Information Security Wire

Woodstock Wire: Information Security Wire

Puppet launches new tool to automate infrastructure security compliance

Enterprise - SiliconANGLE - Puppet Inc. today introduced Puppet Comply, a software product that enterprises can use to ensure their cloud and on-premises infrastructure adheres to cybersecurity requirements. Portland-based Puppet is the maker of one of the market's...
Sun, 25 Oct 2020 18:37:19 - #ansible #maker #saltstack #cybersecurity #security

How to block unauthorized external DNS resolvers for strengthening enterprise security

Enterprise - ChannelBuzz.ca - Using external DNS providers has always been a questionable idea for an enterprise. The Internet Domain Name System (DNS) helps end-user applications...
Sun, 25 Oct 2020 18:13:33 - #firewall #hp #cybersecurity #devops #security

[Live Webinar] Achieving FIPS 140-2 Encryption Compliance with HAProxy Enterprise on Red Hat Enterprise Linux

Enterprise - HAproxy - The live webinar will be held on Tuesday, November 10th, 2020 at following times:
EU times: 5 PM GMT, 6 PM CET
US times: 12 noon EST, 11 AM CDT, 10 AM MDT, 9 AM...
Sun, 25 Oct 2020 18:13:29 - #cybersecurity #haproxy #redhat #security

6 Important OS Hardening Tips to Protect Your Clients

Enterprise - ChannelE2E - To minimize the risk of a cyberattack, follow these six tips to harden your OS, according to guidance from Jay Ryerse at ConnectWise.
Sun, 25 Oct 2020 17:35:45 - #security

IBM Expands Cloud Pak for Security's Threat Management

Enterprise - Data Center Knowledge - IBM's Cloud Pak for Security now includes all pillars of threat management, including detection, investigation and response, and streamlines response efforts.
Sat, 24 Oct 2020 22:13:31 - #ibm #datacenter #security

Palo Alto Networks adds new cloud modules to their Prisma Cloud Native Security Platform

Enterprise - ChannelBuzz.ca - In addition to their Prisma Cloud 2.0 announcement, Palo Alto Networks has announced the availability of their first Canadian-based cloud region.Palo Alto Networks has launched the 2.0 version of their Prisma Cloud platform, the company's...
Sat, 24 Oct 2020 22:13:22 - #paloaltonetworks #cybersecurity #cloud #azure #firewall #microservices #aws #acquisition #serverless #waf #devops #security

Microsoft Teams phishing campaign targeted up to 50,000 Office 365 users

Infosec - Security Affairs - Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams.

Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a...
Sat, 24 Oct 2020 20:13:20 - #coronavirus #phishing #abnormalsecurity #microsoft #security

New ransomware attack targets K-12 teachers

Infosec - Barracuda - Another day, another pandemic-enabled scam. Criminals are now attacking K-12 schools by posing as parents who are using email to submit assignments to the teacher. The premise is that the student had trouble using the online classroom system,...
Sat, 24 Oct 2020 20:13:19 - #coronavirus #cybersecurity #security

Below the Surface: Improving security awareness

Infosec - Barracuda - Have you tuned in for Below the Surface yet? Streaming live on LinkedIn, Barracuda's new series offers candid discussions with key Barracuda experts on all the latest and greatest cybersecurity news, as well as Barracuda's recent research,...
Sat, 24 Oct 2020 20:13:18 - #cloud #azure #microsoft #cybersecurity #security

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks

Infosec - The Hacker News - Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems.
Called...
Sat, 24 Oct 2020 20:13:17 - #machinelearning #microsoft #ibm #nvidia #security

Securing medical devices: Can a hacker break your heart?

