Woodstock Wire: Enterprise Security News

July 10, 2022

Cybersecurity Has a Talent Shortage & Non-Technical People Offer a Way Out

Infosec -- Dark Reading - It's time to tap the large reservoir of talent with analytical skills to help tackle cybersecurity problems. Train workers in cybersecurity details while using their ability to solve problems.

July 10, 2022 06:18 AM

OrBit, a new sophisticated Linux malware still undetected

Infosec -- Security Affairs - Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat.



Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected.

July 10, 2022 06:12 AM

OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks

Infosec -- The Hacker News - The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios.

The issue, now assigned the identifier...

July 10, 2022 06:09 AM

Akamai Linode now offers Kali Linux instances

Enterprise -- ZDNet News - Kali Linux, the Linux of choice for hackers and security pros, is now available on the Linode cloud.

July 10, 2022 05:53 AM

SHI hit by 'professional malware attack'

Enterprise -- CRN-UK - US-based reseller SHI has revealed that it was the target of a "co-ordinated and professional malware attack" over the 4 July celebration weekend.

The company, which provides IT products and services to businesses around the world,...

July 10, 2022 05:49 AM

SHI International hit by malware attack

Enterprise -- CRN - Said it caused various disruptions over the weekend.

July 10, 2022 05:47 AM

Supply chain attack uses malicious NPM packages to steal data

Enterprise -- SiliconANGLE - Researchers have discovered a supply chain attack that uses packages hosted on the Node Package Manager, the manager for the Node.js JavaScript platform. Detailed today by Reverse Engineer Karlo Zanki at Reversing Labs Inc., the software...

July 10, 2022 05:16 AM

More Than Half of DevOps Pros Have Backdoor Access to IT Infrastructure

Enterprise -- DevOps.com - A survey of 600 DevOps professionals conducted by strongDM, a platform for managing access to IT infrastructure, found nearly two-thirds (64%) had productivity impacted on a daily or weekly basis because of access issues. It's not surprising...

July 10, 2022 05:11 AM

Attackers abusing another threat simulation tool, report warns

Enterprise -- Computer Dealer News - Cybersecurity product manufacturers are being urged to adapt their applications to detect abuse of a new commercial attack simulation tool being used by threat actors. The warning, issued today by researchers at Palo Alto Networks'...

July 10, 2022 05:10 AM

These are the cybersecurity threats of tomorrow that you should be thinking about today

Enterprise -- ZDNet News - The rise of quantum computing, deepfakes, the Internet of Things and more are among the things that could create very real challenges for cybersecurity going forwards.

July 10, 2022 04:53 AM

Rethink Identity Governance and Administration

Think -- Gartner Blog Network - Identity governance and administration (IGA) is the system of record for identity management, access administration, and admin-time authorization.



IGA controls incrasingly have to identify and mitigate access risk across a variety...

July 10, 2022 02:23 AM

July 06, 2022

This news area will be shut down during July 2022

Woodstock Wire -- This news area will be shut down during July 2022



Clicking the story link will take you to a new site that covers this news area

July 06, 2022 02:24 AM

July 05, 2022

Records of 1B mainland Chinese residents offered for sale on hacking forum

Enterprise -- SiliconANGLE - Unknown hackers have claimed to have stolen data on as many as a billion mainland Chinese residents and are attempting to sell the data on a hacking forum. The data is alleged to have been stolen from the Shanghai National Police database...

July 05, 2022 05:56 AM

11 top cloud security threats

Infosec -- CSO Online - Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance's annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. "Data breaches and data loss were the top concerns...

July 05, 2022 04:53 AM

Microsoft Going Big on Identity with the Launch of Entra

Infosec -- Dark Reading - With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response.

July 05, 2022 04:43 AM

Latest web hacking tools - Q3 2022

Infosec -- The Daily Swig - We take a look at the latest additions to security researchers' armory

July 05, 2022 04:42 AM

White House joins industry leaders to double down on commitment to zero trust

Infosec -- CyberScoop - Cybersecurity leaders from the White House, Citibank and Google came together to promote stronger cooperation between public and private sector organizations at the Google Cloud Security Summit earlier this year. They asserted that these...

July 05, 2022 04:38 AM

ZuoRAT Hijacks SOHO Routers from Cisco, Netgear

Infosec -- Dark Reading - The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly.

July 05, 2022 04:23 AM

How to Master the Kill Chain Before Your Attackers Do

Infosec -- Dark Reading - In the always-changing world of cyberattacks, preparedness is key.

July 05, 2022 04:23 AM

What to do about inherent security flaws in critical infrastructure?

