Woodstock Wire: Enterprise Security News

Infosec -- Record by Recorded Future - A spokesperson for Taiwanese computer maker Acer has confirmed today that the company suffered a second security breach this year after hackers advertised the sale of more than 60 GB of data on an underground cybercrime forum.

Infosec -- Dark Reading - Think PCI, HIPAA, and GDPR compliance is tough? There's a tsunami of similar laws on the way. Prepare your business for success with privacy by design.

Infosec -- Barracuda - Ransomware has been dominating cybersecurity headlines for a while now, so it's completely understandable if you haven't been keeping up with the latest news about distributed denial-of-service (DDoS) attacks. But there have been some startling...

Infosec -- Record by Recorded Future - The Biden administration did not invite Russia to participate in the first meeting of a global effort to combat cybercrime, but could welcome the country that has become synonymous with ransomware to future gatherings.

Business Wire -- More than half (59%) of executives with cybersecurity decision-making responsibility at large and mid-sized companies say that their organizations have lost business due to product security concerns for connected devices and embedded systems, according...

Business Wire -- The Auth0 Identity Platform, a product unit within Okta (NASDAQ: OKTA), today announced the launch of the Auth0 Identity Platform on Microsoft Azure. The launch gives customers the ability to choose Azure as their cloud deployment option from Auth0. The...

Business Wire -- Okta, Inc. (NASDAQ: OKTA), the leading independent identity provider, today will announce continued growth and advancements in both Okta's and Auth0's Customer Identity and Access Management (CIAM) offerings at the company's annual Showcase event. Marking...

Enterprise -- Microsoft Azure - This blog post was co-authored by Alethea Toh, Program Manager and Syed Pasha, Principal Network Engineer, Azure Networking.



In early August, we shared Azure's Distributed Denial-of-Service (DDoS) attack trends for the first half of...

Enterprise -- ZDNet News - Many firms have no incident response plans, or ever test their cyber defences says cybersecurity chief.

Enterprise -- The Register - Pen-testers, rogue developers, dodgy hosters, etc. etc.

Feature This summer, Abnormal Security discovered that some of its customers' staff were receiving emails inviting them to install ransomware on a company computer in return for a...

Enterprise -- CRN - Merges it with McAfee Enterprise.

Media -- USATODAY - Tech Top Stories - Killware is the a cybersecurity threat we should be more aware of. So, what is it and is it as dangerous as it sounds?

Infosec -- Record by Recorded Future - Federal agencies will be required to give the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency (CISA) details about how they gather and analyze threat-related information from their...

Infosec -- CSO Online - There has been an exponential increase in cyberattacks around the globe in the last five years and a major chunk of it happened in October each year, according to a study by InfoSec Institute.A similar offensive appears to be building up...

Infosec -- Record by Recorded Future - Microsoft, GitHub, GitLab, and BitBucket -four of today's largest code hosting portals- have initiated mass revocations of SSH keys on Monday after the discovery of a vulnerability in a popular Git software client named GitKraken.

Infosec -- Recorded Future - For years, security practices were structured around protecting a company's critical infrastructure and assets by working to secure the perimeter. The assumption was that if you prevented someone from accessing your network with robust...

Infosec -- Record by Recorded Future - Microsoft said its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) distributed denial of service attack this year, at the end of August, representing the largest DDoS attack recorded to date.

Infosec -- CyberScoop - It's an espionage case so outlandish that the renowned espionage writer John le Carre would have rejected the idea as too difficult to believe.

The U.S. Department of Justice on Saturday unsealed charges against a Navy engineer who allegedly...

Infosec -- Record by Recorded Future - Microsoft said today that a new Iran-linked hacking group has targeted more than 250 Office 365 tenants and compromised accounts for less than 20.

Infosec -- Malwarebytes Unpacked - APT28, also known as FancyBear, is at the heart of another targeted campaign. This time, it's sniffing around users of Google services. Some 14,000 people have been notified about a spear phish attempt looking to compromise accounts...

Infosec -- CSO Online - Some of the changes to IT environments prompted by the COVID-19 pandemic-primarily work-from-home (WFH) and cloud adoption-are here to stay and will require long-term revisions to enterprise cybersecurity strategies.The often hasty measures...

Infosec -- Security Affairs - The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack.



The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates...

Infosec -- TripWire - The State of Security - Back in the early days of networking, many companies assigned all of the responsibilities to anyone who showed any aptitude towards operating a computer. In many companies, this was an accountant or someone else who...

Enterprise -- Nagios - A proper Security Information and Event Management (SIEM) system works efficiently over your entire network to gather information and assess events. Most critically, SIEM allows end users to respond to potential threats in real-time.

