Woodstock Wire: Enterprise Security News

Business Wire -- #WiFi--Zyxel announces the addition of the USG FLEX firewall series to the cloud-managed Nebula networking solution for SMBs and MSPs.

Media -- Evertiq - Cybersecurity and IoT company, WISeKey, says that it is significantly investing in its supply chain transformation to better and faster serve its customers. The company is simultaneously impacted by the current semiconductor shortage situation...

Life -- EurekAlert - Researchers have found a way to use chaos to help develop digital fingerprints for electronic devices that may be unique enough to foil even the most sophisticated hackers. Just how unique are these fingerprints? The researchers believe it...

Infosec -- Security Affairs - The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet.



The FBI arrested Seth Aaron Pendley (28), from Texas, for allegedly planning to launch a bomb attack...

Infosec -- Dark Reading - Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.

Infosec -- Security Affairs - CISA released a Splunk-based dashboard for post-compromise activity in Microsoft Azure Active Directory (AD), Office 365, and MS 365 environments.



The Cybersecurity and Infrastructure Security Agency (CISA) has released a Splunk-based...

Infosec -- Barracuda - There's an often-repeated stat that 90% of all data that exists today has been created in the last two years. The provenance of that figure is murky and disputed, and it dates back to nearly 10 years ago, so even if it was true then, that...

Infosec -- CSO Online - As the old security adage goes, "a well-managed network/system is a secure network/system," and this notion of network and system management is a cybersecurity foundation. Pick any framework (e.g., NIST Cybersecurity framework), international...

Infosec -- TripWire - The State of Security - Hidden deep in Google's release notes for the new version of Chrome that shipped on March 1 is a fix for an "object lifecycle issue." Or, for the less technically inclined, a major bug. Bugs like these have been common...

Infosec -- Dark Reading - Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report.

Infosec -- CyberScoop - Over the course of the next 20 years, nation-states will see a rise in targeted offensive cyber-operations and disinformation in an increasingly "volatile and confrontational" global security landscape, according to a new U.S. intelligence...

Infosec -- Flashpoint - The Market for Stolen Credit Cards Is Alive and Well in 2021



Payment and credit card fraud are constant concerns for security leaders, holding major financial and reputational consequences for card-issuing financial institutions. For threat...

Infosec -- CyberScoop - Two online hubs for stolen credit cards found themselves on the receiving end of hack-and-leak operations last month.



User data from the card store Swarmshop was posted to a different underground forum on March 17, exposing hundreds of...

Infosec -- The Hacker News - Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks.

At least one of the hacking incidents led...

Infosec -- The Hacker News - When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally.

While companies uphold their own password standards, outside forces like HIPAA...

Infosec -- Schneier on Security - Google's Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by "Western government operatives actively conducting a counterterrorism...

Infosec -- ISC2 Blog - Is There Ever Too Much Data?

As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase "Big Data" was a new, innovative way to gain a business advantage. Now, big data is the norm....

Infosec -- The Hacker News - The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make...

Infosec -- Dark Reading - An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.

Infosec -- Okta Blog - Introducing Okta's New Risk Ecosystem API: A Fraud Fighting Toolset to Secure Authentication and Delight Customers

Infosec -- Okta Blog - Breaking Barriers: Scaling Infrastructure Identity with Advanced Server Access

Infosec -- Malwarebytes Unpacked - A timely warning to keep systems patched has appeared, via a jointly-released report from Onapsis and SAP. The report details how threat actors are "targeting and potentially exploiting unprotected mission-critical SAP applications"....

Infosec -- Record by Recorded Future - Unpatched Fortinet VPN devices are being hacked to deploy a new strain of ransomware inside corporate networks, Russian security firm Kaspersky said today.

Infosec -- Dark Reading - By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.

Infosec -- TripWire - The State of Security - Cybercriminal extortionists have adopted a new tactic to apply even more pressure on their corporate victims: contacting the victims' customers, and asking them to demand a ransom is paid to protect their own privacy....

Infosec -- The Hacker News - Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security.

Whether you want to use AWS for a few things or everything, you need to protect access to it. Then...

Infosec -- The Hacker News - A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems.

Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10...

