Information Security Wire

Woodstock Wire: Information Security Wire

Upcoming Webinar: Modern Network Threat Detection and Response

Think - Gartner Blog Network - Here is my next Gartner webinar; this one is focused on network traffic use for detection and response.
Tue, 22 Jan 2019 18:13:19 - #security

4 tips to mitigate Slack security risks

Infosec - CSO Online - Slack, the popular enterprise workspace collaboration tool and IRC clone, does not offer end-to-end encryption, making any breach...
Tue, 22 Jan 2019 14:13:27 - #security

A flaw in MySQL could allow rogue servers to steal files from clients

Infosec - Security Affairs - A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational...
Tue, 22 Jan 2019 14:13:26 - #magento #wordpress #cybersecurity #security

Has two-factor authentication been defeated? A spotlight on 2FA's latest challenge

Infosec - Malwarebytes Unpacked - Multiple news reports about the defeat of two-factor authentication (2FA) have been making rounds lately.
In November...
Tue, 22 Jan 2019 14:13:25 - #android #cybersecurity #phishing #security

New malware found using Google Drive as its command-and-control server

Infosec - The Hacker News - Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly...
Tue, 22 Jan 2019 14:13:24 - #cybersecurity #security

The Imperative to Address Security Concerns of the Rapidly Evolving Internet of Things

Infosec - TripWire - The State of Security - The Internet of Things (IoT) broadly refers to devices and equipment that are readable, recognizable, locatable,...
Tue, 22 Jan 2019 14:13:23 - #tripwire #iot #wearables #security

What is spear phishing? Why targeted email attacks are so difficult to stop

Infosec - CSO Online - Spear phishing definition
Spear phishing is the act of sending and emails to specific and well-researched targets while purporting...
Tue, 22 Jan 2019 14:13:22 - #cybersecurity #phishing #security

How to automate SAML federation to multiple AWS accounts from Microsoft Azure Active Directory

Enterprise - Amazon AWS Blog - You can use federation to centrally manage access to multiple AWS accounts using credentials from your corporate directory....
Tue, 22 Jan 2019 13:42:12 - #microsoft #cloud #aws #docker #azure #acquisition #security

Barracuda Packs Incident Response Into Email Protection

Enterprise - Channelnomics - Barracuda Packs Incident Response Into Email ProtectionNew features give partners better ways to find, investigate, mitigate...
Tue, 22 Jan 2019 13:42:07 - #phishing #security

Fortinet's Ken Xie to Lead World Economic Forum Centre for Cybersecurity Cyber Workforce Session at Upcoming Annual Meeting

Globe Newswire - Technology - Fortinet to participate and contribute in gathering of top leaders from politics, business, civil society and academia to shape...
Tue, 22 Jan 2019 12:43:13 - #cybersecurity #security

QuintessenceLabs Attending World Economic Forum 2019 Annual Meeting

Business Wire - Global leader in cyber security, QuintessenceLabs, announces CEO Vikram Sharma's participation at the World Economic Forum's 2019 Annual meeting.
Sun, 20 Jan 2019 23:13:45 - #cybersecurity #security

McAfee Named a January 2019 Gartner Peer Insights Customer's Choice for Cloud Access Security Brokers

Business Wire - McAfee, the device-to-cloud cybersecurity company, today announced it was named a January 2019 Gartner Peer Insights Customers' Choice for Cloud...
Sun, 20 Jan 2019 23:13:32 - #cybersecurity #security

ISACA Announces 2019 Slate of Events for Business Technology Professionals Around the Globe During its 50th Anniversary Year

Business Wire - ISACA, a global association serving technology audit, assurance, governance and cybersecurity professionals, celebrating its 50th anniversary...
Sun, 20 Jan 2019 23:13:31 - #cybersecurity #security

PCI Security Standards Council Publishes New Software Security Standards

Business Wire - PCI SSC publishes new standards for the secure design and development of modern payment software.
Sun, 20 Jan 2019 23:13:27 - #security

Offensive Security Appoints Ning Wang as CEO to Lead Organization's Next Stage of Growth

Business Wire - Offensive Security, the leading provider of online penetration testing training and certification, today announced the appointment of Ning Wang...
Sun, 20 Jan 2019 22:41:40 - #security

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Infosec - Security Affairs - Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the...
Sun, 20 Jan 2019 22:13:26 - #ibm #cybersecurity #phishing #security

Temporary micropatch available for zero-day Windows exploit

Infosec - CSO Online - Microsoft has left two publicly known vulnerabilities unpatched in Windows this month, but researchers have stepped in and created...
Sun, 20 Jan 2019 22:13:24 - #microsoft #security

GDPR Suit Filed Against Amazon, Apple

Infosec - Dark Reading - An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance...
Sun, 20 Jan 2019 22:13:23 - #gdpr #security

Hosting malicious sites on legitimate servers: How do threat actors get away with it?

