Woodstock Wire: Enterprise Security News

June 13, 2021

Automotive Cybersecurity: Who Are the Players?

Aspencore -- EETimes - This is the second in a series on automotive cybersecurity columns providing perspectives on key cybersecurity developers. This post also includes some perspectives on OEM and Tier 1 activities, albeit limited, as manufacturers release little...

June 13, 2021 03:24 AM

Sumo Logic Hosts The Modern SOC Summit to Usher in New Era of Security

Globe Newswire -- Technology - New Products and Enhancements Help SOC Teams Achieve Greater Cyber Resilience and Solidify Sumo Logic as a Leader in Rapidly-Evolving SIEM and SOAR Markets;

June 13, 2021 01:22 AM

Farsight Security DNSDB Transforms for Maltego Enable Threat Hunters to Significantly Expand Cybersecurity Investigations

Globe Newswire -- Today Maltego Technologies GmbH, provider of the globally known graphical link analysis tool, and Farsight Security, Inc., a leading cybersecurity provider of DNS intelligence solutions, announced that Farsight DNSDB Transforms for Maltego, first launched...

June 13, 2021 01:20 AM

CyberArk Expands Availability of Identity Security Offerings on AWS Marketplace

Business Wire -- Impact Live 2021 - CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced the availability of CyberArk Cloud Entitlements Manager, CyberArk Endpoint Privilege Manager and CyberArk Workforce Identity on Amazon Web Services Marketplace...

June 13, 2021 01:10 AM

CyberArk Advances Industry-Leading Identity Security Platform

Business Wire -- Impact Live 2021 - CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced major advancements to the CyberArk Identity Security Platform to help secure high-risk access and broaden protection across cloud and hybrid environments....

June 13, 2021 01:00 AM

Cyber Attacks Increase 341% During COVID-19, According to Nexusguard Research

Business Wire -- Cyber attackers targeted industries resulting in a 341% year-over-year increase in DDoS attacks, according to Nexusguard's 2020 Threat Report.

June 13, 2021 12:58 AM

June 11, 2021

Yubico Research Reveals More Than Three Quarters of Enterprises in the UK, France and Germany Are Undervaluing Two-Factor Authentication

Business Wire -- Yubico releases results of a study into current attitudes and adaptability to at-home corporate cybersecurity of those in the UK, Germany and France

June 11, 2021 04:42 PM

June 08, 2021

ForgeRock's 2021 Consumer Identity Breach Report Reveals Unprecedented 450% Surge in Breaches Containing Usernames and Passwords

Business Wire -- ForgeRock's 2021 Consumer Identity Breach Report Reveals Unprecedented 450% Surge in Breaches Containing Usernames and Passwords

June 08, 2021 02:21 AM

Gigamon Named Winner of the Coveted Global InfoSec Awards During RSA Conference 2021

Business Wire -- Gigamon is proud to announce that it has been selected as the Market Leader in Network Security and Management from Cyber Defense Magazine

June 08, 2021 02:20 AM

June 07, 2021

What Is Ransonware And How To Deal With It

Infosec -- FraudWatch Intl - The internet has undoubtedly become one of the most important tools in business. Thanks to the internet, the global marketplace is made more accessible-you can easily create immediate connections and keep in touch with your stakeholders...

June 07, 2021 04:03 PM

3 Things To Teach Your Employees To Avoid Phishing

Infosec -- FraudWatch Intl - Phishing has damaged hundreds if not thousands of companies in the digital age, mainly since it targets the most vulnerable aspect of cybersecurity: the human element. To determine if your employees are knowledgeable enough about cybersecurity...

June 07, 2021 04:03 PM

Good news for pentesters and network admins: US issues ransomware guidance asking biz to skill up security teams

Enterprise -- The Register - New approach against malware pushers mirrors how American authorities handle terrorism cases

The White House has issued a communique to business leaders [PDF] urging them to take the threat of ransomware a bit more seriously....

June 07, 2021 02:34 AM

June 06, 2021

Kali Linux 2021.2 Official Release Now Available

Enterprise -- Linux Magazine - The latest iteration of security fan-favorite, Kali Linux has been released with new tools, themes, and plenty of improvements.

June 06, 2021 11:47 PM

5 Reasons to Choose EfficientIP DDI

Enterprise -- EfficientIP - Requirements of today's IT infrastructure

IT infrastructure has become extremely complex and in perpetual evolution to match ever evolving business needs. In addition to planning the needs for building and running new IT and Network services,...

June 06, 2021 11:39 PM

Azure Security Center: General availability updates for May 2021

Enterprise -- Azure Updates - New enhancements and updates released for general availability (GA) in Azure Security Center in May 2021.

June 06, 2021 11:34 PM

Azure Security Center: Public preview updates for May 2021

Enterprise -- Azure Updates - Public preview enhancements and updates released for Azure Security Center in May 2021.

June 06, 2021 11:33 PM

Hackers reportedly used a compromised password in Colonial Pipeline cyberattack

Tech -- The Verge - An analysis of the cyberattack on Colonial Pipeline found that the hackers were able to access the company's network using a compromised VPN password, Bloomberg reported. The hack led to a ransomware payout of $4.4...

