Woodstock Wire: Enterprise Security News

April 12, 2021

Zyxel Nebula Adds Firewall to Deliver Most Comprehensive Cloud Networking Solution for SMBs

Business Wire -- #WiFi--Zyxel announces the addition of the USG FLEX firewall series to the cloud-managed Nebula networking solution for SMBs and MSPs.

April 12, 2021 04:45 PM

WISeKey to increase manufacturing capabilities to support demand

Media -- Evertiq - Cybersecurity and IoT company, WISeKey, says that it is significantly investing in its supply chain transformation to better and faster serve its customers. The company is simultaneously impacted by the current semiconductor shortage situation...

April 12, 2021 04:42 PM

Scientists harness chaos to protect devices from hackers

Life -- EurekAlert - Researchers have found a way to use chaos to help develop digital fingerprints for electronic devices that may be unique enough to foil even the most sophisticated hackers. Just how unique are these fingerprints? The researchers believe it...

April 12, 2021 03:37 AM

This man was planning to kill 70% of Internet in a bomb attack against AWS

Infosec -- Security Affairs - The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet.

The FBI arrested Seth Aaron Pendley (28), from Texas, for allegedly planning to launch a bomb attack...

April 12, 2021 02:51 AM

Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help

Infosec -- Dark Reading - Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.

April 12, 2021 02:46 AM

CISA releases post-compromise tool Aviary to review Microsoft 365

Infosec -- Security Affairs - CISA released a Splunk-based dashboard for post-compromise activity in Microsoft Azure Active Directory (AD), Office 365, and MS 365 environments.

The Cybersecurity and Infrastructure Security Agency (CISA) has released a Splunk-based...

April 12, 2021 02:45 AM

Unstructured data growth poses hidden cloud security and compliance risk

Infosec -- Barracuda - There's an often-repeated stat that 90% of all data that exists today has been created in the last two years. The provenance of that figure is murky and disputed, and it dates back to nearly 10 years ago, so even if it was true then, that...

April 12, 2021 02:43 AM

4 steps to better security hygiene and posture management

Infosec -- CSO Online - As the old security adage goes, "a well-managed network/system is a secure network/system," and this notion of network and system management is a cybersecurity foundation. Pick any framework (e.g., NIST Cybersecurity framework), international...

April 12, 2021 02:42 AM

Digging Into the Third Zero-Day Chrome Flaw of 2021

Infosec -- TripWire - The State of Security - Hidden deep in Google's release notes for the new version of Chrome that shipped on March 1 is a fix for an "object lifecycle issue." Or, for the less technically inclined, a major bug. Bugs like these have been common...

April 12, 2021 02:41 AM

Fraudsters Use HTML Legos to Evade Detection in Phishing Attack

Infosec -- Dark Reading - Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report.

April 12, 2021 02:38 AM

US intelligence report warns of increased offensive cyber, disinformation around the world

Infosec -- CyberScoop - Over the course of the next 20 years, nation-states will see a rise in targeted offensive cyber-operations and disinformation in an increasingly "volatile and confrontational" global security landscape, according to a new U.S. intelligence...

April 12, 2021 02:37 AM

5 Things CISOs Need to Know About Card Fraud

Infosec -- Flashpoint - The Market for Stolen Credit Cards Is Alive and Well in 2021

Payment and credit card fraud are constant concerns for security leaders, holding major financial and reputational consequences for card-issuing financial institutions. For threat...

April 12, 2021 02:35 AM

No honor among thieves: Scammers target stolen credit card hubs

Infosec -- CyberScoop - Two online hubs for stolen credit cards found themselves on the receiving end of hack-and-leak operations last month.

User data from the card store Swarmshop was posted to a different underground forum on March 17, exposing hundreds of...

April 12, 2021 02:34 AM

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

Infosec -- The Hacker News - Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks.

At least one of the hacking incidents led...

April 12, 2021 02:32 AM

NIST and HIPAA: Is There a Password Connection?

Infosec -- The Hacker News - When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally.

While companies uphold their own password standards, outside forces like HIPAA...

April 12, 2021 02:08 AM

Google's Project Zero Finds a Nation-State Zero-Day Operation

Infosec -- Schneier on Security - Google's Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by "Western government operatives actively conducting a counterterrorism...

April 12, 2021 02:08 AM

Hush - This Data Is Secret

Infosec -- ISC2 Blog - Is There Ever Too Much Data?

As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase "Big Data" was a new, innovative way to gain a business advantage. Now, big data is the norm....