Enterprise -- The Register - Industrial systems' security got 99 problems and CVEs are one. Or more

The latest threat security research into operational technology (OT) and industrial systems identified a bunch of issues - 56 to be exact - that criminals could use...

July 05, 2022 03:01 AM

Google blocks 30+ malicious domains used by hack-for-hire groups

Enterprise -- SiliconANGLE - Google LLC's Threat Analysis Group said today it has blocked more than 30 malicious domains linked to hack-for-hire groups from Russia, India and the United Arab Emirates. The hack-for-hire firms have been actively targeting Gmail and...

July 05, 2022 02:54 AM

Jenkins warns of security holes in these 25 plugins

Enterprise -- The Register - Relax, most of the vulnerabilities so far have, er, no fix

Jenkins, an open-source automation server for continuous integration and delivery (CI/CD), has published 34 security advisories covering 25 plugins used to extend the software....

July 05, 2022 02:51 AM

July 04, 2022

Backdoor is being installed in Microsoft's IIS web server, warn Kaspersky researchers

Enterprise -- Computer Dealer News - Threat actors are installing a backdoor into installations of Microsoft's Internet Information Services (IIS) Windows web server that isn't being caught by some online file scanning services, say Kaspersky researchers. They also...

July 04, 2022 09:54 PM

Microsoft patches Service Fabric vulnerability that opens door to attackers

Enterprise -- SiliconANGLE - Microsoft Corp. has issued a patch for a vulnerability in Service Fabric that allows attackers to gain root privileges on a node and then take over other nodes in a cluster. Service Fabric hosts more than 1 million applications and runs...

July 04, 2022 05:29 AM

These are the 25 most dangerous software bugs of 2022

Enterprise -- ZDNet News - Easy to find and exploit, these flaws could give hackers a chance to take over your systems.

July 04, 2022 05:18 AM

Top 8 Zero Trust Network Access Products for Small Businesses

Enterprise -- IT Business Edge - Many employees and contractors work offsite in home networks, coffee shops, hotels, and other untrusted networks. Meanwhile, many cloud applications and data repositories have also migrated outside of the centralized control of an organization's...

July 04, 2022 05:16 AM

Adjusting News Areas

Woodstock Wire -- During the month of July, I will be stepping away from this news area going forward.



It has been a pleasure providing news in this area for the since 2001..



If you click the story link, it will take you to a new site that covers this type of news.

July 04, 2022 04:00 AM

Resecurity(r) Brings Cyber Threat Intelligence to Microsoft Azure

PR Newswire -- Resecurity, a cybersecurity and intelligence company, today announced its award-winning...

July 04, 2022 03:34 AM

SecurityMetrics Wins Coveted Global InfoSec Awards for Cybersecurity Book, Penetration Testing, and Top Women in Cybersecurity

PR Newswire -- SecurityMetrics is proud to announce that they have won the following awards from Cyber Defense Magazine (CDM), the industry's leading electronic information security magazine: "Most Innovative Cybersecurity Book" for the SecurityMetrics Guide to...

July 04, 2022 03:23 AM

July 02, 2022

CyberArk Announces Impact 2022: The Identity Security Event of the Year

Business Wire -- CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced the details of CyberArk Impact 2022. The global cybersecurity conference will bring together Identity Security professionals to connect, learn, collaborate and discuss the...

July 02, 2022 10:17 PM

July 01, 2022

Codenotary First to Provide Continuously Updated and Fully Searchable Tamper-Proof Information about Software Components in Container Images

Business Wire -- Codenotary launched SBOM Operator for Kubernetes in both its open source Community Attestation Service, as well as Codenotary's Trustcenter.

July 01, 2022 09:53 PM

June 28, 2022

Linux Foundation Rewards StepSecurity's Impact on CI/CD Pipeline Security Fixes for Critical Open Source Projects

Business Wire -- Security attacks targeting software supply chains have dramatically increased over the past several years. According to the Open Source Security Foundation (OpenSSF) Scorecard project, over-privileged automated workflow tokens are a high-risk...

June 28, 2022 07:55 PM

June 27, 2022

Okta for Good Launches New Grant Portfolio to Improve Cybersecurity for Nonprofits

Business Wire -- Okta, Inc. (NASDAQ:OKTA), the leading independent identity provider, today announced the launch of a Nonprofit Cybersecurity Portfolio and $1,020,000 in grants to support better security across the social sector. Stemming from Okta's three-year commitment...

June 27, 2022 01:56 AM

June 24, 2022

Island Debuts Game-Changing Enterprise Browser at Infosecurity Europe

Business Wire -- Island is introducing its groundbreaking Enterprise Browser to users in the U.K. and across Europe. Infosecurity Europe attendees will have the opportunity to explore the features of the Enterprise Browser firsthand at booth #T86. Island is one of cybersecurity's...