Infosec - WeLiveSecurity - Why are connected medical devices vulnerable to attack and how likely are they to get hacked? Here are five digital chinks in the armor.
Fri, 23 Oct 2020 11:37:35 - #security

Botnet Infects Hundreds of Thousands of Websites

Infosec - Dark Reading - KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
Fri, 23 Oct 2020 11:37:34 - #wordpress #cybersecurity #botnet #security

Credential-Stuffing Attacks Plague Loyalty Programs

Infosec - Dark Reading - But that's not the only type of web attack cybercriminals have been profiting from.
Fri, 23 Oct 2020 11:37:33 - #cybersecurity #security

8 New and Hot Cybersecurity Certifications for 2020

Infosec - Dark Reading - While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.
Thu, 22 Oct 2020 22:36:22 - #cybersecurity #security

Microsoft Teams Phishing Attack Targets Office 365 Users

Infosec - Threatpost - Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.
Thu, 22 Oct 2020 22:36:21 - #phishing #microsoft #security

Security Intelligence Handbook Introduction: A Complete Picture of Security Intelligence

Infosec - Recorded Future
Thu, 22 Oct 2020 22:13:11 - #cybersecurity #phishing #threatintelligence #security

The 6 best password managers

Infosec - CSO Online - One of the smartest moves you can make to protect employees, especially those working from home, is to encourage them to use a password manager. It's one of the easiest, too.Keyword best practices pertain to complexity, change frequency and...
Thu, 22 Oct 2020 17:14:12 - #cybersecurity #security

Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Infosec - TripWire - The State of Security - Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability...
Thu, 22 Oct 2020 17:14:11 - #wordpress #cybersecurity #tripwire #security

VMware fixes several flaws in its ESXi, Workstation, Fusion and NSX-T

Infosec - Security Affairs - VMware patched several flaws in its ESXi, Workstation, Fusion and NSX-T products, including a critical code execution vulnerability.

VMware has fixed several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including...
Thu, 22 Oct 2020 17:14:10 - #vmware #security

The 5 Best Ways to Handle Sensitive Data

Infosec - TripWire - The State of Security - There are two significant trends occurring right now that shouldn't be a surprise to anyone reading this post. First, businesses are gathering and leveraging more and more data to improve their core services. Second,...
Thu, 22 Oct 2020 17:14:09 - #tripwire #security

Oracle Kills 402 Bugs in Massive October Patch Update

Infosec - Threatpost - Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; 65 are critical, and two have CVSS scores of 10 out of 10.
Thu, 22 Oct 2020 17:14:08 - #oracle #security

Barracuda recognized in 2020 Gartner Magic Quadrant for Web Application Firewalls

Infosec - Barracuda - Gartner has named Barracuda a Challenger in the 2020 Gartner Magic Quadrant for Web Application Firewalls. This is the fourth year in a row that Barracuda has been recognized as a Challenger in this report based on ability to execute and completeness...
Thu, 22 Oct 2020 17:14:07 - #cloud #azure #firewall #waf #microsoft #ddos #security

What Threat Intelligence Really Means

Infosec - Recorded Future - Right now, adversaries are plotting attacks against organizations on the dark web and in underground communities. Security analysts need a reliable "ear the ground" that enables them to anticipate, and proactively disrupt, threat actors'...
Thu, 22 Oct 2020 17:14:06 - #threatintelligence #security

Chrome 86.0.4240.111 fixes actively exploited CVE-2020-15999 zero-day

Infosec - Security Affairs - Google has released Chrome version 86.0.4240.111 that also addresses the CVE-2020-15999 flaw which is an actively exploited zero-day.

Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues,...
Thu, 22 Oct 2020 17:14:05 - #cybersecurity #security

Security.org Adds "How Secure Is My Password" Tool to Site As Part of Cybersecurity Awareness Month

Globe Newswire - Technology - The Most Popular Password of 2020 Would Take a Computer Less Than a Second to Crack
Thu, 22 Oct 2020 17:14:03 - #cybersecurity #security

Atos to acquire leading Cyber Security consulting company SEC Consult

Globe Newswire - Technology -
Thu, 22 Oct 2020 17:13:59 - #cybersecurity #security

McAfee Announces Pricing of Initial Public Offering

Globe Newswire - McAfee Corp. ("McAfee"), the device-to-cloud cybersecurity company, today announced the pricing of its initial public offering of 37,000,000 shares of its Class A common stock at a price to the public of $20.00 per share. Of the offered shares, 30,982,558...
Thu, 22 Oct 2020 17:13:58 - #cybersecurity #security

EfficientIP: Service Providers Most Frequent Target of DNS Attacks with 11.4 Annual Attacks Per Company

Business Wire - Four out of five (83%) companies in the telecommunications & media sectors experienced a DNS attack last year.
Thu, 22 Oct 2020 17:13:39 - #efficientip #security

Fraud Fighters Focusing On Better P2P Security

Media - PYMNTS.com - There's no soft version, no smoothing it over. Companies charged with protecting people's data lost ground in 2020, after an abysmal 2019 of breathtaking data breaches. Yes, the pandemic explains a great deal of the new action. Preparedness...
Thu, 22 Oct 2020 16:36:50 - #cybersecurity #security

Apple, Opera, and Yandex fix browser address bar spoofing bugs, but millions more still left vulnerable

Tech - TechCrunch - Year after year, phishing remains one of the most popular and effective ways for attackers to steal your passwords. As users, we're mostly trained to spot the telltale signs of a phishing site, but most of us rely on carefully examining the...
Wed, 21 Oct 2020 13:39:19 - #maker #phishing #security

The 4 pillars of Windows network security

Infosec - CSO Online - Prior to Microsoft's Ignite conference I was able to talk with the company's CISO Bret Arsenault about some key elements that we all should be doing to keep Windows networks secure. He talks about four pillars of security: passwordless identity...
Wed, 21 Oct 2020 13:13:36 - #identity #ciso #microsoft #security

More Effective Security Awareness: 3 Tips for NCSAM

Infosec - TripWire - The State of Security - It's often said that humans are the weakest link in cybersecurity. Indeed, I'd have a hard time arguing that a computer that was sealed in a box, untouched by human hand, poses much of a security risk. But a computer...
Wed, 21 Oct 2020 13:13:35 - #tripwire #cybersecurity #security

4 of the Most Common Phishing Scams Committed in 2020

Infosec - FraudWatch Intl - As more and more business is conducted online, so does the amount of unscrupulous behavior on the internet increase. Phishing scams have been around since the birth of the internet, but advances in technology have also caused such scams...
Wed, 21 Oct 2020 13:13:34 - #cybersecurity #phishing #threatintelligence #security

Why You Need Digital Risk Protection for Your Business

Infosec - FraudWatch Intl - Digital security and privacy is a growing concern for any business and institution, mainly since technology is progressing too fast for security measures to adapt to. This is why numerous parties are against utilising younger technology...
Wed, 21 Oct 2020 13:13:33 - #cybersecurity #phishing #threatintelligence #ti #security

2 Tips to Share With Your Employees for Avoiding Online Fraud

Infosec - FraudWatch Intl - With cybercriminals finding new tactics to get their way in more systems and servers, the rate at which companies have their data compromised increases each day.
Unlike the past, where limited technology made it quite difficult for hackers...
Wed, 21 Oct 2020 13:13:32 - #antivirus #cybersecurity #phishing #domains #security

Cybersecurity 101 - 2 Signs to Detect Phishing Email Scams

Infosec - FraudWatch Intl - Phishing emails still run rampant today, with ill-willed individuals setting up traps to steal information from unsuspecting users. Unfortunately, many people still fall for it, mostly because they are not educated about this kind of...
Wed, 21 Oct 2020 13:13:31 - #antivirus #cybersecurity #phishing #security