April 12, 2021 02:06 AM

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack

Infosec -- The Hacker News - The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make...

April 12, 2021 01:55 AM

Did 4 Major Ransomware Groups Truly Form a Cartel?

Infosec -- Dark Reading - An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.

April 12, 2021 01:51 AM

Introducing Okta's New Risk Ecosystem API: A Fraud Fighting Toolset to Secure Authentication and Delight Customers

Infosec -- Okta Blog - Introducing Okta's New Risk Ecosystem API: A Fraud Fighting Toolset to Secure Authentication and Delight Customers

April 12, 2021 01:50 AM

Breaking Barriers: Scaling Infrastructure Identity with Advanced Server Access

Infosec -- Okta Blog - Breaking Barriers: Scaling Infrastructure Identity with Advanced Server Access

April 12, 2021 01:50 AM

SAP warns of malicious activity targeting unpatched systems

Infosec -- Malwarebytes Unpacked - A timely warning to keep systems patched has appeared, via a jointly-released report from Onapsis and SAP. The report details how threat actors are "targeting and potentially exploiting unprotected mission-critical SAP applications"....

April 12, 2021 01:46 AM

New Cring ransomware deployed via unpatched Fortinet VPNs

Infosec -- Record by Recorded Future - Unpatched Fortinet VPN devices are being hacked to deploy a new strain of ransomware inside corporate networks, Russian security firm Kaspersky said today.

April 12, 2021 01:44 AM

5 Ways to Transform Your Phishing Defenses Right Now

Infosec -- Dark Reading - By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.

April 12, 2021 01:43 AM

A new headache for ransomware-hit companies. Extortionists emailing your customers

Infosec -- TripWire - The State of Security - Cybercriminal extortionists have adopted a new tactic to apply even more pressure on their corporate victims: contacting the victims' customers, and asking them to demand a ransom is paid to protect their own privacy....

April 12, 2021 01:42 AM

11 Useful Security Tips for Securing Your AWS Environment

Infosec -- The Hacker News - Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security.

Whether you want to use AWS for a few things or everything, you need to protect access to it. Then...

April 12, 2021 01:39 AM

Critical Auth Bypass Bug Found in VMWare Data Centre Security Product

Infosec -- The Hacker News - A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems.

Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10...

April 12, 2021 01:38 AM

European Commission and other institutions were hit by a major cyber-attack

Infosec -- Security Affairs - Not only the European Commission, but many other organizations of the European Union have been targeted by a cyberattack in March.

A European Commission spokesperson confirmed that the European Commission, along with other European...

April 12, 2021 01:37 AM

3 Types of Phishing Threats Your Organisation Can Encounter

Infosec -- FraudWatch Intl - Since we are living in the age of information, your data and its protection are now more valuable than ever. Even more so is the case for an organisation like yours, which can be considered a hub for sensitive details about financial...

April 12, 2021 01:35 AM

Why You Need Cybersecurity Services for Social Media Marketing

Infosec -- FraudWatch Intl - Saying that the internet is bustling with activity is an understatement. Millions upon millions of different operations, activities, and tasks are taking place every second, whether the action be taken by robots or humans. Most of these...

April 12, 2021 01:35 AM

Too slow! Booking.com fined for not reporting data breach fast enough

Infosec -- Naked Security - It's not just the breach, it's the speed of the breach response...

April 12, 2021 01:32 AM

April 11, 2021

3 Best Practices for Building Secure Container Images

Infosec -- TripWire - The State of Security - Organizations are increasingly turning to containers to fuel their digital transformations. According to BMC, a 2019 survey found that more than 87% of respondents were running containers-up from 55% just two years earlier....

April 11, 2021 08:07 PM

How To Defend the Extended Network Against Web Risks

Infosec -- Threatpost - Aamir Lakhani, cybersecurity researcher for Fortinet's FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it.

April 11, 2021 07:10 PM

15 Cybersecurity Pitfalls and Fixes for SMBs

Infosec -- Threatpost - In this roundtable, security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources.

April 11, 2021 06:29 PM

How the Work-From-Home Shift Impacts SaaS Security

Infosec -- The Hacker News - The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration...

April 11, 2021 03:57 AM

7 Ways to Reduce Cyber Threats From Remote Workers

Infosec -- Dark Reading - The pandemic's decline won't stop the work-from-home trend nor the implications for cybersecurity, so it's crucial to minimize the threats.

