Woodstock Wire: Enterprise Security News

Enterprise -- Data Center Knowledge - IBM's Cloud Pak for Security now includes all pillars of threat management, including detection, investigation and response, and streamlines response efforts.

Enterprise -- ChannelBuzz.ca - In addition to their Prisma Cloud 2.0 announcement, Palo Alto Networks has announced the availability of their first Canadian-based cloud region.Palo Alto Networks has launched the 2.0 version of their Prisma Cloud platform, the company's...

Infosec -- Security Affairs - Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams.



Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a...

Infosec -- Barracuda - Another day, another pandemic-enabled scam. Criminals are now attacking K-12 schools by posing as parents who are using email to submit assignments to the teacher. The premise is that the student had trouble using the online classroom system,...

Infosec -- Barracuda - Have you tuned in for Below the Surface yet? Streaming live on LinkedIn, Barracuda's new series offers candid discussions with key Barracuda experts on all the latest and greatest cybersecurity news, as well as Barracuda's recent research,...

Infosec -- The Hacker News - Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems.

Called...

Infosec -- WeLiveSecurity - Why are connected medical devices vulnerable to attack and how likely are they to get hacked? Here are five digital chinks in the armor.

Infosec -- Dark Reading - KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.

Infosec -- Dark Reading - But that's not the only type of web attack cybercriminals have been profiting from.

Infosec -- Dark Reading - While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.

Infosec -- Threatpost - Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.

Infosec -- Recorded Future

Infosec -- CSO Online - One of the smartest moves you can make to protect employees, especially those working from home, is to encourage them to use a password manager. It's one of the easiest, too.Keyword best practices pertain to complexity, change frequency and...

Infosec -- TripWire - The State of Security - Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability...

Infosec -- Security Affairs - VMware patched several flaws in its ESXi, Workstation, Fusion and NSX-T products, including a critical code execution vulnerability.



VMware has fixed several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including...

Infosec -- TripWire - The State of Security - There are two significant trends occurring right now that shouldn't be a surprise to anyone reading this post. First, businesses are gathering and leveraging more and more data to improve their core services. Second,...

Infosec -- Threatpost - Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; 65 are critical, and two have CVSS scores of 10 out of 10.

Infosec -- Barracuda - Gartner has named Barracuda a Challenger in the 2020 Gartner Magic Quadrant for Web Application Firewalls. This is the fourth year in a row that Barracuda has been recognized as a Challenger in this report based on ability to execute and completeness...

Infosec -- Recorded Future - Right now, adversaries are plotting attacks against organizations on the dark web and in underground communities. Security analysts need a reliable "ear the ground" that enables them to anticipate, and proactively disrupt, threat actors'...

Infosec -- Security Affairs - Google has released Chrome version 86.0.4240.111 that also addresses the CVE-2020-15999 flaw which is an actively exploited zero-day.



Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues,...

Globe Newswire -- Technology - The Most Popular Password of 2020 Would Take a Computer Less Than a Second to Crack

Globe Newswire -- Technology -

Globe Newswire -- McAfee Corp. ("McAfee"), the device-to-cloud cybersecurity company, today announced the pricing of its initial public offering of 37,000,000 shares of its Class A common stock at a price to the public of $20.00 per share. Of the offered shares, 30,982,558...

Business Wire -- Four out of five (83%) companies in the telecommunications & media sectors experienced a DNS attack last year.

Media -- PYMNTS.com - There's no soft version, no smoothing it over. Companies charged with protecting people's data lost ground in 2020, after an abysmal 2019 of breathtaking data breaches. Yes, the pandemic explains a great deal of the new action. Preparedness...

Tech -- TechCrunch - Year after year, phishing remains one of the most popular and effective ways for attackers to steal your passwords. As users, we're mostly trained to spot the telltale signs of a phishing site, but most of us rely on carefully examining the...

Infosec -- CSO Online - Prior to Microsoft's Ignite conference I was able to talk with the company's CISO Bret Arsenault about some key elements that we all should be doing to keep Windows networks secure. He talks about four pillars of security: passwordless identity...

Infosec -- TripWire - The State of Security - It's often said that humans are the weakest link in cybersecurity. Indeed, I'd have a hard time arguing that a computer that was sealed in a box, untouched by human hand, poses much of a security risk. But a computer...

Infosec -- FraudWatch Intl - As more and more business is conducted online, so does the amount of unscrupulous behavior on the internet increase. Phishing scams have been around since the birth of the internet, but advances in technology have also caused such scams...

Infosec -- FraudWatch Intl - Digital security and privacy is a growing concern for any business and institution, mainly since technology is progressing too fast for security measures to adapt to. This is why numerous parties are against utilising younger technology...

Infosec -- FraudWatch Intl - With cybercriminals finding new tactics to get their way in more systems and servers, the rate at which companies have their data compromised increases each day.

Unlike the past, where limited technology made it quite difficult for hackers...

Infosec -- FraudWatch Intl - Phishing emails still run rampant today, with ill-willed individuals setting up traps to steal information from unsuspecting users. Unfortunately, many people still fall for it, mostly because they are not educated about this kind of...

Infosec -- FraudWatch Intl - For many companies, cyber threat intelligence is treated almost as an afterthought. Many assume that they don't need robust protection simply due to their smaller size or the nature of their business. However, this same mindset makes...

Infosec -- Dark Reading - Attackers have little motivation to stop when businesses are paying increasingly larger ransoms, say security experts who foresee a rise in attacks.

Infosec -- The PhishLabs Blog - There are many ways look-alike domains can be used by threat actors. While business email compromise (BEC) and phishing sites are often top-of-mind for defenders, there are dozens of other uses for look-alike domains. This variation,...

Infosec -- Security Affairs - The US National Security Agency (NSA) has shared the list of top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild.



The US National Security Agency (NSA) has published a report that includes...

Infosec -- Dark Reading - Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.

Infosec -- Malwarebytes Unpacked - While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. That's...

Infosec -- CyberScoop - U.S. defense contractors should be wary of Chinese government-backed hackers who are actively exploiting a multitude of known vulnerabilities to target - and successfully breach - victim networks, the National Security Agency said in an advisory...

Infosec -- Security Affairs - The global data privacy landscape is changing and everyday we can see new regulations emerge.



These regulations are encouraging organizations to be better custodians of the consumers data and create a healthier space for data privacy....

Infosec -- Dark Reading - Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?

Infosec -- Threatpost - A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.

Infosec -- TripWire - The State of Security - Phishing attacks continue to play a dominant role in the digital threat landscape. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that phishing was the second topmost threat...

Infosec -- The Daily Swig - Recon framework presents the results of website and endpoint scans in a single window

Infosec -- Cloudflare - Now that we're a long way through 2020, let's take a look at automated traffic, which makes up almost 40% of total Internet traffic.This blog post is a high-level overview of bot traffic on Cloudflare's network. Cloudflare offers a comprehensive...

Infosec -- WeLiveSecurity - The flaws, neither of which is being actively exploited, were fixed merely days after the monthly Patch Tuesday rollout

Infosec -- TripWire - The State of Security - Cybersecurity is in the news again with the disclosure that Tesla, working in conjunction with the FBI, prevented a ransomware attack from being launched at its Gigafactory in Nevada. The cybercriminals targeted Tesla...

Infosec -- CyberScoop - A federal grand jury returned an indictment against six alleged Russian intelligence officers who, collectively, were responsible for "conducting the most disruptive and destructive series of computer attacks ever attributed to a single group,"...

Infosec -- Threatpost - The espionage tool masquerades as legitimate applications and robs victims blind of their data.

Infosec -- Threatpost - A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.