Woodstock Wire: Enterprise Security News

August 05, 2020

CyberArk Announces Second Quarter 2020 Results

Business Wire -- CyberArk (NASDAQ: CYBR), the global leader in privileged access management, today announced financial results for the second quarter ended June 30, 2020. "We were pleased to deliver results ahead of all guided metrics for the second quarter," said Udi...

August 05, 2020 04:05 PM

August 04, 2020

RiskIQ Joins Palo Alto Networks Cortex XSOAR Marketplace as a Launch Partner

Globe Newswire -- Technology - Cortex XSOAR Marketplace enables organizations to discover, share and consume security orchestration innovations from a global ecosystem to scale up automation Cortex XSOAR Marketplace enables organizations to discover, share and consume...

August 04, 2020 07:12 PM

August 03, 2020

Updates provided by Red Hat for BootHole cause systems to hang

Infosec -- Security Affairs - Red Hat is warning customers to not install the package updates released to address the BootHole vulnerability due to possible problems reported by the users.



This week, firmware security company Eclypsium reported that billions...

August 03, 2020 04:55 AM

Microsoft has the highest rate of zero-days detected in the wild, but not all is as it seems

Infosec -- The Daily Swig - Google's Project Zero argues that detection bias might be at play when we consider zero-day vulnerability rates in popular products

August 03, 2020 04:53 AM

New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

Infosec -- The Hacker News - Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server.



Remote timing attacks that work...

August 03, 2020 04:51 AM

Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know

Infosec -- Dark Reading - Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.

August 03, 2020 04:50 AM

BootHole issue allows installing a stealthy and persistent malware

Infosec -- Security Affairs - Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue, dubbed BootHole, that can be exploited to install a stealthy malware.



Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader...

August 03, 2020 04:48 AM

Average Cost of a Data Breach: $3.86 Million

Infosec -- Dark Reading - New IBM study shows that security system complexity and cloud migration can amplify breach costs.

August 03, 2020 04:47 AM

Why EFF Doesn't Support California Proposition 24

Infosec -- EFF Deeplinks - This November, Californians will be called upon to vote on a ballot initiative called the California Privacy Rights Act, or Proposition 24. EFF does not support it; nor does EFF oppose it.

EFF works across the country to enact and defend...

August 03, 2020 04:47 AM

Here's Why Credit Card Fraud is Still a Thing

Infosec -- Krebs on Security - Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which...

August 03, 2020 04:47 AM

Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems

Infosec -- The Hacker News - A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide-including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution...

August 03, 2020 04:43 AM

Billions of Devices Impacted by Secure Boot Bypass

Infosec -- Threatpost - The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT,IoT and home networks.

August 03, 2020 04:43 AM

Linux GRUB2 bootloader flaw breaks Secure Boot on most computers and servers

Infosec -- CSO Online - Operating system maintainers, computer manufacturers, security and virtualization software vendors have worked together over the past few months to coordinate a unified response to a vulnerability that allows attackers to bypass boot process...

August 03, 2020 04:42 AM

New bug in PC booting process could take years to fix, researchers say

Infosec -- CyberScoop - In June, the antivirus company ESET stumbled across an insidious strain of ransomware that prevents a computer from loading and locks its data.

A saving grace was that, in order for the attack to work, a ubiquitous feature known as UEFI Secure...

August 03, 2020 04:40 AM

Doki, an undetectable Linux backdoor targets Docker Servers

Infosec -- Security Affairs - Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers



Cybersecurity researchers at Intezer spotted a new completely undetectable Linux...

August 03, 2020 04:39 AM

Latest Microsoft Windows security update options explained

Infosec -- CSO Online - The need to manage patching on home machines that have no Group Policy, Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) control means that you may be looking for alternatives. Employees' personal machines...

August 03, 2020 04:38 AM

FBI warns of disruptive DDoS amplification attacks

Infosec -- WeLiveSecurity - The Bureau expects cybercriminals to increasingly abuse new threat vectors for large-scale DDoS attacks

August 03, 2020 04:38 AM

New VPN flaws highlight proven pathway for hackers into industrial organizations

Infosec -- CyberScoop - Sometime in the second half of 2019, suspected Iranian hackers started burrowing into the network of an unnamed organization in the Middle East. What likely began, according to investigators, as a breach of a virtual private network application...

August 03, 2020 04:37 AM

Survey of Supply Chain Attacks

Infosec -- Schneier on Security - The Atlantic Council has a released a report that looks at the history of computer supply chain attacks.