April 11, 2021 03:57 AM

RiskIQ Announces its Illuminate(r) Internet Intelligence Platform Delivering Tailored Security Intelligence by Lighting Up Internet Relationships

Globe Newswire -- RiskIQ, a leader in Internet Security Intelligence, announced the launch of its RiskIQ Illuminate(r) Internet Intelligence Platform, the only security intelligence solution that provides a tailored view of the global internet attack surface and pinpoints...

April 11, 2021 03:54 AM

Belden Issues Supplemental Notification of Data Incident

Business Wire -- As was first communicated on November 24, 2020, Belden was the victim of a sophisticated cyberattack that may have exposed the personal information of current and former employees and limited company information regarding some business partners. On the...

April 11, 2021 03:02 AM

Okta Announces Commitment to 100% Renewable Electricity

Business Wire -- Okta, Inc. (NASDAQ:OKTA), the leading independent identity provider, today at Oktane21, committed to achieving 100% renewable electricity for its global real estate footprint by 2022. The company's commitment marks a critical step in Okta's journey to...

April 11, 2021 03:00 AM

Fastly and Okta Join Forces to Offer In-Depth Identity Protection Against Security and Fraud Risk Without Impacting User Experience

Business Wire -- Fastly, Inc. (NYSE: FSLY), a global edge cloud platform, today announced a partnership with Okta, the leading independent provider of identity. The integration between Fastly's Signal Sciences security portfolio and Okta enables organizations to more...

April 11, 2021 02:59 AM

Okta Launches New Customer Identity Risk Ecosystem and Workflow Integrations

Business Wire -- Okta, Inc. (NASDAQ:OKTA), the leading independent provider of identity, today at Oktane21, announced the expansion of the Okta Integration Network across four main areas including risk and fraud, customer data orchestration, data privacy and compliance,...

April 11, 2021 02:59 AM

Threat Stack and Liquid Web Announce Strategic Partnership

Business Wire -- Threat Stack today announced a strategic partnership with Liquid Web.

April 11, 2021 02:50 AM

The New Okta Developer Experience: Secure Applications, APIs, and Infrastructure

Business Wire -- Okta, Inc. (NASDAQ:OKTA), the leading independent provider of identity, today at Oktane21, announced the new Okta Starter Developer Edition to provide developers tools to embed Okta authentication, authorization, and user management into applications...

April 11, 2021 02:50 AM

Ping Identity Named Best Identity Management Solution Finalist by SC Media Awards 2021

Business Wire -- Ping Identity (NYSE: PING), the Intelligent Identity solution for the enterprise, announced the Ping Intelligent Identity(tm) Platform has been named a finalist in the Best Identity Management Solution category of the 2021 SC Awards. The Ping Intelligent...

April 11, 2021 12:35 AM

April 09, 2021

Worst suspicions confirmed: The terrible security of internet routers

Media -- EE World - Leland Teschler, Executive Editor

Here's the latest IoT security nightmare: All of the wireless routers through which most IoT traffic passes are probably vulnerable to botnets and other kinds of security breaches. That's the conclusion of...

April 09, 2021 02:38 AM

April 07, 2021

Discord and Slack are becoming potent tools for malware attacks

Media -- Fast Company - Attackers are finding the file-sharing capabilities in popular group-chat apps such as Discord and Slack a convenient way to distribute malware, warns a new report from Cisco Talos, Cisco's threat intelligence unit.

The risk isn't just...

April 07, 2021 08:42 PM

April 05, 2021

DISH Selects Palo Alto Networks to Help Secure 5G Network

PR Newswire -- Palo Alto Networks (NYSE: PANW) today announced that it has been selected by DISH Network Corporation (NASDAQ: DISH) to assist with securing the United States' first cloud-native, OpenRAN-based 5G wireless network....

April 05, 2021 05:45 PM

Top 5 skills a SOC analyst needs

Infosec -- CSO Online - A security operations center (SOC) analyst works within a team to monitor and fight threats to an organization's IT infrastructure, as well as to identify security weaknesses and opportunities for potential improvements. Since a SOC analyst...

April 05, 2021 05:24 PM

The SolarWinds hack timeline: Who knew what, and when?

Infosec -- CSO Online - Details of the 2020 SolarWinds attack continue to unfold, and it may be years before the final damages can be tallied.While it is "hard to say" if the SolarWinds software supply-chain compromise will become known as the highest-impact cyber...

April 05, 2021 05:23 PM