Woodstock Wire: Enterprise Security News

October 25, 2020

IBM Expands Cloud Pak for Security's Threat Management

Enterprise -- Data Center Knowledge - IBM's Cloud Pak for Security now includes all pillars of threat management, including detection, investigation and response, and streamlines response efforts.

October 25, 2020 02:04 AM

Palo Alto Networks adds new cloud modules to their Prisma Cloud Native Security Platform

Enterprise -- ChannelBuzz.ca - In addition to their Prisma Cloud 2.0 announcement, Palo Alto Networks has announced the availability of their first Canadian-based cloud region.Palo Alto Networks has launched the 2.0 version of their Prisma Cloud platform, the company's...

October 25, 2020 01:51 AM

Microsoft Teams phishing campaign targeted up to 50,000 Office 365 users

Infosec -- Security Affairs - Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams.



Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a...

October 25, 2020 12:06 AM

October 24, 2020

New ransomware attack targets K-12 teachers

Infosec -- Barracuda - Another day, another pandemic-enabled scam. Criminals are now attacking K-12 schools by posing as parents who are using email to submit assignments to the teacher. The premise is that the student had trouble using the online classroom system,...

October 24, 2020 11:57 PM

Below the Surface: Improving security awareness

Infosec -- Barracuda - Have you tuned in for Below the Surface yet? Streaming live on LinkedIn, Barracuda's new series offers candid discussions with key Barracuda experts on all the latest and greatest cybersecurity news, as well as Barracuda's recent research,...

October 24, 2020 11:56 PM

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks

Infosec -- The Hacker News - Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems.

Called...

October 24, 2020 11:56 PM

October 23, 2020

Securing medical devices: Can a hacker break your heart?

Infosec -- WeLiveSecurity - Why are connected medical devices vulnerable to attack and how likely are they to get hacked? Here are five digital chinks in the armor.

October 23, 2020 03:35 PM

Botnet Infects Hundreds of Thousands of Websites

Infosec -- Dark Reading - KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.

October 23, 2020 03:20 PM

Credential-Stuffing Attacks Plague Loyalty Programs

Infosec -- Dark Reading - But that's not the only type of web attack cybercriminals have been profiting from.

October 23, 2020 03:19 PM

8 New and Hot Cybersecurity Certifications for 2020

Infosec -- Dark Reading - While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.

October 23, 2020 02:17 AM

Microsoft Teams Phishing Attack Targets Office 365 Users

Infosec -- Threatpost - Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.

October 23, 2020 02:16 AM

October 22, 2020

The 6 best password managers

Infosec -- CSO Online - One of the smartest moves you can make to protect employees, especially those working from home, is to encourage them to use a password manager. It's one of the easiest, too.Keyword best practices pertain to complexity, change frequency and...

October 22, 2020 09:01 PM

Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Infosec -- TripWire - The State of Security - Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability...

October 22, 2020 09:00 PM

VMware fixes several flaws in its ESXi, Workstation, Fusion and NSX-T

Infosec -- Security Affairs - VMware patched several flaws in its ESXi, Workstation, Fusion and NSX-T products, including a critical code execution vulnerability.



VMware has fixed several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including...

October 22, 2020 09:00 PM

The 5 Best Ways to Handle Sensitive Data

Infosec -- TripWire - The State of Security - There are two significant trends occurring right now that shouldn't be a surprise to anyone reading this post. First, businesses are gathering and leveraging more and more data to improve their core services. Second,...

October 22, 2020 08:59 PM

Oracle Kills 402 Bugs in Massive October Patch Update

Infosec -- Threatpost - Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; 65 are critical, and two have CVSS scores of 10 out of 10.

October 22, 2020 08:58 PM

Barracuda recognized in 2020 Gartner Magic Quadrant for Web Application Firewalls

Infosec -- Barracuda - Gartner has named Barracuda a Challenger in the 2020 Gartner Magic Quadrant for Web Application Firewalls. This is the fourth year in a row that Barracuda has been recognized as a Challenger in this report based on ability to execute and completeness...

