Woodstock Wire: Enterprise Security News

Business Wire -- Okta, Inc. (NASDAQ:OKTA), the leading independent identity provider, welcomes Steve Dodenhoff as SVP of Worldwide Partners and Alliances, reporting to Chief Revenue Officer Steve Rowland within Okta's Worldwide Field Operations. Dodenhoff will be responsible...

Business Wire -- Abnormal Security today announced the company has been named one of 10 finalists for the RSA Conference 2021 Innovation Sandbox Contest for its breakthrough cloud-native email security platform that stops modern email attacks through behavioral data science....

Infosec -- Malwarebytes Unpacked - A rather remarkable story has emerged, setting the scene for lively debates about permissible system access. A press release from the US Department of Justice Judge has revealed that the FBI were granted permission to perform some...

Infosec -- RiskIQ - For many of us, what draws us into cybersecurity is that original promise of the internet-bringing people together. That idea of creating connections across the world and making sure those connections are safe is something worth defending every...

Infosec -- Dark Reading - Lora Vaughn was at a crossroads -- and that was before mandated pandemic lockdowns came into play. Here's her story of how life got sweeter after she stepped away from the CISO job.

Infosec -- CyberScoop - Hackers are hitting Microsoft Exchange Servers with a Monero cryptominer, according to Sophos research published Tuesday.



The attackers, which Sophos did not identify, began their apparently financially-motivated campaign shortly after...

Infosec -- Threatpost - Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack.

Infosec -- Cloudflare - Today, we're releasing support for WebSockets in Cloudflare Workers.WebSockets unlock powerful use-cases in your serverless applications - live-updating, interactive experiences that bridge the gap between your users and Workers' powerful...

Infosec -- Security Affairs - FBI log into web shells that hackers installed on Microsoft Exchange email servers across the US and removed the malicious code used by threat actors.



A US judge granted the FBI the power to log into web shells that were injected...

Infosec -- Record by Recorded Future - US cybersecurity firm FireEye says that based on its internal data, there are currently more than 1,900 distinct hacking groups that are active today, a number that grew from 1,800 groups recorded at the end of 2019.

Infosec -- The Hacker News - In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server.

Of the 114 flaws, 19 are rated as Critical,...

Infosec -- Dark Reading - Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.

Infosec -- Office of Inadequate Security - Action copied and removed web shells that provided backdoor access to servers, but additional steps may be required to patch Exchange Server software and expel hackers from victim networks. HOUSTON - Authorities have executed...

Infosec -- Security Affairs - Microsoft patch Tuesday security updates address four high and critical vulnerabilities in Microsoft Exchange Server that were reported by the NSA.



Microsoft patch Tuesday security updates released today have addressed four critical...

Infosec -- Security Affairs - President Joe Biden has appointed two former senior NSA officials for two prominent cyber roles in his administration.



President Joe Biden has assigned to two former senior National Security Agency (NSA) officials key cyber roles...

Infosec -- Record by Recorded Future - The Biden administration on Monday said it has picked two National Security Agency veterans to serve in top cybersecurity leadership roles. Chris Inglis will be nominated to serve as the country's first National Cyber Director,...

Infosec -- Record by Recorded Future - LinkedIn has formally denied a rumor that it suffered a devastating security breach that exposed the account details of more than 500 million of its registered users.

Business Wire -- #WiFi--Zyxel announces the addition of the USG FLEX firewall series to the cloud-managed Nebula networking solution for SMBs and MSPs.

Media -- Evertiq - Cybersecurity and IoT company, WISeKey, says that it is significantly investing in its supply chain transformation to better and faster serve its customers. The company is simultaneously impacted by the current semiconductor shortage situation...

Life -- EurekAlert - Researchers have found a way to use chaos to help develop digital fingerprints for electronic devices that may be unique enough to foil even the most sophisticated hackers. Just how unique are these fingerprints? The researchers believe it...

Infosec -- Security Affairs - The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet.



The FBI arrested Seth Aaron Pendley (28), from Texas, for allegedly planning to launch a bomb attack...

Infosec -- Dark Reading - Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.

Infosec -- Security Affairs - CISA released a Splunk-based dashboard for post-compromise activity in Microsoft Azure Active Directory (AD), Office 365, and MS 365 environments.



