Information Security Wire

Woodstock Wire: Information Security Wire

3 threats to watch in 2020

Infosec - Barracuda - How are you protecting your business from the latest, sophisticated, and costly cyberattacks?
Cybercriminals are launching more attacks...
Mon, 20 Jan 2020 16:36:57 - #cybersecurity #phishing #security

Senators to Trump administration: Protect small businesses from Iranian hacking threat

Infosec - CyberScoop - The federal agency charged with supporting small U.S. businesses should take "immediate action" to ensure that such firms are adequately...
Mon, 20 Jan 2020 16:36:56 - #microsoft #cybersecurity #security

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Infosec - Threatpost - Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open...
Mon, 20 Jan 2020 16:36:55 - #wordpress #security

Password Shaming Isn't Productive - Passwords Are Scary Business

Infosec - Infosec Island - We've all been in the situation trying to set a new password - you need one uppercase character, one number and one character...
Mon, 20 Jan 2020 16:36:54 - #android #synopsys #security

VMware addresses flaws in VMware Tools and Workspace ONE SDK

Infosec - Security Affairs - VMware has released security updates to address a local privilege escalation vulnerability in VMware Tools version 10 for...
Mon, 20 Jan 2020 16:32:20 - #vmware #android #security

Google makes safe logins more convenient by allowing smartphones to be security keys

Infosec - CyberScoop - Google users can now use an iPhone or Android device as a security key to sign into their accounts, utilizing a technique that improves...
Mon, 20 Jan 2020 15:13:03 - #android #phishing #security

Intel pushes for hardware-specific additions to vulnerability taxonomy

Infosec - CyberScoop - The professionals who work to uncover security vulnerabilities in hardware must find a "common language" for categorizing them in...
Mon, 20 Jan 2020 14:37:36 - #iot #security

How SD-WAN Helps Achieve Data Security and Threat Protection

Infosec - Dark Reading - Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
Mon, 20 Jan 2020 14:37:34 - #cybersecurity #sd-wan #security

What the 6 Phases of the Threat Intelligence Lifecycle Mean for Your Team

Infosec - Recorded Future
Mon, 20 Jan 2020 14:37:33 - #cybersecurity #maker #threatintelligence #security

Review: SaltStack brings SecOps to network orchestration and automation

Infosec - CSO Online - SaltStack Enterprise, and its optional SecOps modules, is one of the only platforms available today that can fully manage complex...
Mon, 20 Jan 2020 14:37:32 - #saltstack #security

Malicious npm package taken down after Microsoft warning

Infosec - Naked Security - Criminals have been caught trying to sneak a malicious package on to the popular Node.js platform npm (Node Package Manager).
Mon, 20 Jan 2020 14:37:31 - #microsoft #security

Iranian Threat Actors: Preliminary Analysis

Infosec - Security Affairs - Nowadays Iran's Cybersecurity capabilities are under the microscope, experts warn about a possible infiltration of the Iranian...
Mon, 20 Jan 2020 14:37:30 - #microsoft #supplychain #cybersecurity #phishing #security

Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA

Infosec - Security Affairs - Microsoft has released a security update to address "a broad cryptographic vulnerability" that is impacting its Windows operating...
Mon, 20 Jan 2020 14:37:29 - #microsoft #security

Turning to a new chapter of Windows Server innovation

Enterprise - Microsoft Azure - Today, January 14, 2020, marks the end of support for Windows Server 2008 and Windows Server 2008 R2. Customers loved these...
Mon, 20 Jan 2020 14:37:25 - #microsoft #vmware #64bit #cloud #azure #ai #kubernetes #threatprotection #hybridcloud #threatdetection #security

Learning from cryptocurrency mining attack scripts on Linux

Enterprise - Microsoft Azure - Cryptocurrency mining attacks continue to represent a threat to many of our Azure Linux customers. In the past, we've talked...
Mon, 20 Jan 2020 14:37:24 - #microsoft #ubuntu #hadoop #domains #antivirus #cloud #azure #jenkins #security

Oracle issues patches for 333 vulnerabilities

Enterprise - - Oracle's quarterly Critical Patch Updates to be released today include fixes for 333 security vulnerabilities. The company said...
Mon, 20 Jan 2020 14:13:32 - #oracle #security

Do Your SOC Metrics Incentivize Bad Behavior?