October 22, 2020 08:54 PM

What Threat Intelligence Really Means

Infosec -- Recorded Future - Right now, adversaries are plotting attacks against organizations on the dark web and in underground communities. Security analysts need a reliable "ear the ground" that enables them to anticipate, and proactively disrupt, threat actors'...

October 22, 2020 08:54 PM

Chrome 86.0.4240.111 fixes actively exploited CVE-2020-15999 zero-day

Infosec -- Security Affairs - Google has released Chrome version 86.0.4240.111 that also addresses the CVE-2020-15999 flaw which is an actively exploited zero-day.



Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues,...

October 22, 2020 08:53 PM

Security.org Adds "How Secure Is My Password" Tool to Site As Part of Cybersecurity Awareness Month

Globe Newswire -- Technology - The Most Popular Password of 2020 Would Take a Computer Less Than a Second to Crack

October 22, 2020 08:49 PM

McAfee Announces Pricing of Initial Public Offering

Globe Newswire -- McAfee Corp. ("McAfee"), the device-to-cloud cybersecurity company, today announced the pricing of its initial public offering of 37,000,000 shares of its Class A common stock at a price to the public of $20.00 per share. Of the offered shares, 30,982,558...

October 22, 2020 08:47 PM

EfficientIP: Service Providers Most Frequent Target of DNS Attacks with 11.4 Annual Attacks Per Company

Business Wire -- Four out of five (83%) companies in the telecommunications & media sectors experienced a DNS attack last year.

October 22, 2020 08:37 PM

Fraud Fighters Focusing On Better P2P Security

Media -- PYMNTS.com - There's no soft version, no smoothing it over. Companies charged with protecting people's data lost ground in 2020, after an abysmal 2019 of breathtaking data breaches. Yes, the pandemic explains a great deal of the new action. Preparedness...

October 22, 2020 08:13 PM

October 21, 2020

Apple, Opera, and Yandex fix browser address bar spoofing bugs, but millions more still left vulnerable

Tech -- TechCrunch - Year after year, phishing remains one of the most popular and effective ways for attackers to steal your passwords. As users, we're mostly trained to spot the telltale signs of a phishing site, but most of us rely on carefully examining the...

October 21, 2020 05:31 PM

The 4 pillars of Windows network security

Infosec -- CSO Online - Prior to Microsoft's Ignite conference I was able to talk with the company's CISO Bret Arsenault about some key elements that we all should be doing to keep Windows networks secure. He talks about four pillars of security: passwordless identity...

October 21, 2020 05:02 PM

More Effective Security Awareness: 3 Tips for NCSAM

Infosec -- TripWire - The State of Security - It's often said that humans are the weakest link in cybersecurity. Indeed, I'd have a hard time arguing that a computer that was sealed in a box, untouched by human hand, poses much of a security risk. But a computer...

October 21, 2020 05:02 PM

4 of the Most Common Phishing Scams Committed in 2020

Infosec -- FraudWatch Intl - As more and more business is conducted online, so does the amount of unscrupulous behavior on the internet increase. Phishing scams have been around since the birth of the internet, but advances in technology have also caused such scams...

October 21, 2020 04:52 PM

Why You Need Digital Risk Protection for Your Business

Infosec -- FraudWatch Intl - Digital security and privacy is a growing concern for any business and institution, mainly since technology is progressing too fast for security measures to adapt to. This is why numerous parties are against utilising younger technology...

October 21, 2020 04:52 PM

2 Tips to Share With Your Employees for Avoiding Online Fraud

Infosec -- FraudWatch Intl - With cybercriminals finding new tactics to get their way in more systems and servers, the rate at which companies have their data compromised increases each day.

Unlike the past, where limited technology made it quite difficult for hackers...

October 21, 2020 04:52 PM

Cybersecurity 101 - 2 Signs to Detect Phishing Email Scams

Infosec -- FraudWatch Intl - Phishing emails still run rampant today, with ill-willed individuals setting up traps to steal information from unsuspecting users. Unfortunately, many people still fall for it, mostly because they are not educated about this kind of...

October 21, 2020 04:52 PM

3 Lesser Known Facts About Cyber Threat Intelligence

Infosec -- FraudWatch Intl - For many companies, cyber threat intelligence is treated almost as an afterthought. Many assume that they don't need robust protection simply due to their smaller size or the nature of their business. However, this same mindset makes...

