Woodstock Wire: Enterprise Security News

May 24, 2020

VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director

Infosec -- Security Affairs - VMware has addressed a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, that affects its Cloud...

May 24, 2020 11:16 PM

Microsoft Warns of Vulnerability Affecting Windows DNS Server

Infosec -- Dark Reading - A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.

May 24, 2020 11:13 PM

Prioritize Vulnerabilities With Unprecedented Intelligence for Free

Infosec -- Recorded Future - How do you describe vulnerability management in your organization? If terms like "rat race" or "hamster wheel" come to mind,...

May 24, 2020 11:13 PM

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

Infosec -- The Hacker News - Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch...

May 24, 2020 11:12 PM

Google launches Enhanced Safe Browsing to combat fleet-footed phishing sites

Infosec -- The Daily Swig - Real-time URL checks designed to block phishing sites that dodged previous measures

May 24, 2020 11:11 PM

4 tips for a successful cyber threat intelligence program

Infosec -- CSO Online - I heard some alarming new statistics from IBM security this month during IBM Think. With COVID-19 as a backdrop, cyber-attacks...

May 24, 2020 11:11 PM

How to protect Office 365 from coronavirus-themed threats

Infosec -- CSO Online - The National Cyber Awareness System, part of the US Cybersecurity and Infrastructure Security Agency (CISA), recently released an...

May 24, 2020 11:11 PM

Winning with Cyber Threat Intelligence: Taking a More Personal View

Infosec -- TripWire - The State of Security - In this final article of our trilogy, we investigate how a cyber threat intelligence (CTI) analyst and associated...

May 24, 2020 11:10 PM

Secure On-Premises Solutions with Okta: Secret Features + a Preview

Infosec -- Okta Blog - At Okta, we live to securely connect every organization to any technology. And that includes on-premises solutions. To secure these...

May 24, 2020 11:10 PM

Varonis Announces New Platform Update Featuring Remote Work Cybersecurity Capabilities

Globe Newswire -- Technology - Updates to the Varonis Data Security Platform help enterprises better secure their remote workforces with greater visibility and...

May 24, 2020 09:50 PM

Announcing Amazon Web Services Security Epics Automated - A Joint Offering from AWS ProServe Security and Infrastructure and ThreatModeler(tm)

Globe Newswire -- Technology - Enable a Self-Service Model to Design, Build and Manage Cloud Security Enable a Self-Service Model to Design, Build and Manage Cloud...

May 24, 2020 09:50 PM

Code42 Releases New Risk Indicators That Cut Through Alert Noise and Speed Insider Threat Investigations

Business Wire -- Code42 releases new risk indicators that cut through alert noise and speed insider threat investigations.

May 24, 2020 09:44 PM

Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert

Business Wire -- Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert

May 24, 2020 09:43 PM

FireEye Endpoint Security: Introducing Innovation Architecture for Rapid Deployment of Advanced Capabilities

Business Wire -- FireEye announces a new modular agent approach to Endpoint Security, enabling organizations to respond to security incidents more quickly.

May 24, 2020 09:42 PM

ERI's John Shegerian Discusses COVID-19's Effects on Cybersecurity for FCPA Compliance Report

Business Wire -- ERI's John Shegerian is featured on the latest episode of the FCPA Compliance Report podcast, discussing COVID-19's effects on cybersecurity.

May 24, 2020 09:41 PM

Researchers used AI to crack Microsoft Outlook's CAPTCHA

Media -- The Next Web - Not only are they super annoying, but it turns out text-based CAPTCHAs are also potentially a security risk. Researchers from...

May 24, 2020 09:39 PM

How Human-like Bots perform online fraud

Media -- ELE Times - 2019 saw login pages as prime targets for fraudsters across different verticals. They are using bad bots to carry out two types...

May 24, 2020 09:34 PM

5 Ways to Detect Application Security Vulnerabilities Sooner to Reduce Costs and Risk

Enterprise -- DevOps.com - Security testing has always been an important step in the application development process. Yet, traditional measures often occur...

May 24, 2020 06:23 PM

FBI warns about attacks on Magento online stores via old plugin vulnerability

Enterprise -- ZDNet News - FBI says hackers have been planting card skimmers on online stores by exploiting a 2017 bug in the MAGMI plugin.

May 24, 2020 06:22 PM

May 22, 2020

How to decode a data breach notice

Tech -- TechCrunch - Over the years I've seen hundreds, probably thousands, of data breach notifications warning that a company's data was lost, stolen...

May 22, 2020 06:27 PM

6 ways to be more secure in the cloud

Infosec -- CSO Online - If you rely on multiple or hybrid cloud environments to support business processes, you need to be as vigilant protecting data and...

May 22, 2020 03:19 AM

5 Career Tips for First-Time Cybersecurity Job Seekers

Infosec -- ISC2 Blog - It's a great time to work in cybersecurity. Demand for security professionals continues to grow, and the need for qualified people...

May 22, 2020 03:17 AM

Resolve internal hostnames with Cloudflare for Teams

Infosec -- Cloudflare - Phishing attacks begin like any other visit to a site on the Internet. A user opens a suspicious link from an email, and their DNS...

May 22, 2020 03:16 AM

Why You Should Ditch SMS as an Auth Factor

Infosec -- Okta Blog - In my previous post, I talked about how the COVID19 pandemic has impacted how our customers use MFA - more specifically how SMS as...

May 22, 2020 03:14 AM

Imperva Research Labs Finds Early Signs of Recovery from Web Traffic Dips Following COVID-19 Shelter-in-Place Orders

Business Wire -- Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, published its April 2020...

May 22, 2020 03:02 AM

May 21, 2020

Firewall support for Azure Relay is now in preview

Enterprise -- Azure Updates - With new firewall support, now in preview, Azure Relay now offers the ability to restrict connectivity to only well-known IP...