The Cybersecurity and Infrastructure Security Agency (CISA) has released a Splunk-based...

Infosec -- Barracuda - There's an often-repeated stat that 90% of all data that exists today has been created in the last two years. The provenance of that figure is murky and disputed, and it dates back to nearly 10 years ago, so even if it was true then, that...

Infosec -- CSO Online - As the old security adage goes, "a well-managed network/system is a secure network/system," and this notion of network and system management is a cybersecurity foundation. Pick any framework (e.g., NIST Cybersecurity framework), international...

Infosec -- TripWire - The State of Security - Hidden deep in Google's release notes for the new version of Chrome that shipped on March 1 is a fix for an "object lifecycle issue." Or, for the less technically inclined, a major bug. Bugs like these have been common...

Infosec -- Dark Reading - Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report.

Infosec -- CyberScoop - Over the course of the next 20 years, nation-states will see a rise in targeted offensive cyber-operations and disinformation in an increasingly "volatile and confrontational" global security landscape, according to a new U.S. intelligence...

Infosec -- Flashpoint - The Market for Stolen Credit Cards Is Alive and Well in 2021



Payment and credit card fraud are constant concerns for security leaders, holding major financial and reputational consequences for card-issuing financial institutions. For threat...

Infosec -- CyberScoop - Two online hubs for stolen credit cards found themselves on the receiving end of hack-and-leak operations last month.



User data from the card store Swarmshop was posted to a different underground forum on March 17, exposing hundreds of...

Infosec -- The Hacker News - Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks.

At least one of the hacking incidents led...

Infosec -- The Hacker News - When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally.

While companies uphold their own password standards, outside forces like HIPAA...

Infosec -- Schneier on Security - Google's Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by "Western government operatives actively conducting a counterterrorism...

Infosec -- ISC2 Blog - Is There Ever Too Much Data?

As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase "Big Data" was a new, innovative way to gain a business advantage. Now, big data is the norm....

Infosec -- The Hacker News - The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make...

Infosec -- Dark Reading - An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.

Infosec -- Okta Blog - Introducing Okta's New Risk Ecosystem API: A Fraud Fighting Toolset to Secure Authentication and Delight Customers

Infosec -- Okta Blog - Breaking Barriers: Scaling Infrastructure Identity with Advanced Server Access

Infosec -- Malwarebytes Unpacked - A timely warning to keep systems patched has appeared, via a jointly-released report from Onapsis and SAP. The report details how threat actors are "targeting and potentially exploiting unprotected mission-critical SAP applications"....

Infosec -- Record by Recorded Future - Unpatched Fortinet VPN devices are being hacked to deploy a new strain of ransomware inside corporate networks, Russian security firm Kaspersky said today.

Infosec -- Dark Reading - By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.

Infosec -- TripWire - The State of Security - Cybercriminal extortionists have adopted a new tactic to apply even more pressure on their corporate victims: contacting the victims' customers, and asking them to demand a ransom is paid to protect their own privacy....

Infosec -- The Hacker News - Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security.

Whether you want to use AWS for a few things or everything, you need to protect access to it. Then...

Infosec -- The Hacker News - A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems.

Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10...

Infosec -- Security Affairs - Not only the European Commission, but many other organizations of the European Union have been targeted by a cyberattack in March.



A European Commission spokesperson confirmed that the European Commission, along with other European...

Infosec -- FraudWatch Intl - Since we are living in the age of information, your data and its protection are now more valuable than ever. Even more so is the case for an organisation like yours, which can be considered a hub for sensitive details about financial...

Infosec -- FraudWatch Intl - Saying that the internet is bustling with activity is an understatement. Millions upon millions of different operations, activities, and tasks are taking place every second, whether the action be taken by robots or humans. Most of these...

Infosec -- Naked Security - It's not just the breach, it's the speed of the breach response...

Infosec -- TripWire - The State of Security - Organizations are increasingly turning to containers to fuel their digital transformations. According to BMC, a 2019 survey found that more than 87% of respondents were running containers-up from 55% just two years earlier....

Infosec -- Threatpost - Aamir Lakhani, cybersecurity researcher for Fortinet's FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it.