries. And one sure way to get better pay is by earning certifications, according to a new study by training...
Thu, 26 Nov 2020 19:14:02 - #cloud #aws #googlecloud #cybersecurity #security

Security Intelligence Handbook Chapter 3: The Security Intelligence Lifecycle

Infosec - Recorded Future - Editor's Note: Over the next several weeks, we're sharing excerpts from the third edition of our popular book, "The Security Intelligence Handbook: How to Disrupt Adversaries and Reduce Risk with Security Intelligence." Here, we're looking...
Thu, 26 Nov 2020 19:14:01 - #cybersecurity #maker #security

New US IoT law aims to improve edge device security

Infosec - CSO Online - As the world moves toward interconnection of all electronic devices, the proverbial internet of things (IoT), device manufacturers prioritize speed to market and price over security. According to Nokia's most recent threat intelligence report,...
Thu, 26 Nov 2020 19:13:59 - #iot #cybersecurity #threatintelligence #fortinet #security

8 types of phishing attack and how to identify them

Infosec - CSO Online - Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. Indeed, Verizon's 2020 Data Breach Investigations...
Thu, 26 Nov 2020 19:13:58 - #databreach #cybersecurity #phishing #verizon #security

Crooks social-engineered GoDaddy staff to take over crypto-biz domains

Infosec - Security Affairs - Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack.

Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of...
Thu, 26 Nov 2020 19:13:57 - #databreach #godaddy #domains #security

Credential stuffing attack targeted 300K+ Spotify users

Infosec - Security Affairs - Researchers uncovered a possible credential stuffing campaign that is targeting Spotify accounts using a database of 380 million login credentials.

Security experts from vpnMentor have uncovered a possible credential stuffing operation...
Thu, 26 Nov 2020 19:13:55 - #cybersecurity #elasticsearch #phishing #botnet #security

As 'Anywhere Work' Evolves, Security Will Be Key Challenge

Infosec - Dark Reading - Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
Thu, 26 Nov 2020 19:13:54 - #cybersecurity #security

Why application security will be critical on Cyber Monday

Infosec - Barracuda - While Black Friday and Cyber Monday began as a primarily American phenomenon, this shopping weekend is equally famous now in Europe, the UK, Australia, and many other countries. Friday, Saturday, Sunday, and Monday are just four days of the...
Thu, 26 Nov 2020 19:13:53 - #firewall #machinelearning #waf #cybersecurity #ddos #security

Ransomware Grows Easier to Spread, Harder to Block

Infosec - Dark Reading - Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
Thu, 26 Nov 2020 19:13:52 - #cybersecurity #security

VMware discloses critical zero-day CVE-2020-4006 in Workspace One

Infosec - Security Affairs - VMware discloses a critical zero-day vulnerability (CVE-2020-4006) in multiple VMware Workspace One components and released a workaround to address it.

VMware has released a workaround to address a critical zero-day vulnerability,...
Thu, 26 Nov 2020 19:13:49 - #cybersecurity #vmware #security

Computer Security and Data Privacy, the perfect alliance

Infosec - Security Affairs - Computer security and data privacy are often poorly considered issues, experts urge more awareness of cyber threats.

Computer security and data privacy are often poorly considered issues until incidents occur and unfortunately sometimes...
Thu, 26 Nov 2020 19:13:48 - #gdpr #cybersecurity #security

RiskIQ Report Uncovers Consumer Spending and Safety Sentiment for Online Shopping this Holiday Season

Globe Newswire - RiskIQ, the global leader in attack surface management, today released the findings from its Consumer Holiday Shopping Sentiment and Outlook 2020 report. The report explores how consumers plan to allocate their holiday budgets, what effect COVID-19 will...
Wed, 25 Nov 2020 00:35:28 - #coronavirus #riskiq #security

Splunk to Acquire Network Performance Monitoring Leader Flowmill

Business Wire - Splunk Inc. (NASDAQ: SPLK), provider of the Data-to-Everything Platform, today announced it has signed a definitive agreement to acquire Flowmill, a Palo-Alto based cloud network observability company with expertise in network performance monitoring (NPM)....
Tue, 24 Nov 2020 23:37:54 - #splunk #acquisition #security

Use real-time anomaly detection reference patterns to combat fraud

Enterprise - GoogleCloud - Algorithms and machine learning models can help you implement a streaming anomaly detection architecture using pre-designed reference patterns and cloud data analytics.
Mon, 23 Nov 2020 22:39:20 - #machinelearning #security

Azure Firewall Premium is in public preview

Enterprise - Azure Updates - Azure Firewall Premium provides next generation firewall capabilities that are required for highly sensitive and regulated environments.
Mon, 23 Nov 2020 22:39:19 - #cloud #azure #firewall #security

Kaspersky relocates data storage from Russia to Switzerland

Enterprise - Channel Partner Insight - The Russia-HQ cybersecurity vendor has moved its data processing activities out of Russia, and opened a new North America Transparency Centre

Kaspersky has announced it has completed the transferral of its data...
Mon, 23 Nov 2020 22:39:17 - #cybersecurity #security

3 Steps to Turn a Data Deluge Into Actionable Intelligence

Enterprise - DevOps.com - Digital transformation is creating even more data for organizations to manage effectively. Here's how to find the intelligence needle in the data haystack Data and analytics transform how companies across all industries identify and act...
Mon, 23 Nov 2020 22:13:57 - #devops #security

Amazon Web Services APIs can allegedly be exploited to steal user data

Enterprise - SiliconANGLE - News of yet another company exposing its data to all and sundry on cloud storage is so normal now that you can pre-write the news and insert the name of the company. This time, however, Amazon Web Services Inc. itself allegedly allows...
Mon, 23 Nov 2020 22:13:56 - #cloud #aws #security

Centrally manage AWS WAF (API v2) and AWS Managed Rules at scale with Firewall Manager

Enterprise - Amazon AWS Blog - Since AWS Firewall Manager was introduced in 2018, it has evolved with many more features and today also supports the newest version of AWS WAF, as well as the latest AWS WAF APIs (AWS WAFV2), and AWS Managed Rules for AWS WAF. (Note...
Mon, 23 Nov 2020 22:13:52 - #elasticsearch #firewall #cloud #aws #splunk #threatintelligence #cybersecurity #fortinet #security

Ransomware attack forces web hosting provider Managed.com to take servers offline

Enterprise - ZDNet Blogs - Ransomware attack on Managed.com appears to have taken place on Monday, November 16.
Mon, 23 Nov 2020 22:13:51 - #cybersecurity #security