Infosec - Malwarebytes Unpacked - How do threat actors manage to get their sites and files hosted on legitimate providers' servers? I have asked myself...
Sun, 20 Jan 2019 22:13:22 - #antivirus #domains #cybersecurity #phishing #botnet #security

Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open

Infosec - Threatpost - A default configuration allows full admin access to unauthenticated attackers.
Sun, 20 Jan 2019 22:13:21 - #cisco #security

PCI Council Releases New Software Framework for DevOps Era

Infosec - Dark Reading - The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
Sun, 20 Jan 2019 22:13:20 - #devops #security

Oracle critical patch advisory addresses 284 flaws, 33 critical

Infosec - Security Affairs - Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated...
Sun, 20 Jan 2019 22:13:19 - #oracle #security

A Concise Introduction to DevSecOps

Infosec - OWASP 24/7 - The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps...
Fri, 18 Jan 2019 15:13:18 - #devops #security

13 Social Media Security Best Practices

Infosec - FraudWatch Intl - When you first think of social media threats, what most people might point out are trolls, fake accounts and fake followers...
Fri, 18 Jan 2019 15:13:17 - #cybersecurity #phishing #security

Strategies for Winning the Application Security Vulnerability Arms Race

Infosec - Infosec Island - As cyber criminals continuously launch more sophisticated attacks, security teams increasingly struggle to keep up with the...
Fri, 18 Jan 2019 15:13:16 - #ibm #synopsys #cybersecurity #verizon #security

Microsoft blue biz bug bounty bonanza beckons

Enterprise - The Register - Azure DevOps Services invites hackers to test its limits
There's more money to be made from bug hunting in Microsoft code after...
Fri, 18 Jan 2019 14:14:09 - #microsoft #devops #cloud #azure #security

Here's how to check if your email was one of 773m affected in major data leak

Enterprise - Silicon Republic - A newly-discovered data leak has been highlighted by cybersecurity researcher Troy Hunt, who maintains the Have I Been Pwned...
Fri, 18 Jan 2019 14:13:58 - #cybersecurity #security

You Want Network Segmentation, But You Need Zero Trust

Enterprise - Palo Alto Networks Blog - In this blog series, I've been giving sufficient commentary on Zero Trust in order to dispel much of the mythology...
Fri, 18 Jan 2019 14:13:53 - #cybersecurity #paloaltonetworks #firewall #security

Barracuda beefs up Total Email Protection bundle with new Forensics and Incident Response capability

Enterprise - ChannelBuzz.ca - This is the first new capability Barracuda has added to the Total Email Security bundle since they created it last fall, and...
Fri, 18 Jan 2019 14:13:52 - #phishing #security

Decrypted Telegram bot chatter revealed as new Windows malware

Tech - TechCrunch - Sometimes it take a small bug in one thing to find something massive elsewhere.
During an investigation recent, security firm Forcepoint...
Fri, 18 Jan 2019 13:13:11 - #cybersecurity #security

AWS Security Readiness Checklist

Infosec - Threat Stack - This AWS Security Readiness Checklist is intended to help organizations evaluate their applications and systems before deployment...
Thu, 17 Jan 2019 15:45:03 - #cloud #aws #security

Challenge Accepted: Work Smarter When It Comes to Identity Management

Infosec - The Identity Quotient Blog - It was a little more than a year ago when the executive leadership at this enterprise challenged its business units...
Thu, 17 Jan 2019 15:35:26 - #cybersecurity #security

System restore: How stressed security bosses unwind from the daily grind

Infosec - CyberScoop - Nothing will take your mind off work like reading about humanity's possible extinction.
Just ask Jim Motes. As the chief information...
Thu, 17 Jan 2019 15:35:25 - #cybersecurity #ai #security

Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide

Infosec - The Hacker News - Almost half of the fight travelers around the world were found exposed to a critical security vulnerability discovered in online...
Thu, 17 Jan 2019 15:35:24 - #security

New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks

Infosec - RiskIQ - RiskIQ has tracked Magecart and exposed their attacks for years. Now, the term is top-of-mind in the security community and beyond,...
Thu, 17 Jan 2019 15:13:13 - #supplychain #riskiq #security

Microsoft Azure obtains Korea-Information Security Management System (K-ISMS) certification

Enterprise - Microsoft Azure - Microsoft helps organizations all over the world comply with national, regional, and industry-specific regulatory requirements....
Thu, 17 Jan 2019 14:43:37 - #microsoft #cloud #azure #cybersecurity #security

What were the top 10 web exploits used by malicious attackers in 2018?

