Woodstock Wire: Enterprise Security News

November 24, 2017

SAML Post-Intrusion Attack Mirrors 'Golden Ticket'

Infosec -- Threatpost - A proof-of-concept attack demonstrates how adversaries can abuse Microsoft's Active Directory Federation Services framework to go...

November 24, 2017 10:06 PM

Name+DOB+SSN=FAFSA Data Gold Mine

Infosec -- Krebs on Security - KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a...

November 24, 2017 10:04 PM

Calling Barracuda's WAF a firewall is seriously selling it short

Infosec -- CSO Online - Most cybersecurity products within the network security sector concentrate on one particular aspect of security and then build up...

November 24, 2017 10:04 PM

Best Strategies for Avoiding Cloud Data Leaks

Infosec -- TripWire - The State of Security - In recent years, there has been a huge movement from storing data the traditional way, as the cloud has grown...

November 24, 2017 09:59 AM

MS Office Built-In Feature Could be Exploited to Create Self-Replicating Malware

Infosec -- The Hacker News - Earlier this month a cybersecurity researcher shared details of a security loophole with The Hacker News that affects all versions...

November 24, 2017 12:22 AM

systemd Vulnerability Leads to Denial of Service on Linux

Infosec -- TrendLabs Security Intelligence Blog - Many Linux distributions are at risk due to a recently disclosed flaw in systemd: a flaw in its DNS resolver...

November 24, 2017 12:22 AM

Four Ways to Protect Your Backups from Ransomware Attacks

Infosec -- Infosec Island - Backups are a last defense and control from having to pay ransom for encrypted data, but they need protection also.This year...

November 24, 2017 12:19 AM

November 23, 2017

Palo Alto Networks Unit 42 Vulnerability Research November 2017 Disclosures

Enterprise -- Palo Alto Networks Blog - As part of Unit 42's ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have...

November 23, 2017 11:36 PM

November 22, 2017

Share the Cost of Secure Application Development

Enterprise -- Information Week - The cost of protecting applications from cyberattacks is climbing fast. So, it's time for business units to help cover the...

November 22, 2017 07:50 PM

Data Center Security: Honey Pots and the Art of Deceiving Hackers

Enterprise -- Data Center Knowledge - While a lot of work, honey pots are one of the most effective ways of pre-empting serious security breaches.

November 22, 2017 07:47 PM

Ready for more secure authentication? Try these password alternatives and enhancements

Infosec -- CSO Online - The best thing you can say about using a password for authentication is that it's better than nothing. High-profile breaches like...

November 22, 2017 06:59 PM

Chromebook exploit earns researcher second $100k bounty

Infosec -- Naked Security - A year on from Google's last $100,000 bug bounty payout, the same researcher has found a second critical persistent compromise...

November 22, 2017 06:59 PM

Uber Reportedly Paid Hackers $100K to Conceal Data Breach Impacting 57M Users

Infosec -- TripWire - The State of Security - A massive breach impacting 57 million Uber customers and drivers went undisclosed for more than a year. According...

November 22, 2017 06:57 PM

Uber Paid Off Hackers To Hide Massive Data Breach

Think -- MIT Technology Review - The latest scandal to engulf the transportation giant could be its worst yet.

November 22, 2017 06:32 PM

Uber fires Chief Security Officer over cover up of hack involving 57M customer records

Enterprise -- SiliconANGLE - In another blow for ride-sharing startup Uber Technologies Inc., the company has been forced to fire its Chief Security Officer...

November 22, 2017 05:52 PM

Splunk's big data chops bite into automated security

Enterprise -- SiliconANGLE - Security at the digital data level is a hot topic now, since firewalls alone can't cut it in dispersed, multicloud environments....

November 22, 2017 05:43 PM

Denver cybersecurity school expands outside of Colorado

Enterprise -- Digital Colorado - A Denver cybersecurity education company has expanded outside the state of Colorado. SecureSet, with locations in Denver and...

November 22, 2017 05:36 PM

November 21, 2017

Email Has Been Weaponized by Hackers, Results Can Be Deadly

NewsFactor -- Nearly all of the top million most popular domains are inadequately protected from "weaponized" email impersonation by hackers, formerly known...

November 21, 2017 08:36 PM

Cybersecurity for journalists and the news media

Infosec -- WeLiveSecurity - In journalism, having good contacts is key and this is true when it comes to defending your digital assets. The following are...

November 21, 2017 07:48 PM

The Key to Better Cybersecurity: Keep Employee Rules Simple

Think -- HBR.org - It's a common adage that employees are the weak link in corporate cybersecurity. But I believe they are also...

November 21, 2017 07:47 PM

Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

PR Newswire: Electronic Components -- The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure...

November 21, 2017 07:36 PM

Learn How to Adopt NIST Cyber Security Framework at Lightning Speed

Business Wire: Internet -- Secure Systems Innovation Corporation (SSIC), a cyber risk firm that empowers informed business decision making, is hosting a free NIST Cyber...

November 21, 2017 07:33 PM

5 missteps that could cost CISOs their jobs

Infosec -- CSO Online - CISOs, like any other senior executive, face risks every day. Because cyber security leaders are accountable for safeguarding some...

November 21, 2017 07:02 PM

DDoS Attack Attempts Doubled in 6 Months

Infosec -- Dark Reading - Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.

