Woodstock Wire: Enterprise Security News

October 28, 2020

Steelcase office furniture giant hit by Ryuk ransomware attack

Infosec -- Security Affairs - Office furniture company Steelcase was hit by Ryuk ransomware attack that forced it to shut down its network to avoid the malware from spreading.



Steelcase is a US-based furniture company that produces office furniture, architectural...

October 28, 2020 08:46 PM

How Containers Support the IT-OT Convergence

Infosec -- TripWire - The State of Security - The worlds of information technology (IT) and operational technology (OT) are colliding. In July 2019, Automation.com cited a survey finding where 82% of respondents told Forrester and Nozomi Networks that their organizations...

October 28, 2020 08:46 PM

4 Considerations for a Secure Cloud Environment

Infosec -- TripWire - The State of Security - Digital attackers are increasingly turning their attention to the cloud. According to the 2020 Trustwave Global Security Report, the volume of attacks targeting cloud services more than doubled 7% in 2018 to 20% a year...

October 28, 2020 08:46 PM

Survey Uncovers High Level of Concern Over Firewalls

Infosec -- Dark Reading - More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.

October 28, 2020 08:38 PM

Harnessing the Momentum of Women in Cybersecurity

Infosec -- Verisign - This week, some of the brightest subject matter experts from across the U.S. and beyond gathered virtually to talk about women in cybersecurity, recognizing that the internet is filled with both opportunities and risks, and that it's up to...

October 28, 2020 08:31 PM

DOD, FBI, DHS warn of active North Korean government-linked hacking operation

Infosec -- CyberScoop - The FBI and departments of Defense and Homeland Security issued a joint alert Tuesday warning the private sector about what they say is a global hacking operation run by North Korean government-linked hackers.

The hacking group, known as...

October 28, 2020 08:30 PM

Tech giants among those affected by breach at PDF signature software maker Nitro

Infosec -- The Daily Swig - Darknet auction spawns fears that attack might expose sensitive data from business customers

October 28, 2020 08:29 PM

Sophos Launches Rapid Response Service to Identify and Neutralize Active Cybersecurity Attacks

Globe Newswire -- Technology - Lightning-Fast Incident Response Minimizes Attack Damage and Reduces Recovery TimeSophos Rapid Response Identifies First Use of Buer Malware Dropper to Deliver Ransomware in New Wave of Ryuk Attacks

October 28, 2020 08:27 PM

Ping Identity Unveils Advanced Passwordless Features to Transform Digital Experiences

Business Wire -- Ping Identity (NYSE: PING), the intelligent identity solution for the enterprise, today announced PingZero, a suite of passwordless authentication features organizations can implement to deliver seamless digital experiences to employees and customers....

October 28, 2020 08:17 PM

FireEye Reports Financial Results for Third Quarter 2020

Business Wire -- FireEye announced financial results for Q3 2020.

October 28, 2020 08:14 PM

October 27, 2020

Majority of Microsoft 365 Admins Don't Enable MFA

Infosec -- Threatpost - Beyond admins, researchers say that 97 percent of all total Microsoft 365 users do not use multi-factor authentication.

October 27, 2020 07:52 PM

Zoom credits Keybase acquisition with quick turnaround on end-to-end encryption

Infosec -- CyberScoop - Zoom says a key deal earlier this year helped it globally implement an important security feature at a time when the videoconferencing app became a household word.

The company said Monday that it was officially rolling out end-to-end encryption...

October 27, 2020 07:51 PM

Ruckus IoT controllers vulnerable to remote takeover via 'trivial' chained exploit

Infosec -- The Daily Swig - Users urged to patch Ruckus vRIoT server software now

October 27, 2020 07:51 PM

Hacker was identified after the theft of $24 million from Harvest Finance

Infosec -- Security Affairs - A threat actor has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance.



A hacker has stolen approximately $24 million worth of cryptocurrency assets from decentralized finance...

October 27, 2020 07:51 PM

Code42 Incydr Series: Secure Data in the Age of Remote Work

Infosec -- Threatpost - With Code42 Incydr, you can keep tabs on when and where your data is going - without restricting where or how your employees want to collaborate and work.

October 27, 2020 07:50 PM

Gigamon and Zscaler Team Up to Release Cloud-first Network Detection and Response Solution to Secure the Fluid Workforce

Business Wire -- Gigamon and Zscaler's combined cloud solution provides pervasive network traffic visibility of remote users and branch locations.

