Woodstock Wire: Enterprise Security News

Business Wire -- CyberArk (NASDAQ: CYBR), the global leader in privileged access management, today announced financial results for the second quarter ended June 30, 2020. "We were pleased to deliver results ahead of all guided metrics for the second quarter," said Udi...

Globe Newswire -- Technology - Cortex XSOAR Marketplace enables organizations to discover, share and consume security orchestration innovations from a global ecosystem to scale up automation Cortex XSOAR Marketplace enables organizations to discover, share and consume...

Infosec -- Security Affairs - Red Hat is warning customers to not install the package updates released to address the BootHole vulnerability due to possible problems reported by the users.



This week, firmware security company Eclypsium reported that billions...

Infosec -- The Daily Swig - Google's Project Zero argues that detection bias might be at play when we consider zero-day vulnerability rates in popular products

Infosec -- The Hacker News - Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server.



Remote timing attacks that work...

Infosec -- Dark Reading - Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.

Infosec -- Security Affairs - Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue, dubbed BootHole, that can be exploited to install a stealthy malware.



Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader...

Infosec -- Dark Reading - New IBM study shows that security system complexity and cloud migration can amplify breach costs.

Infosec -- EFF Deeplinks - This November, Californians will be called upon to vote on a ballot initiative called the California Privacy Rights Act, or Proposition 24. EFF does not support it; nor does EFF oppose it.

EFF works across the country to enact and defend...

Infosec -- Krebs on Security - Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which...

Infosec -- The Hacker News - A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide-including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution...

Infosec -- Threatpost - The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT,IoT and home networks.

Infosec -- CSO Online - Operating system maintainers, computer manufacturers, security and virtualization software vendors have worked together over the past few months to coordinate a unified response to a vulnerability that allows attackers to bypass boot process...

Infosec -- CyberScoop - In June, the antivirus company ESET stumbled across an insidious strain of ransomware that prevents a computer from loading and locks its data.

A saving grace was that, in order for the attack to work, a ubiquitous feature known as UEFI Secure...

Infosec -- Security Affairs - Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers



Cybersecurity researchers at Intezer spotted a new completely undetectable Linux...

Infosec -- CSO Online - The need to manage patching on home machines that have no Group Policy, Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) control means that you may be looking for alternatives. Employees' personal machines...

Infosec -- WeLiveSecurity - The Bureau expects cybercriminals to increasingly abuse new threat vectors for large-scale DDoS attacks

Infosec -- CyberScoop - Sometime in the second half of 2019, suspected Iranian hackers started burrowing into the network of an unnamed organization in the Middle East. What likely began, according to investigators, as a breach of a virtual private network application...

Infosec -- Schneier on Security - The Atlantic Council has a released a report that looks at the history of computer supply chain attacks.



Key trends from their summary:



Deep Impact from State Actors: There were at least 27 different state attacks against the...

Infosec -- Krebs on Security - Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity...

Infosec -- Recorded Future - Our guest today is Sherri Davidoff. She's the founder and CEO of LMG Security, a cybersecurity and digital forensics firm with clients across the globe. She shares the story of her professional journey, including her time deep in the...

Enterprise -- Silicon Republic - Earlier in July, Twitter experienced a major hack targeting the accounts of celebrities such as Elon Musk, Bill Gates, Jeff Bezos, Mike Bloomberg and Kanye West.

As a result of the cyberattack, hackers managed to collect $116,000 worth...

Enterprise -- AWS Insider - Cloud giants Amazon Web Services and Microsoft Azure are at particular risk for hidden admin users to take over customer accounts, according to a recent report by cybersecurity specialist CyberArk.

Enterprise -- SiliconANGLE - A newly discovered serious vulnerability that affects most Linux and Windows installations, including servers, opens the door to hackers to run riot. Discovered by security researchers at enterprise device security firm Eclypsium Inc....

Enterprise -- DevOps.com - Here's what developers need to know to ensure compliance with the two biggest privacy laws The digital landscape is continuously evolving, and privacy regulations such as CCPA (California Consumer Privacy Act) and the European Union's GDPR...

Enterprise -- Silicon Republic - With just months to go before the Data Protection Commission (DPC) begins enforcing its guidance on web cookie compliance, Sligo web design business Dmac Media has warned Irish businesses that they may not yet be compliant with the...