October 21, 2020 04:52 PM

Ransomware Attacks Show Little Sign of Slowing in 2021

Infosec -- Dark Reading - Attackers have little motivation to stop when businesses are paying increasingly larger ransoms, say security experts who foresee a rise in attacks.

October 21, 2020 04:51 PM

Eliminating the Threat of Look-alike Domains

Infosec -- The PhishLabs Blog - There are many ways look-alike domains can be used by threat actors. While business email compromise (BEC) and phishing sites are often top-of-mind for defenders, there are dozens of other uses for look-alike domains. This variation,...

October 21, 2020 04:48 PM

NSA details top 25 flaws exploited by China-linked hackers

Infosec -- Security Affairs - The US National Security Agency (NSA) has shared the list of top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild.



The US National Security Agency (NSA) has published a report that includes...

October 21, 2020 04:38 PM

NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers

Infosec -- Dark Reading - Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.

October 21, 2020 04:37 PM

Brute force attacks increase due to more open RDP ports

Infosec -- Malwarebytes Unpacked - While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. That's...

October 21, 2020 04:36 PM

NSA warns defense contractors of recent Chinese government-backed hacking

Infosec -- CyberScoop - U.S. defense contractors should be wary of Chinese government-backed hackers who are actively exploiting a multitude of known vulnerabilities to target - and successfully breach - victim networks, the National Security Agency said in an advisory...

October 21, 2020 04:32 PM

How Automation can help you in Managing Data Privacy

Infosec -- Security Affairs - The global data privacy landscape is changing and everyday we can see new regulations emerge.



These regulations are encouraging organizations to be better custodians of the consumers data and create a healthier space for data privacy....

October 21, 2020 04:32 PM

October 20, 2020

Building the Human Firewall

Infosec -- Dark Reading - Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?

October 20, 2020 08:43 PM

Mobile Browser Bugs Open Safari, Opera Users to Malware

Infosec -- Threatpost - A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.

October 20, 2020 08:40 PM

6 Common Phishing Attacks and How to Protect Against Them

Infosec -- TripWire - The State of Security - Phishing attacks continue to play a dominant role in the digital threat landscape. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that phishing was the second topmost threat...

October 20, 2020 08:05 PM

ReNgine: Open source recon tool automates intel-gathering process for pen testers

Infosec -- The Daily Swig - Recon framework presents the results of website and endpoint scans in a single window

October 20, 2020 08:04 PM

Bot Attack trends for Jan-Jul 2020

Infosec -- Cloudflare - Now that we're a long way through 2020, let's take a look at automated traffic, which makes up almost 40% of total Internet traffic.This blog post is a high-level overview of bot traffic on Cloudflare's network. Cloudflare offers a comprehensive...

October 20, 2020 08:03 PM

Microsoft issues two emergency Windows patches

Infosec -- WeLiveSecurity - The flaws, neither of which is being actively exploited, were fixed merely days after the monthly Patch Tuesday rollout

October 20, 2020 08:03 PM

A Closer Look at the Attempted Ransomware Attack on Tesla

Infosec -- TripWire - The State of Security - Cybersecurity is in the news again with the disclosure that Tesla, working in conjunction with the FBI, prevented a ransomware attack from being launched at its Gigafactory in Nevada. The cybercriminals targeted Tesla...

October 20, 2020 08:02 PM

US charges Russian GRU officers for NotPetya, other major hacks

Infosec -- CyberScoop - A federal grand jury returned an indictment against six alleged Russian intelligence officers who, collectively, were responsible for "conducting the most disruptive and destructive series of computer attacks ever attributed to a single group,"...

October 20, 2020 08:01 PM

GravityRAT Comes Back to Earth with Android, macOS Spyware

Infosec -- Threatpost - The espionage tool masquerades as legitimate applications and robs victims blind of their data.

October 20, 2020 08:00 PM

Microsoft Exchange, Outlook Under Siege By APTs

Infosec -- Threatpost - A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.

October 20, 2020 08:00 PM