Enterprise - Silicon Republic - On a daily basis, you are likely to interact with a variety of applications as you go about your business. While apps are...
Thu, 17 Jan 2019 14:13:13 - #ddos #devkit #wordpress #security

Supply chain remains the weakest link in cybersecurity

SupplyChain - Supply Chain Digital - Supply chains present a weak link for cybersecurity because organisations can't always control the security measures taken...
Thu, 17 Jan 2019 13:49:34 - #supplychain #cybersecurity #paloaltonetworks #security

Nearly 22 million unique passwords leaked in 'Collection #1' data breach

Tech - Mashable - It's time to change your password again.
More than 87GB of passwords and email addresses have been leaked and distributed in a folder...
Thu, 17 Jan 2019 13:13:23 - #cybersecurity #security

WISeKey Completes Sale of QuoVadis SSL/TLS, PKI Businesses to DigiCert for $45 Million

Globe Newswire - Technology - WISeKey Completes Sale of QuoVadis SSL/TLS, PKI Businesses to DigiCert for $45 Million
Thu, 17 Jan 2019 12:46:59 - #digicert #security

Cybersecurity Is Every Leader's Job

Infosec - TripWire - The State of Security - Every organization is led by people who are responsible for setting the overall direction, establishing priorities,...
Wed, 16 Jan 2019 14:40:41 - #cybersecurity #tripwire #security

Adopting a 'Zero Trust' Approach: 5 Cyber Threats to Expect in 2019

Infosec - Recorded Future - Key Takeaways
Forrester researched recent cybersecurity trends and market patterns to make predictions for what kinds of threats...
Wed, 16 Jan 2019 14:40:40 - #android #cybersecurity #ddos #botnet #iot #threatintelligence #security

3 Things that set Barracuda PhishLine apart from the competition

Infosec - Barracuda - January marks the one-year anniversary of Barracuda's acquisition of PhishLine, so to mark the occasion we sat down with Dennis Dillman,...
Wed, 16 Jan 2019 14:40:39 - #acquisition #security

Researchers find hardcoded passwords in popular building-access system

Infosec - CyberScoop - Hardcoded default passwords have been found in a popular building access control system, and the company behind the product has...
Wed, 16 Jan 2019 14:40:38 - #cybersecurity #security

A flaw in vCard processing could allow hackers to compromise a Win PC

Infosec - Security Affairs - A security expert discovered a zero-day flaw in the processing of VCard files that could be exploited by a remote attacker...
Wed, 16 Jan 2019 14:40:37 - #microsoft #cybersecurity #security

Kubernetes security: 4 tips to manage risks

Enterprise - The Enterprisers Project - As you bear down on Kubernetes security, use these strategies to avoid missteps in work with containers and orchestration
Wed, 16 Jan 2019 14:40:36 - #kubernetes #security

Preventing Malware and Ransomware With Traps

Enterprise - Palo Alto Networks Blog - While ransomware is not new, major attacks like WannaCry, Petya/NotPetya and, more recently, TrickBot have shown that...
Wed, 16 Jan 2019 14:40:34 - #microsoft #paloaltonetworks #cybersecurity #security

Survey Indicates Container Security Concerns Limit Adoption

Enterprise - Data Center Knowledge - A new survey indicates that 60 percent of IT pros working with containers experienced at least one container security...
Wed, 16 Jan 2019 13:43:23 - #datacenter #security

Survey Indicates Container Security Concerns Limiting Adoption

Enterprise - Data Center Knowledge - A new survey indicates that 60 percent of IT pros working with containers experienced at least one container security...
Wed, 16 Jan 2019 13:43:20 - #datacenter #security

Box hires former SAP exec as Chief Information Security Officer

Tech - TechCrunch - Box announced today that it has hired Lakshmi Hanspal to be the company's new Chief Information Security Officer (CISO). She boasts...
Wed, 16 Jan 2019 13:13:39 - #cisco #cybersecurity #ariba #security