November 21, 2017 06:57 PM

Ransomware damage costs predicted to hit $11.5B by 2019

Infosec -- CSO Online - Paying a ransom pales in comparison to the actual damage costs involved with a ransomware attack, which includes:Damage and destruction...

November 21, 2017 06:57 PM

Report: DMARC email security can be too hard for some large companies

Infosec -- CyberScoop - Adoption of the email security standard known as DMARC - the best way to stop fraudulent email like phishing messages - remains...

November 21, 2017 06:56 PM

New Guide for Political Campaign Cybersecurity Debuts

Infosec -- Dark Reading - The Cybersecurity Campaign Playbook created by bipartisan Defending Digital Democracy Project (D3P) group provides political campaigns...

November 21, 2017 06:55 PM

Global Cyber Alliance launched the Quad9 DNS service to secure your online experience

Infosec -- Security Affairs - Global Cyber Alliance launched the Quad9 DNS service, the free DNS service to secure your online experience and protect your...

November 21, 2017 06:54 PM

DDoS attacks claimed to have doubled since the beginning of the year

Enterprise -- SiliconANGLE - The number of distributed denial of service attacks experienced by enterprises has doubled since the beginning of the year according...

November 21, 2017 06:33 PM

2018 Predictions & Recommendations: Automated Threat Response Technology in OT Grows Up

Enterprise -- Palo Alto Networks Blog - This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.



Automated...

November 21, 2017 06:28 PM

November 20, 2017

Vulnerability in Amazon Key

Infosec -- Schneier on Security - Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system,...

November 20, 2017 06:53 PM

What Is Vulnerability Management?

Infosec -- TripWire - The State of Security - Enterprise networks regularly see change in their devices, software installations, and file content. These...

November 20, 2017 06:52 PM

5 information security threats that will dominate 2018

Enterprise -- CIO - If you thought 2017 was a dire year for data breaches, wait until 2018. The Information Security Forum (ISF), a global, independent information...

November 20, 2017 06:49 PM

November 19, 2017

Air Force Awards $50M Contract to Research Cybersecurity

U.S. News -- The Air Force Research Laboratory has awarded a nearly $50 million contract to a defense contractor to research ways to protect weapons systems...

November 19, 2017 10:25 PM

Why the Entire C-Suite Needs to Use the Same Metrics for Cyber Risk

Harvard Business Blogs -- The CFO shouldn't think about it differently than the CMO.

November 19, 2017 08:50 AM

New "Quad9" DNS service blocks malicious domains for everyone

Ars Technica -- Set DNS server to 9.9.9.9, and (known) malware and phishes won't be able to phone home.

November 19, 2017 07:51 AM

Smart behaviors to improve your cybersecurity

CNBC-Top Business -- Both advisors and investors could stand to improve their email habits and password use.

November 19, 2017 07:27 AM

Cybersecurity Company to Expand Headquarters to Columbia

U.S. News -- A cybersecurity company is expanding with a new corporate headquarters in Columbia, Maryland.

November 19, 2017 07:16 AM

SANS Las Vegas 2018 Security Training to Feature Advanced Web Application Penetration Testing

PR Newswire: High Tech Security -- SANS Institute, the global leader in information security training, today announced SANS Las Vegas 2018 taking place January 28 - February 2....

November 19, 2017 07:03 AM

Global ransomware damage costs predicted to exceed $11.5 billion annually by 2019

PR Newswire: High Tech Security -- Ransomware - a malware that infects computers (and mobile devices) and restricts their access to files, often threatening permanent data destruction...

November 19, 2017 07:02 AM

Barracuda Announces New Cloud Generation Firewall Capabilities

PR Newswire: Networks -- Barracuda Networks, Inc. (NYSE: CUDA), a leading provider of cloud-enabled security and data protection solutions, today announced expanded public...

November 19, 2017 06:46 AM

Okta Named a Leader in Identity-as-a-Service

Business Wire: Software -- Okta, Inc. (NASDAQ:OKTA), the leading independent provider of identity for the enterprise, today announced that the company has been named a...

November 19, 2017 06:42 AM

GDPR Benefits: Here Is Some Of The Upside for Marketers

Web Marketing -- CMS Wire - GDPR is going to change the face of digital marketing - that much is certain. But how marketers perceive that change may ultimately...

November 19, 2017 04:35 AM

Pentagon left AWS databases publicly exposed

Infosec -- CyberScoop - A Department of Defense database containing 1.8 billion scraped internet posts over a span of eight years was left publicly exposed,...

November 19, 2017 03:35 AM

Tips to Protect the DNS from Data Exfiltration

Infosec -- Dark Reading - If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.

November 19, 2017 03:33 AM

We're Still Not Ready for GDPR? What is Wrong With Us?

Infosec -- Dark Reading - The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready...

November 19, 2017 03:32 AM

Top security software, 2017: How cutting-edge products fare against the latest threats

Infosec -- CSO Online - Threats are constantly evolving and, just like everything else, tend to follow certain trends. Whenever a new type of threat is...

November 19, 2017 03:31 AM

Oracle issues emergency patches for JOLTANDBLEED flaws

Infosec -- Security Affairs - JoltandBleed - Oracle issued an emergency patch for vulnerabilities affecting several of its products that rely on the proprietary...

November 19, 2017 03:31 AM