Key trends from their summary:



Deep Impact from State Actors: There were at least 27 different state attacks against the...

August 03, 2020 04:34 AM

Business ID Theft Soars Amid COVID Closures

Infosec -- Krebs on Security - Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity...

August 03, 2020 04:33 AM

Ransomware Negotiations and Original Hacker Culture

Infosec -- Recorded Future - Our guest today is Sherri Davidoff. She's the founder and CEO of LMG Security, a cybersecurity and digital forensics firm with clients across the globe. She shares the story of her professional journey, including her time deep in the...

August 03, 2020 04:31 AM

Celebrity Twitter hack caused by 'phone spear phishing attack'

Enterprise -- Silicon Republic - Earlier in July, Twitter experienced a major hack targeting the accounts of celebrities such as Elon Musk, Bill Gates, Jeff Bezos, Mike Bloomberg and Kanye West.

As a result of the cyberattack, hackers managed to collect $116,000 worth...

August 03, 2020 04:23 AM

AWS and Azure at Risk for 'Shadow Admin' Attacks, Security Firm Warns

Enterprise -- AWS Insider - Cloud giants Amazon Web Services and Microsoft Azure are at particular risk for hidden admin users to take over customer accounts, according to a recent report by cybersecurity specialist CyberArk.

August 03, 2020 03:14 AM

Newly discovered Linux and Windows vulnerability opens the door to hackers

Enterprise -- SiliconANGLE - A newly discovered serious vulnerability that affects most Linux and Windows installations, including servers, opens the door to hackers to run riot. Discovered by security researchers at enterprise device security firm Eclypsium Inc....

August 03, 2020 03:11 AM

A Developer's Guide to CCPA, GDPR Compliance

Enterprise -- DevOps.com - Here's what developers need to know to ensure compliance with the two biggest privacy laws The digital landscape is continuously evolving, and privacy regulations such as CCPA (California Consumer Privacy Act) and the European Union's GDPR...

August 03, 2020 02:30 AM

How to ensure cookies are GDPR-compliant by the DPC deadline

Enterprise -- Silicon Republic - With just months to go before the Data Protection Commission (DPC) begins enforcing its guidance on web cookie compliance, Sligo web design business Dmac Media has warned Irish businesses that they may not yet be compliant with the...

August 03, 2020 01:46 AM

Pulse Secure Eases Access to Cloud, Data Center Applications

Enterprise -- Channelnomics - Pulse Secure Eases Access to Cloud, Data Center ApplicationsJuly 28, 2020MSSPs and other partners can leverage new PZTA solution for enterprise customersBy Jeffrey BurtPulse Secure is launching a cloud-based secure access service that...

August 03, 2020 01:43 AM

How to tailor SASE to your enterprise

Enterprise -- Network World News - Businesses considering the secure access service edge (SASE) model need to understand that there are numerous ways to implement it that can be tailored to their future needs and the realities of their legacy networks.As defined by...

August 03, 2020 12:25 AM

Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev

Enterprise -- ZDNet Blogs - OAuth tokens have been abused for intrusions at least two other companies, Dave.com and Flood.io.

August 03, 2020 12:23 AM

Ransomware: These free decryption tools have now saved victims over $600m

Enterprise -- ZDNet News - Four years on from launch, the No More Ransom initiative has helped over 4 million victims of ransomware attacks retrieve their files for free.

August 03, 2020 12:18 AM

August 02, 2020

Cybersecurity Skills Crisis Worsens for Fourth Year in a Row, Impacting 70% of Organizations

Business Wire -- Annual ISSA and ESG study finds the cybersecurity skills crisis has worsened for the fourth year in a row and impacted 70 percent of organizations.

August 02, 2020 10:57 PM

Citrix Brings Web Application Firewall Capabilities to the Cloud

Business Wire -- Employees today must be able to work from anywhere. And IT needs to ensure the applications they require to get things done are delivered in a secure and reliable manner. To help on both fronts, Citrix Systems, Inc. (NASDAQ:CTXS) today launched...

August 02, 2020 10:57 PM

Auth0 Announces First-Ever Hackathon

Globe Newswire -- Technology - Developers called upon to "hack for change" for today's real-world issues Developers called upon to "hack for change" for today's real-world issues

August 02, 2020 10:53 PM

July 30, 2020

FireEye Reports Financial Results for Second Quarter 2020

Business Wire -- FireEye releases financial results for Q2 2020.