Enterprise - Palo Alto Networks Blog - The following post on SOC metrics is adapted from the book, "Elements of Security Operations," a guide to building...
Mon, 20 Jan 2020 14:13:29 - #paloaltonetworks #firewall #cybersecurity #security

The NSA found a dangerous flaw in Windows and told Microsoft to fix it

Think - MIT Technology Review - The secretive security agency identified the vulnerability and is taking public credit as part of an effort to "build...
Mon, 20 Jan 2020 13:42:30 - #microsoft #security

Azure is now certified for the ISO/IEC 27701 privacy standard

Enterprise - Microsoft Azure - We are pleased to share that Azure is the first major US cloud provider to achieve certification as a data processor for the...
Sun, 19 Jan 2020 23:36:54 - #microsoft #supplychain #bigdata #cloud #azure #gdpr #ai #ccpa #security

Why Cloud Security Seems So Hard, and How to Overcome These Challenges

Enterprise - Palo Alto Networks Blog - Since 2006, when AWS launched its Elastic Compute Cloud (EC2), the term "cloud" has rapidly become part of the business...
Sun, 19 Jan 2020 23:36:51 - #datacenter #iot #paloaltonetworks #cloud #azure #aws #gdpr #ccpa #security

Unpatched Citrix vulnerability now exploited, patch weeks away

Ars Technica - Software fix over a week away and patches going slowly.
Sun, 19 Jan 2020 23:36:49 - #security

Intel Fixes High-Severity Flaw in Performance Analysis Tool

Infosec - Threatpost - The flaw, in Intel VTune Profiler, could enable privilege escalation.
Sun, 19 Jan 2020 23:18:58 - #security

How to prevent a rootkit attack

Infosec - Malwarebytes Unpacked - If you're ever at the receiving end of a rootkit attack, then you'll understand why they are considered one of the most...
Sun, 19 Jan 2020 23:18:57 - #microsoft #cybersecurity #ddos #antivirus #phishing #botnet #security

Master Your Patch Management With Vulnerability Response: Our Latest ServiceNow Integration

Infosec - Recorded Future - It's tough out there for vulnerability management teams. You're dealing with hundreds of applications that can vary by department...
Sun, 19 Jan 2020 23:18:56 - #microsoft #servicenow #threatintelligence #security

Five Key Cyber-Attack Trends for This Year

Infosec - Infosec Island - 'It's not if, but when' is a long-established trope in the world of cybersecurity, warning organizations that no matter how...
Sun, 19 Jan 2020 23:18:55 - #supplychain #cybersecurity #ddos #botnet #iot #cloud #aws #hurricane #security

Authentication startup Trusona raises $20 million by promising to help clients ditch passwords

Infosec - CyberScoop - An Arizona-based startup used by the likes of Microsoft and Aetna on Tuesday announced it has raised $20 million, bringing its total...
Sun, 19 Jan 2020 23:18:54 - #microsoft #akamai #acquisition #security

Study examines cybercrime groups and how they are formed

Media - Electronics360 - Researchers from Michigan State University and the Netherlands Institute for the Study of Crime and Law Enforcement conducted...
Sun, 19 Jan 2020 21:13:28 - #cybersecurity #security

Kubernetes gets a bug bounty program

Tech - TechCrunch - The Cloud Native Computing Foundation (CNCF) today announced its first bug bounty program for Kubernetes, the ubiquitous container...
Thu, 16 Jan 2020 22:47:52 - #kubernetes #supplychain #security

Hackers Awarded More Than $275,000 for Surfacing Over 145 Security Vulnerabilities in Second 'Hack the Army' Challenge with HackerOne

Business Wire - Through partnership with the Defense Digital Service, the U.S. Department of Defense (DoD) and HackerOne, the number one hacker-powered pentesting...
Thu, 16 Jan 2020 22:38:03 - #security

New Report from UC Berkeley Center for Long-Term Cybersecurity and Booz Allen Hamilton Highlights Urgent Need for Board Engagement to Manage Cybersecurity Risk

Business Wire - Rapidly evolving cybersecurity threats are now commanding the attention of senior business leaders and boards of directors and are no longer...
Thu, 16 Jan 2020 22:38:02 - #cybersecurity #security

Tripwire Expands Industrial Cybersecurity Capabilities, Launches Tripwire Industrial Appliance Line and Joins ISA Global Security Alliance

Business Wire - Tripwire has launched Tripwire(r) Industrial Appliance line of hardware and joined ISA Global Security Alliance to advance industrial cybersecurity.
Thu, 16 Jan 2020 22:37:59 - #cybersecurity #tripwire #security

Check Point Software Technologies Receives 2 New Common Criteria Certifications to Meet the Security Needs of 31 Nations

Globe Newswire - Technology - Check Point achieves common criteria certifications for Protection Profile compliance and EAL4+ Check Point achieves common criteria...
Thu, 16 Jan 2020 22:13:46 - #security

Auth0 Assemble to be The Identity Conference for Application Builders

Globe Newswire - Technology - Auth0's inaugural user conference will be held August 26-27, 2020 in San Francisco Auth0's inaugural user conference will be held...
Thu, 16 Jan 2020 22:13:45 - #auth0 #security