June 24, 2022 05:29 AM

June 20, 2022

Threat Modeling as a DevSecOps Practice

Enterprise -- DevOps.com - Software engineers are always under pressure to build more software, faster. At the same time, there is increasing regulatory and market pressure for secure software that meets users' and regulators' requirements for data privacy. This...

June 20, 2022 02:10 AM

Learn Cybersecurity with Palo Alto Networks Through this PCCSA Course @ 93% OFF

Infosec -- The Hacker News - In the world of cybersecurity, reputation is everything. Most business owners have little understanding of the technical side, so they have to rely on credibility.

Founded back in 2005, Palo Alto Networks is a cybersecurity giant that...

June 20, 2022 12:55 AM

Ransomware and Phishing Remain IT's Biggest Concerns

Infosec -- Dark Reading - Security teams - who are already fighting off malware challenges - are also facing renewed attacks on cloud assets and remote systems.

June 20, 2022 12:54 AM

Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability

Infosec -- The Hacker News - WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that's suspected of having been actively exploited in the wild.

The issue, which relates to...

June 20, 2022 12:49 AM

June 19, 2022

Microsoft Defender finally feels like proper antivirus software for individuals

Tech -- Digital Trends - Microsoft has launched Microsoft Defender for individuals as a new online security application for Microsoft 365 subscribers.

June 19, 2022 07:37 PM

Firefox just gave you a great reason to ditch Chrome for good

Tech -- Digital Trends - Firefox has just announced that Total Cookie Protection is now available by default to every user of the browser. The feature is meant to protect your privacy.

June 19, 2022 07:02 PM

Microsoft to acquire cyber threat analysis startup Miburo

Tech -- GeekWire - Microsoft announced Tuesday that it will acquire Miburo, a small company that helps customers detect and respond to foreign information operations. Microsoft said the acquisition will help the tech giant "expand its threat detection and analysis...

June 19, 2022 06:51 PM

Why the 'PACMAN' Exploit Is Proof You Should Always Update Your Mac

Life -- Lifehacker - Every piece of tech carries the risk of bugs and security flaws, but Macs running Apple's M1 chips are apparently vulnerable to an all-new category of threat. Security researchers at MIT's Computer Science & Artificial Intelligence Laboratory...

June 19, 2022 05:40 AM

June 17, 2022

Myota Awarded US Patent for its Zero Trust-based Data Security and Resilience Method

Globe Newswire -- Myota, Inc., a provider of advanced cybersecurity solutions that enable businesses to withstand and recover from ransomware and data breach attacks, today announced that the US Patent and Trademark Office (USPTO) has issued a new patent, No. 11,281,790...

June 17, 2022 03:34 AM

HashiCorp Vault Achieves Federal Information Processing Standard (FIPS) Compliance

Globe Newswire -- HashiCorp, Inc. (NASDAQ: HCP), a leading provider of multi-cloud infrastructure automation software, today announced Vault Enterprise has achieved Federal Information Processing Standard (FIPS) 140-2 Level 1 after validation from Leidos, the independent...

June 17, 2022 03:29 AM

CyberArk Extends Endpoint Privilege Manager Capabilities to Support Linux Platforms

Business Wire -- CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced new CyberArk Endpoint Privilege Manager functionality that extends protection to Linux platforms. Now, security and IT professionals can easily enforce least privilege and...

June 17, 2022 03:21 AM

June 15, 2022

Cloudflare mitigates 26 million request per second DDoS attack

Infosec -- Cloudflare - Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack - the largest HTTPS DDoS attack on record.The attack targeted a customer website using Cloudflare's Free plan. Similar to the previous...

June 15, 2022 03:20 AM

API Security Best Practices

Infosec -- Security Affairs - Organizations face the constant need to protect these APIs from attacks so they can protect organizational data.



Organizations are rapidly opening their ecosystem through Application Programming Interfaces (API) by ensuring seamless...

June 15, 2022 03:19 AM

Microsoft: Ransomware groups, nation-states exploiting Atlassian Confluence vulnerability

Infosec -- Record by Recorded Future - Ransomware groups and nation-state actors have begun exploiting a widespread zero-day vulnerability in all supported versions of Atlassian Confluence Server and Data Center unveiled late last month, according to Microsoft....

June 15, 2022 03:18 AM

9 ways hackers will use machine learning to launch attacks

Infosec -- CSO Online - Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly and automatically adapt to changing cyberthreats give security teams an advantage.However,...

June 15, 2022 03:17 AM

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

Infosec -- The Hacker News - The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East.

"The new malware is a .NET based DNS Backdoor which...

June 15, 2022 03:17 AM