July 30, 2020 08:20 PM

RiskIQ Joins Microsoft Intelligent Security Association

Globe Newswire -- Technology - RiskIQ Accelerates Threat Investigation and Remediation Through Microsoft Azure Sentinel with Rich Internet Security Intelligence and Attack Surface Visibility RiskIQ Accelerates Threat Investigation and Remediation Through Microsoft Azure...

July 30, 2020 06:19 PM

July 27, 2020

Block/Allow: The Changing Face of Hacker Linguistics

Infosec -- Dark Reading - Terms such as "whitelist," "blacklist," "master," and "slave" are being scrutinized again and by a wider range of tech companies than ever before.

July 27, 2020 05:02 PM

FBI Issues DDoS amplification attack alert

Infosec -- Barracuda - The Federal Bureau of Investigation (FBI) in the U.S. has issued an alert warning organizations that distributed denial of service (DDoS) amplification attacks are on the rise.



A DDoS amplification attack occurs when an attacker sends a small...

July 27, 2020 05:01 PM

A history of ransomware: The motives and methods behind these evolving attacks

Infosec -- CSO Online - One day in December 1989, Eddy Willems got a floppy disk that changed his life. His boss gave it to him after finding the label intriguing: "AIDS Version 2.0," a disease that was new and strange at that time. The company, based in Antwerp,...

July 27, 2020 03:43 PM

FBI warns of new DDoS attack vectors: CoAP, WS-DD, ARMS, and Jenkins

Enterprise -- ZDNet News - FBI believes device vendors won't disable these protocols and warns companies to take preventive and protective measures.

July 27, 2020 03:41 PM

Google Chrome Aims to Keep its Edge Over Other Browsers with its Latest Privacy and Security Features

Infosec -- TripWire - The State of Security - Google Chrome may currently enjoy the numero uno position in the world of browsers, but it is starting to feel the pressure. The competition is heating up with its rivals like Microsoft Edge offering upgraded security...

July 27, 2020 03:28 PM

McAfee MVISION Cloud Becomes First CASB to Map Cloud Threats to MITRE ATT&CK

Business Wire -- McAfee announced the introduction of MITRE ATT&CK(r) into McAfee MVISION Cloud, the company's Cloud Access Security Broker.

July 27, 2020 03:27 PM

D-Link addressed 5 flaws on some router models, some of them reached EoL

Infosec -- Security Affairs - D-Link disclosed five severe vulnerabilities affecting some router models which can be exploited by attackers to compromise a network.



D-Link has disclosed five severe vulnerabilities affecting some router models, the flaw could...

July 27, 2020 02:59 AM

US CISA warns of attacks exploiting CVE-2020-5902 flaw in F5 BIG-IP

Infosec -- Security Affairs - The U.S. CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices.



The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued...

July 27, 2020 02:59 AM

Thinking of a Cybersecurity Career? Read This

Infosec -- Krebs on Security - Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here's a look at a recent...

July 27, 2020 02:58 AM

Remote Work Could Help Cybersecurity's Diversity Problem - But Will It?

Infosec -- Dark Reading - Job market data from the second quarter suggests there are increasing opportunities for women and minorities in the world of remote work, but long-standing biases may provide resistance.

July 27, 2020 02:58 AM

Rise of the Robots: How You Should Secure RPA

Infosec -- Dark Reading - Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots?

July 27, 2020 02:57 AM

CVE-2020-3452 flaw in Cisco ASA/FTD exploited within hours after the disclosure

Infosec -- Security Affairs - Cisco fixed CVE-2020-3452 high-severity path traversal flaw in its firewalls that can be exploited by remote attackers to obtain sensitive files from the targeted system.



Cisco addressed a high-severity path traversal vulnerability...

July 27, 2020 02:57 AM

Microsoft Office the most targeted platform to carry out attacks

Infosec -- CSO Online - In 2019, Microsoft Office became cybercriminals' preferred platform when carrying out attacks, and the number of incidents keeps increasing, according to Kaspersky Lab researchers. Boris Larin, Vlad Stolyarov and Alexander Liskin showed at...

July 27, 2020 02:56 AM

Google adds security enhancements to Gmail, Meet and Chat

Infosec -- WeLiveSecurity - The tech giant introduces its own version of verified accounts in Gmail, rolls out increased moderation controls in Meet, and enhances phishing protection in Chat

July 27, 2020 02:56 AM

What Is Spear Phishing?

Infosec -- Okta Blog - Spear phishing is a form of cyber attack targeted at a particular person or small set of individuals. In these scams, bad actors research their chosen targets and attempt to convince them to surrender sensitive data or financial information....

July 27, 2020 02:55 AM