May 21, 2020 10:03 PM

Why DevOps Needs to Change Security

Enterprise -- Palo Alto Networks Blog - Where adopted, the DevOps methodology has made big changes in how applications are developed. Adding security into...

May 21, 2020 09:54 PM

As DevOps Accelerates, Security's Role Changes

Infosec -- Dark Reading - There remains a disconnect between developers and security teams, with uncertainty around who should handle software security.

May 21, 2020 06:44 PM

Private Equity Firm Stalls $1.9B Forescout Acquisition

Infosec -- Dark Reading - Officials say "there can be no assurance" Forescout and Advent International will reach an agreement, though talks are ongoing.

May 21, 2020 05:22 PM

The 3 Top Cybersecurity Myths & What You Should Know

Infosec -- Dark Reading - With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.

May 21, 2020 05:07 PM

Vishing explained: How voice phishing attacks scam victims

Infosec -- CSO Online - What is vishing?

Vishing is a form of attack that attempts to trick victims into giving up sensitive personal information over...

May 21, 2020 04:51 PM

Atlassian Authenticates Millions of Users with Auth0

Globe Newswire -- Technology - Australian software giant provides simple login experience for customers; focuses on security and identity Australian software giant...

May 21, 2020 04:10 PM

May 18, 2020

Shiny new Azure login attracts shiny new phishing attacks

Infosec -- Naked Security - Admins working with Microsoft Azure beware: phishers are updating their assets to reflect changes on the company's cloud-based...

May 18, 2020 05:45 PM

How to limit SSH (TCP port 22) connections with ufw on Ubuntu/Debian Linux

nixCraft -- {Updated} Want to limiting SSH connections with ufw? Try the following syntax to deny connections from an IP address that has attempted to initiate...

May 18, 2020 04:17 PM

FBI warns US organizations of ProLock ransomware decryptor not working

Infosec -- Security Affairs - The FBI‌ issued a flash alert to warn organizations in the United States that the ProLock ransomware decryptor doesn't...

May 18, 2020 03:57 PM

Stored XSS in WP Product Review Lite plugin allows for automated takeovers

Infosec -- Security Affairs - A critical flaw in the WP Product Review Lite plugin installed on over 40,000 WordPress sites could potentially allow their...

May 18, 2020 03:56 PM

Why OPSEC Is For Everyone, Not Just For People With Something To Hide - Part III

Infosec -- TripWire - The State of Security - In this final part of the series, I discuss why everyone should consider reviewing their OPSEC (Operations...

May 18, 2020 03:56 PM

Understanding Single Sign On as a Means of Identity Access Management

Infosec -- TripWire - The State of Security - I usually spend my mornings doing some reading and enjoying my coffee. On this one particular morning, I noticed...

May 18, 2020 03:56 PM

Red Canary Integrates Managed Detection and Response to Microsoft Defender Advanced Threat Protection (ATP)

Globe Newswire -- Red Canary, a member of the Microsoft Intelligent Security Association, today officially announced Red Canary Managed Detection and Response...

May 18, 2020 03:53 PM

Gartner Market Guide for Cloud Workload Protection Platforms: Key Takeaways

Enterprise -- Palo Alto Networks Blog - Cloud native development relies on workloads spread across any number of compute options - virtual machines (VMs),...

May 18, 2020 04:56 AM

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Infosec -- Security Affairs - Chinese threat actors, tracked as Tropic Trooper and KeyBoy, has been targeting air-gapped military networks in Taiwan and...

May 18, 2020 04:00 AM

US Commerce Department tightens screws on Huawei export controls

Infosec -- CyberScoop - The U.S. Department of Commerce on Friday said it was tightening regulations to prevent Huawei from using U.S. software to make...

May 18, 2020 03:58 AM

Paying Ransomware Crooks Doubles Clean-up Costs, Report

Infosec -- Threatpost - Paying ransom to cybercriminals costs companies hit with ransomware attacks more than recovering data on their own, according to...

May 18, 2020 03:57 AM

Palo Alto Networks addresses tens of serious issues in PAN-OS

Infosec -- Security Affairs - Palo Alto Networks addressed tens of vulnerabilities in PAN-OS, the software that runs on the company's next-generation firewalls.

May 18, 2020 03:57 AM

Why We're Different: Always-on Detection

Infosec -- RiskIQ - As attack surfaces grow outside the corporate firewall, cybersecurity teams need to be able to do two things well and at-scale: discover...

May 18, 2020 03:55 AM

Threat actors are offering for sale 550 million stolen user records

Infosec -- Security Affairs - Threat actors are offering for sale tens of databases on a hacker forum that contains roughly 550 million stolen user records.

May 18, 2020 03:55 AM

Microsoft open-sources its coronavirus threat data for security researchers

Media -- The Next Web - For the last couple of months, cybercriminals have taken advantage of the coronavirus pandemic to launch a series of attacks on...

May 18, 2020 03:30 AM

Microsoft helps employees work securely from home using a Zero Trust strategy

Enterprise -- Microsoft IT Showcase - When COVID-19 began its spread across the globe, Microsoft moved quickly to ensure our employees were able to work securely...

May 18, 2020 02:54 AM

Red alert: Elastic Stack emits 7.7, adds new security, observability features

Enterprise -- DevClass - Elastic Stack 7.7 is ready for downloading, providing users with a new alerting framework, an embedded case management workflow in...

May 18, 2020 02:53 AM

Palo Alto Networks Named Google Cloud Technology Partner of the Year

Enterprise -- Palo Alto Networks Blog - Beginning a digital transformation to the cloud is like a marathon: You've got to be prepared for the long haul. And...

May 18, 2020 02:39 AM