Infosec -- Security Affairs - Not only the European Commission, but many other organizations of the European Union have been targeted by a cyberattack in March.



A European Commission spokesperson confirmed that the European Commission, along with other European...

Infosec -- FraudWatch Intl - Since we are living in the age of information, your data and its protection are now more valuable than ever. Even more so is the case for an organisation like yours, which can be considered a hub for sensitive details about financial...

Infosec -- FraudWatch Intl - Saying that the internet is bustling with activity is an understatement. Millions upon millions of different operations, activities, and tasks are taking place every second, whether the action be taken by robots or humans. Most of these...

Infosec -- Naked Security - It's not just the breach, it's the speed of the breach response...

Infosec -- TripWire - The State of Security - Organizations are increasingly turning to containers to fuel their digital transformations. According to BMC, a 2019 survey found that more than 87% of respondents were running containers-up from 55% just two years earlier....

Infosec -- Threatpost - Aamir Lakhani, cybersecurity researcher for Fortinet's FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it.

Infosec -- Threatpost - In this roundtable, security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources.

Infosec -- The Hacker News - The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration...

Infosec -- Dark Reading - The pandemic's decline won't stop the work-from-home trend nor the implications for cybersecurity, so it's crucial to minimize the threats.

Infosec -- The Daily Swig - Prompt disclosure shake-up follows SolarWinds calamity

Globe Newswire -- RiskIQ, a leader in Internet Security Intelligence, announced the launch of its RiskIQ Illuminate(r) Internet Intelligence Platform, the only security intelligence solution that provides a tailored view of the global internet attack surface and pinpoints...

Business Wire -- As was first communicated on November 24, 2020, Belden was the victim of a sophisticated cyberattack that may have exposed the personal information of current and former employees and limited company information regarding some business partners. On the...

Business Wire -- Okta, Inc. (NASDAQ:OKTA), the leading independent identity provider, today at Oktane21, committed to achieving 100% renewable electricity for its global real estate footprint by 2022. The company's commitment marks a critical step in Okta's journey to...

Business Wire -- Fastly, Inc. (NYSE: FSLY), a global edge cloud platform, today announced a partnership with Okta, the leading independent provider of identity. The integration between Fastly's Signal Sciences security portfolio and Okta enables organizations to more...

Business Wire -- Okta, Inc. (NASDAQ:OKTA), the leading independent provider of identity, today at Oktane21, announced the expansion of the Okta Integration Network across four main areas including risk and fraud, customer data orchestration, data privacy and compliance,...

Business Wire -- Threat Stack today announced a strategic partnership with Liquid Web.

Business Wire -- Okta, Inc. (NASDAQ:OKTA), the leading independent provider of identity, today at Oktane21, announced the new Okta Starter Developer Edition to provide developers tools to embed Okta authentication, authorization, and user management into applications...

Business Wire -- Ping Identity (NYSE: PING), the Intelligent Identity solution for the enterprise, announced the Ping Intelligent Identity(tm) Platform has been named a finalist in the Best Identity Management Solution category of the 2021 SC Awards. The Ping Intelligent...

Media -- EE World - Leland Teschler, Executive Editor

Here's the latest IoT security nightmare: All of the wireless routers through which most IoT traffic passes are probably vulnerable to botnets and other kinds of security breaches. That's the conclusion of...

Media -- Fast Company - Attackers are finding the file-sharing capabilities in popular group-chat apps such as Discord and Slack a convenient way to distribute malware, warns a new report from Cisco Talos, Cisco's threat intelligence unit.

The risk isn't just...

PR Newswire -- Palo Alto Networks (NYSE: PANW) today announced that it has been selected by DISH Network Corporation (NASDAQ: DISH) to assist with securing the United States' first cloud-native, OpenRAN-based 5G wireless network....

Infosec -- CSO Online - A security operations center (SOC) analyst works within a team to monitor and fight threats to an organization's IT infrastructure, as well as to identify security weaknesses and opportunities for potential improvements. Since a SOC analyst...

Infosec -- CSO Online - Details of the 2020 SolarWinds attack continue to unfold, and it may be years before the final damages can be tallied.While it is "hard to say" if the SolarWinds software supply-chain compromise will become known as the highest-impact cyber...