Infosec -- Security Affairs - Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49.



Security researcher Dhiraj Mishra released an NMAP script for the CVE-2021-41773...

Infosec -- Dark Reading - A new analysis confirms a surge in global cyberattacks since the COVID-19 pandemic began.

Infosec -- Malwarebytes Unpacked - Despite advance warnings that a root certificate provided by Let's Encrypt would expire on September 30, users reported issues with a variety of services and websites once that deadline hit. So what happened?

Infosec -- Security Affairs - Apache Software Foundation has released HTTP Web Server 2.4.51 to completely address a vulnerability that has been actively exploited in the wild.



Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively...

Infosec -- Record by Recorded Future - Microsoft plans to disable a legacy feature known as Excel 4.0 macros, also XLM macros, for all Microsoft 365 users by the end of the year, according to an email the company has sent customers this week, also seen by The Record.

Enterprise -- EfficientIP - DNS security is often in the news, a notable example being due to one of the largest DDoS attacks ever disrupting the Dyn cloud DNS service. At least 150,000 compromised devices (including IoT hardware) were used by the Mirai botnet to...

Infosec -- Dark Reading - A wealth of Microsoft data highlights trends in nation-state activity, hybrid workforce security, disinformation, and supply chain, IoT, and OT security.

Infosec -- Record by Recorded Future - Since at least 2016, a threat actor has hijacked TP-Link routers as part of a botnet that abused a built-in SMS capability to run an underground Messaging-as-a-Service operation.

Infosec -- Dark Reading - Swimlane Cloud is a low-code software-as-a-service that allows anyone in the organization to create security automation tasks and automation.

Business Wire -- Ping Identity (NYSE: PING), the intelligent identity solution for the enterprise, announced the winners of the fifth annual Identity Excellence Awards at their annual user conference, Ping YOUniverse (formerly IDENTIFY). Selected by Ping Identity leadership,...

Enterprise -- ZDNet Blogs - It's no easy ride -- but here are some tips from an experienced CISO.

Infosec -- Dark Reading - As more macOS patches emerge and cybercriminals and nation-states take aim at the platform, experts discuss how macOS security has evolved and how businesses can protect employees.

Infosec -- Dark Reading - Organizations need to protect against online threats in the most cost-effective manner possible. How do they determine the best managed cybersecurity model?

Business Wire -- Box, Inc. (NYSE: BOX), the leading Content Cloud, today announced new capabilities for Box Shield, the company's flagship security control and intelligent threat detection solution, to help customers reduce the risk of ransomware by scanning files in...

Business Wire -- Ping Identity (NYSE: PING), the intelligent identity solution for the enterprise, continues to enhance its PingOne Cloud Platform with new online fraud detection and other intelligent capabilities that strengthen enterprise cloud security while improving...

Infosec -- Threatpost - Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses.

Infosec -- Barracuda - Lawmakers from the U.S. House of Representatives and the Senate are questioning law enforcement officials from the Federal Bureau of Investigation about the handling of ransomware investigations after reports surfaced that the agency did not...

Infosec -- Security Affairs - An unnamed ransomware gang used a custom Python script to target VMware ESXi and encrypt all the virtual machines hosted on the server.



Researchers from Sophos were investigating a ransomware attack when discovered that the attackers...

Infosec -- The Hacker News - Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild.

"A flaw was found in a change made to path...

Infosec -- CSO Online - One boring day during the pandemic, security researcher Craig Hays decided to do an experiment. He wanted to leak an SSH username and password into a GitHub repository and see if any attacker might find it. Hays thought he'd have to wait...

Infosec -- TripWire - The State of Security - It is October 2021, and another Cybersecurity Awareness Month is upon us. With so much having occurred over the last year, we should all be experts in personal cybersecurity protection. After all, when our homes became...

Infosec -- Recorded Future - Ransomware threat actors continue to make their way into systems of organizations big and small all over the world, leading to business interruptions, financial loss, and reputational damage. Even more troubling are recent reports attributing...

Infosec -- CSO Online - The damage from executive email account takeovers can run into millions of dollars, as recent examples show.In 2019, Toyota Boshoku Corporation lost $37 million after the information in a payment direction from a third-party was changed,...

Yahoo Finance -- Box (BOX) introduces new features to Box Shield to provide users with improved security without disruption in business workflows.

Infosec -- Record by Recorded Future - A team of academics from the University of Maryland has discovered a previously hidden layer in China's Great Firewall censorship system.



Introduced in the late 90s, the Great Firewall (GFW) is a system of middleboxes installed...

Enterprise -- ZDNet News - Cybersecurity careers can offer six-figure salaries and promising job growth. Online cybersecurity degree programs help professionals launch careers.