Proofpoint Email Protection Wins CRN Product of the Year Award

Globe Newswire - Technology - CRN editorial board and providers select Proofpoint's innovative solution in web/email security category CRN editorial board and...
Thu, 16 Jan 2020 22:13:44 - #proofpoint #security

When Email Becomes SMBs' Biggest Security Threat

Media - - The business email compromise (BEC) scam is a cybersecurity threat to businesses of all sizes, and the financial and security implications...
Thu, 16 Jan 2020 22:13:36 - #cybersecurity #security

How AI Helps Marketplaces Fight Off-Platform Fraud

Media - - Fraudsters are starting off the new decade armed with the stolen data and credentials of millions of global consumers, and they...
Thu, 16 Jan 2020 21:13:08 - #supplychain #ecommerce #ai #blockchain #machinelearning #cybersecurity #security

Google update turns your iPhone into a physical account security key

Media - The Next Web - Google today updated its iOS Smart Lock app with a feature that essentially replaces a physical security key with your actual...
Thu, 16 Jan 2020 20:38:54 - #android #security

NSA Alerts Microsoft To Windows Security Flaw

Media - - In a move designed for public reassurance and transparency, the National Security Agency (NSA) will now be more forthright, sharing...
Thu, 16 Jan 2020 20:13:38 - #microsoft #cybersecurity #security

Zscaler Announces Dismissal of Lawsuits

Globe Newswire - Zscaler, Inc., the leader in cloud security, today announced the dismissal with prejudice of all patent lawsuits filed by Symantec against Zscaler....
Wed, 15 Jan 2020 14:37:27 - #broadcom #zscaler #acquisition #security

Cisco addressed a high-severity bug in Webex that could allow Remote Code Execution

Infosec - Security Affairs - Tech giant Cisco has recently addressed two high-severity vulnerabilities affecting its Webex and IOS XE Software products.
Tue, 14 Jan 2020 15:13:17 - #cisco #security

China-linked APT40 group hides behind 13 front companies

Infosec - Security Affairs - A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber-espionage...
Tue, 14 Jan 2020 15:13:16 - #fireeye #cybersecurity #security

Is Cybersecurity Getting Too Complex?

Infosec - Infosec Island - Weighing SMB Security Woes Against the Managed Security Promise

Looking strictly at the numbers, it appears small to mid-sized...
Tue, 14 Jan 2020 15:13:15 - #cybersecurity #hybridcloud #security

20/20 Vision on 2020's Network Security Challenges

Infosec - Infosec Island - As the new year starts, it's natural to think about the network security challenges and opportunities that organizations are...
Tue, 14 Jan 2020 15:13:14 - #cybersecurity #security

Neustar Delivers UltraThreat Feeds for More Effective Data Security

Business Wire - Neustar announces UltraThreat Feeds, a new service providing proprietary near real-time threat data to identify and stop bad traffic.
Tue, 14 Jan 2020 14:38:16 - #cybersecurity #security

Microsoft CEO says encryption backdoors are a 'terrible idea'

Tech - The Verge - As Apple squares off for another encryption fight, Microsoft CEO Satya Nadella offered mixed...
Tue, 14 Jan 2020 14:13:21 - #microsoft #security

RiskIQ Expands Leadership Team with Appointment of Christophe Culine as CRO to Fuel Next Stage of Growth

Globe Newswire - RiskIQ, the world leader in attack surface management, today announced the appointment of SaaS veteran Christophe Culine to the position of Chief...
Tue, 14 Jan 2020 14:13:15 - #riskiq #security

European Regulators Expand Scrutiny On Data Practices - And Bots

Media - - It's a new year, and in Europe, an expansion of scrutiny and laws governing data sharing.
The dawn of 2020 brought a spate of new...
Tue, 14 Jan 2020 13:14:11 - #cybersecurity #ecommerce #gdpr #security

The B2B Payments Fraud Threat Of Internal Employees

Media - - It was a difficult week for businesses getting hit with cyberattacks, with foreign currency company Travelex among the most high-profile...
Mon, 13 Jan 2020 14:12:53 - #microsoft #supplychain #cybersecurity #security

Medical practitioners expose 1B+ records via unsecured databases

Enterprise - SiliconANGLE - More than 1 billion medical images are believed to be exposed online as medical practitioners continue to upload them to unsecured...
Mon, 13 Jan 2020 13:41:14 - #cybersecurity #security

Remote Work Has a Hidden Challenge: Data Security. Here's How Experts Overcome It

Girl Power: Female CEOs - - These best practices can make a huge difference for any startup with remote employees.
Mon, 13 Jan 2020 13:13:47 - #cybersecurity #security