3 Lesser Known Facts About Cyber Threat Intelligence

Infosec - FraudWatch Intl - For many companies, cyber threat intelligence is treated almost as an afterthought. Many assume that they don't need robust protection simply due to their smaller size or the nature of their business. However, this same mindset makes...
Wed, 21 Oct 2020 13:13:30 - #ai #threatintelligence #cybersecurity #security

Ransomware Attacks Show Little Sign of Slowing in 2021

Infosec - Dark Reading - Attackers have little motivation to stop when businesses are paying increasingly larger ransoms, say security experts who foresee a rise in attacks.
Wed, 21 Oct 2020 13:13:29 - #cybersecurity #security

Eliminating the Threat of Look-alike Domains

Infosec - The PhishLabs Blog - There are many ways look-alike domains can be used by threat actors. While business email compromise (BEC) and phishing sites are often top-of-mind for defenders, there are dozens of other uses for look-alike domains. This variation,...
Wed, 21 Oct 2020 13:13:28 - #cybersecurity #phishing #botnet #threatdetection #security

NSA details top 25 flaws exploited by China-linked hackers

Infosec - Security Affairs - The US National Security Agency (NSA) has shared the list of top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild.

The US National Security Agency (NSA) has published a report that includes...
Wed, 21 Oct 2020 13:13:27 - #oracle #microsoft #cisco #atlassian #datacenter #security

NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers

Infosec - Dark Reading - Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
Wed, 21 Oct 2020 13:13:26 - #security

Brute force attacks increase due to more open RDP ports

Infosec - Malwarebytes Unpacked - While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. That's...
Wed, 21 Oct 2020 12:38:15 - #cybersecurity #security

NSA warns defense contractors of recent Chinese government-backed hacking

Infosec - CyberScoop - U.S. defense contractors should be wary of Chinese government-backed hackers who are actively exploiting a multitude of known vulnerabilities to target - and successfully breach - victim networks, the National Security Agency said in an advisory...
Wed, 21 Oct 2020 12:38:14 - #coronavirus #fireeye #cybersecurity #security

How Automation can help you in Managing Data Privacy

Infosec - Security Affairs - The global data privacy landscape is changing and everyday we can see new regulations emerge.

These regulations are encouraging organizations to be better custodians of the consumers data and create a healthier space for data privacy....
Wed, 21 Oct 2020 12:38:13 - #databreach #gdpr #ccpa #security

Building the Human Firewall

Infosec - Dark Reading - Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
Tue, 20 Oct 2020 17:13:06 - #coronavirus #cybersecurity #security

Mobile Browser Bugs Open Safari, Opera Users to Malware

Infosec - Threatpost - A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.
Tue, 20 Oct 2020 16:42:40 - #cybersecurity #security

6 Common Phishing Attacks and How to Protect Against Them

Infosec - TripWire - The State of Security - Phishing attacks continue to play a dominant role in the digital threat landscape. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that phishing was the second topmost threat...
Tue, 20 Oct 2020 16:14:32 - #databreach #cybersecurity #phishing #verizon #tripwire #security

ReNgine: Open source recon tool automates intel-gathering process for pen testers

Infosec - The Daily Swig - Recon framework presents the results of website and endpoint scans in a single window
Tue, 20 Oct 2020 16:14:31 - #cybersecurity #security

Bot Attack trends for Jan-Jul 2020

Infosec - Cloudflare - Now that we're a long way through 2020, let's take a look at automated traffic, which makes up almost 40% of total Internet traffic.This blog post is a high-level overview of bot traffic on Cloudflare's network. Cloudflare offers a comprehensive...
Tue, 20 Oct 2020 16:14:30 - #coronavirus #firewall #cloud #aws #machinelearning #verizon #microsoft #datacenter #security

Microsoft issues two emergency Windows patches

Infosec - WeLiveSecurity - The flaws, neither of which is being actively exploited, were fixed merely days after the monthly Patch Tuesday rollout
Tue, 20 Oct 2020 16:14:29 - #microsoft #security