October 27, 2020 07:49 PM

Data on the Edge: A Common Blind Spot in Industrial Security

Aspencore -- EETimes - Data is increasingly transmitted across hostile territory or stored at a network edge. Critical operational data or intellectual property needs to be protected in industrial, operational technology, and Internet of things (IoT) settings.

Information...

October 27, 2020 06:02 PM

Amazon Discloses Security Incident Involving Customers' Email Addresses

Infosec -- TripWire - The State of Security - Amazon informed some of its customers about a security incident that involved the unauthorized disclosure of their email addresses. News of the security incident emerged over the weekend of October 23 when multiple users...

October 27, 2020 05:59 PM

How to Best Secure the Industrial Network for EMEA Organizations

Infosec -- TripWire - The State of Security - You don't have to search very far in the news to see stories of websites being hacked and customer details being stolen. Stories about incidents involving industrial control systems (ICSes) and operational technology...

October 27, 2020 05:59 PM

Too Sleepy to be Secure?

Infosec -- Recorded Future - How many of us can say that we get enough sleep, consistently? And not just the number of hours asleep, but the quality of sleep as well? In this busy world with work, family, and community obligations, good sleep often takes a backseat,...

October 27, 2020 05:50 PM

Microsoft's Kubernetes Threat Matrix: Here's What's Missing

Infosec -- Dark Reading - With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.

October 27, 2020 05:49 PM

Why CISOs must be students of the business

Infosec -- CSO Online - The following vignette was the catalyst for multiple conversations between the authors about why it's as important for today's CISO to be a business leader as it is for them to be security professionals. While being a security professional...

October 27, 2020 05:49 PM

7 steps to ensure a successful CISO transition

Infosec -- CSO Online - Leaving your job on good terms involves many tasks, but nothing is more important than priming your replacement for success. Despite your reasons for moving on, helping the new CISO acquire the knowledge and skills needed to excel is crucial...

October 27, 2020 05:49 PM

Ransomware attack disabled Georgia County Election database

Infosec -- Security Affairs - A ransomware attack recently hit Georgia county government and reportedly disabled a database used to verify voter signatures.



A ransomware attack hit a Georgia county government early this month and disabled a database used to verify...

October 27, 2020 05:48 PM

HIPAA Breach Notification - What you need to know

Infosec -- TripWire - The State of Security - The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that was established to transform the security landscape of the healthcare industry. Businesses that are found guilty of a breach...

October 27, 2020 05:48 PM

Imperva Positioned A Leader in Gartner Magic Quadrant for Web Application Firewalls for Seventh Year in a Row; Furthest in Completeness of Vision

Globe Newswire -- Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to protect data and all paths to it, has been named a Leader in the Gartner Magic Quadrant for Web Application Firewalls for the seventh consecutive year.

October 27, 2020 05:45 PM

Cybersecurity Awareness Month: If you Connect it, Protect it

Business Wire -- Each year, the Department of Homeland Security designates October as National Cybersecurity Awareness Month. It's a good time to remember that not all scary scenarios are reserved for Halloween. While government and law enforcement resources are dedicated...

October 27, 2020 05:42 PM

B2B Scammers Wield The Power Of The Invoice

Media -- PYMNTS.com - When invoices are generated manually, there are plenty of opportunities for billing to go awry. This week's look at the latest in B2B payments fraud lands its focus on the invoice, used in a variety of ways by scammers to infiltrate B2B payment...

October 27, 2020 04:27 PM

Stepping Up Cybersecurity in a Changing Landscape

Justmeans -- In recognition of National #Cybersecurity Awareness Month, @AllianceData's Chief Security Officer, Mike Britton, shares how the company is taking a proactive approach to protecting employees, brand partners, & customers:...

October 27, 2020 04:01 PM

October 25, 2020

Puppet launches new tool to automate infrastructure security compliance

Enterprise -- SiliconANGLE - Puppet Inc. today introduced Puppet Comply, a software product that enterprises can use to ensure their cloud and on-premises infrastructure adheres to cybersecurity requirements. Portland-based Puppet is the maker of one of the market's...

October 25, 2020 10:14 PM

How to block unauthorized external DNS resolvers for strengthening enterprise security

Enterprise -- ChannelBuzz.ca - Using external DNS providers has always been a questionable idea for an enterprise. The Internet Domain Name System (DNS) helps end-user applications...