Enterprise -- Channelnomics - Pulse Secure Eases Access to Cloud, Data Center ApplicationsJuly 28, 2020MSSPs and other partners can leverage new PZTA solution for enterprise customersBy Jeffrey BurtPulse Secure is launching a cloud-based secure access service that...

Enterprise -- Network World News - Businesses considering the secure access service edge (SASE) model need to understand that there are numerous ways to implement it that can be tailored to their future needs and the realities of their legacy networks.As defined by...

Enterprise -- ZDNet Blogs - OAuth tokens have been abused for intrusions at least two other companies, Dave.com and Flood.io.

Enterprise -- ZDNet News - Four years on from launch, the No More Ransom initiative has helped over 4 million victims of ransomware attacks retrieve their files for free.

Business Wire -- Annual ISSA and ESG study finds the cybersecurity skills crisis has worsened for the fourth year in a row and impacted 70 percent of organizations.

Business Wire -- Employees today must be able to work from anywhere. And IT needs to ensure the applications they require to get things done are delivered in a secure and reliable manner. To help on both fronts, Citrix Systems, Inc. (NASDAQ:CTXS) today launched...

Globe Newswire -- Technology - Developers called upon to "hack for change" for today's real-world issues Developers called upon to "hack for change" for today's real-world issues

Business Wire -- FireEye releases financial results for Q2 2020.

Globe Newswire -- Technology - RiskIQ Accelerates Threat Investigation and Remediation Through Microsoft Azure Sentinel with Rich Internet Security Intelligence and Attack Surface Visibility RiskIQ Accelerates Threat Investigation and Remediation Through Microsoft Azure...

Infosec -- Dark Reading - Terms such as "whitelist," "blacklist," "master," and "slave" are being scrutinized again and by a wider range of tech companies than ever before.

Infosec -- Barracuda - The Federal Bureau of Investigation (FBI) in the U.S. has issued an alert warning organizations that distributed denial of service (DDoS) amplification attacks are on the rise.



A DDoS amplification attack occurs when an attacker sends a small...

Infosec -- CSO Online - One day in December 1989, Eddy Willems got a floppy disk that changed his life. His boss gave it to him after finding the label intriguing: "AIDS Version 2.0," a disease that was new and strange at that time. The company, based in Antwerp,...

Enterprise -- ZDNet News - FBI believes device vendors won't disable these protocols and warns companies to take preventive and protective measures.

Infosec -- TripWire - The State of Security - Google Chrome may currently enjoy the numero uno position in the world of browsers, but it is starting to feel the pressure. The competition is heating up with its rivals like Microsoft Edge offering upgraded security...

Business Wire -- McAfee announced the introduction of MITRE ATT&CK(r) into McAfee MVISION Cloud, the company's Cloud Access Security Broker.

Infosec -- Security Affairs - D-Link disclosed five severe vulnerabilities affecting some router models which can be exploited by attackers to compromise a network.



D-Link has disclosed five severe vulnerabilities affecting some router models, the flaw could...

Infosec -- Security Affairs - The U.S. CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices.



The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued...

Infosec -- Krebs on Security - Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here's a look at a recent...

Infosec -- Dark Reading - Job market data from the second quarter suggests there are increasing opportunities for women and minorities in the world of remote work, but long-standing biases may provide resistance.

Infosec -- Dark Reading - Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots?

Infosec -- Security Affairs - Cisco fixed CVE-2020-3452 high-severity path traversal flaw in its firewalls that can be exploited by remote attackers to obtain sensitive files from the targeted system.



Cisco addressed a high-severity path traversal vulnerability...

Infosec -- CSO Online - In 2019, Microsoft Office became cybercriminals' preferred platform when carrying out attacks, and the number of incidents keeps increasing, according to Kaspersky Lab researchers. Boris Larin, Vlad Stolyarov and Alexander Liskin showed at...

Infosec -- WeLiveSecurity - The tech giant introduces its own version of verified accounts in Gmail, rolls out increased moderation controls in Meet, and enhances phishing protection in Chat

Infosec -- Okta Blog - Spear phishing is a form of cyber attack targeted at a particular person or small set of individuals. In these scams, bad actors research their chosen targets and attempt to convince them to surrender sensitive data or financial information....