October 25, 2020 10:12 PM

[Live Webinar] Achieving FIPS 140-2 Encryption Compliance with HAProxy Enterprise on Red Hat Enterprise Linux

Enterprise -- HAproxy - The live webinar will be held on Tuesday, November 10th, 2020 at following times:

EU times: 5 PM GMT, 6 PM CET

US times: 12 noon EST, 11 AM CDT, 10 AM MDT, 9 AM...

October 25, 2020 10:07 PM

6 Important OS Hardening Tips to Protect Your Clients

Enterprise -- ChannelE2E - To minimize the risk of a cyberattack, follow these six tips to harden your OS, according to guidance from Jay Ryerse at ConnectWise.

October 25, 2020 09:18 PM

IBM Expands Cloud Pak for Security's Threat Management

Enterprise -- Data Center Knowledge - IBM's Cloud Pak for Security now includes all pillars of threat management, including detection, investigation and response, and streamlines response efforts.

October 25, 2020 02:04 AM

Palo Alto Networks adds new cloud modules to their Prisma Cloud Native Security Platform

Enterprise -- ChannelBuzz.ca - In addition to their Prisma Cloud 2.0 announcement, Palo Alto Networks has announced the availability of their first Canadian-based cloud region.Palo Alto Networks has launched the 2.0 version of their Prisma Cloud platform, the company's...

October 25, 2020 01:51 AM

Microsoft Teams phishing campaign targeted up to 50,000 Office 365 users

Infosec -- Security Affairs - Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams.



Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a...

October 25, 2020 12:06 AM

October 24, 2020

New ransomware attack targets K-12 teachers

Infosec -- Barracuda - Another day, another pandemic-enabled scam. Criminals are now attacking K-12 schools by posing as parents who are using email to submit assignments to the teacher. The premise is that the student had trouble using the online classroom system,...

October 24, 2020 11:57 PM

Below the Surface: Improving security awareness

Infosec -- Barracuda - Have you tuned in for Below the Surface yet? Streaming live on LinkedIn, Barracuda's new series offers candid discussions with key Barracuda experts on all the latest and greatest cybersecurity news, as well as Barracuda's recent research,...

October 24, 2020 11:56 PM

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks

Infosec -- The Hacker News - Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems.

Called...

October 24, 2020 11:56 PM

October 23, 2020

Securing medical devices: Can a hacker break your heart?

Infosec -- WeLiveSecurity - Why are connected medical devices vulnerable to attack and how likely are they to get hacked? Here are five digital chinks in the armor.

October 23, 2020 03:35 PM

Botnet Infects Hundreds of Thousands of Websites

Infosec -- Dark Reading - KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.

October 23, 2020 03:20 PM

Credential-Stuffing Attacks Plague Loyalty Programs

Infosec -- Dark Reading - But that's not the only type of web attack cybercriminals have been profiting from.

October 23, 2020 03:19 PM

8 New and Hot Cybersecurity Certifications for 2020

Infosec -- Dark Reading - While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.

October 23, 2020 02:17 AM

Microsoft Teams Phishing Attack Targets Office 365 Users

Infosec -- Threatpost - Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.

October 23, 2020 02:16 AM

October 22, 2020

The 6 best password managers

Infosec -- CSO Online - One of the smartest moves you can make to protect employees, especially those working from home, is to encourage them to use a password manager. It's one of the easiest, too.Keyword best practices pertain to complexity, change frequency and...

October 22, 2020 09:01 PM

Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Infosec -- TripWire - The State of Security - Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability...

October 22, 2020 09:00 PM

VMware fixes several flaws in its ESXi, Workstation, Fusion and NSX-T

Infosec -- Security Affairs - VMware patched several flaws in its ESXi, Workstation, Fusion and NSX-T products, including a critical code execution vulnerability.



VMware has fixed several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including...

October 22, 2020 09:00 PM

The 5 Best Ways to Handle Sensitive Data

Infosec -- TripWire - The State of Security - There are two significant trends occurring right now that shouldn't be a surprise to anyone reading this post. First, businesses are gathering and leveraging more and more data to improve their core services. Second,...

October 22, 2020 08:59 PM

Oracle Kills 402 Bugs in Massive October Patch Update

Infosec -- Threatpost - Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; 65 are critical, and two have CVSS scores of 10 out of 10.

October 22, 2020 08:58 PM