June 06, 2021 10:47 PM

It's time for security teams to embrace security data lakes

Tech -- TechCrunch - Dan Schoenbaum is a two-time CEO and a two-time COO in cybersecurity. Today, he is a managing partner at High Tide Advisors, a boutique consulting...

June 06, 2021 10:43 PM

FireEye to sell products unit to Symphony-led group for $1.2B

Tech -- TechCrunch - Cybersecurity giant FireEye has agreed to sell its products business to a consortium led by private equity firm Symphony Technology Group for $1.2 billion.

The all-cash deal will split FireEye, the maker of network and email cybersecurity...

June 06, 2021 10:09 PM

GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks

Infosec -- The Hacker News - Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service.

"We explicitly permit dual-use security...

June 06, 2021 09:56 PM

Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE

Infosec -- Security Affairs - Hackers are actively scanning the Internet for VMware vCenter servers vulnerable against a critical RCE flaw recently fixed by VMware.

Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical...

June 06, 2021 09:54 PM

Necro Python bot now enhanced with new VMWare, server exploits

Infosec -- Security Affairs - Operators behind the Necro Python botnet have added new features to their bot, including VMWare and server exploits.

Experts from Cisco Talos have recently observed a new Necro Python bot campaign and noticed that its developers...

June 06, 2021 09:54 PM

Imperva: 75.9% of stolen data in breaches involve personal information

Infosec -- Office of Inadequate Security - VB reports: In an analysis of more than 100 of the biggest and most well-known data breaches of the last decade, Imperva Research Labs found that 75.9% of data stolen in these breaches was personally identifiable information...

June 06, 2021 09:53 PM

What the FedEx Logo Taught Me About Cybersecurity

Infosec -- Dark Reading - Cyber threats are staring you in the face, but you can't see them.

June 06, 2021 09:51 PM

Hiring from Within and Retaining Cybersecurity Talent: Building Your Strategy

Infosec -- ISC2 Blog - Faced with significant obstacles to build their cybersecurity teams, organizations increasingly are looking within to find transferrable talent for cybersecurity roles. It's a practice strongly endorsed by (ISC)2 in the recently published...

June 06, 2021 09:48 PM

Google Chrome to Help Users Identify Untrusted Extensions Before Installation

Infosec -- The Hacker News - Google on Thursday said it's rolling new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago.

To this end, the search giant said...

June 06, 2021 09:48 PM

Cisco fixes High-severity issues in Webex, SD-WAN, ASR 5000 software

Infosec -- Security Affairs - Cisco addressed multiple security flaws, including high-severity vulnerabilities, in Webex Player, SD-WAN software, and ASR 5000 series software.

Cisco has addressed multiple vulnerabilities in its products, including high-risk flaws...

June 06, 2021 09:46 PM

Now Available: EdgeKV Distributed Key-Value Store

Infosec -- The Akamai Blog - By: Josh Johnson - We're excited to announce the availability of EdgeKV, a distributed key-value store database that enables EdgeWorkers to leverage data stored at the edge when deploying custom code across our serverless computing platform....

June 06, 2021 09:46 PM

Akamai offers post-mortem on recently resolved authentication platform vulnerability

Infosec -- The Daily Swig - Lasso bug roped up and corralled by Enterprise Application Access developers

June 06, 2021 09:45 PM

Exchange Servers Targeted by 'Epsilon Red' Malware

Infosec -- Threatpost - REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests.

June 06, 2021 09:45 PM

Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module

Infosec -- The Hacker News - A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications.

"Successful exploitation would lead...

June 06, 2021 09:44 PM

Hacking 2FA: 5 basic attack methods explained

Infosec -- CSO Online - Multi-factor authentication (MFA) continues to embody both the best and worst of business IT security practice. As Roger Grimes wrote in this article about two-factor hacks three years ago, when MFA is done well it can be effective, but when...

June 06, 2021 09:44 PM

Phishing Emails Remain in User Inboxes Over Three Days Before They're Removed

Infosec -- Dark Reading - Most malicious emails get blocked, but the ones that get through linger around dangerously long, a new study shows.

June 06, 2021 09:43 PM

Critical 0day in the Fancy Product Designer WordPress plugin actively exploited

Infosec -- Security Affairs - A critical zero-day vulnerability in the Fancy Product Designer WordPress plugin exposes more than 17,000 websites to attacks.

Researchers from the Wordfence team at WordPress security company Defiant warn that a critical zero-day...

June 06, 2021 09:42 PM

Microsoft 365: Most Common Threat Vectors & Defensive Tips

Infosec -- Dark Reading - Security pros discuss the most typical ways attackers leverage Microsoft 365 and share their guidance for defenders.

June 06, 2021 09:41 PM

The DarkSide Ransomware Gang

Infosec -- Schneier on Security - The New York Times has a long story on the DarkSide ransomware gang.

A glimpse into DarkSide's secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions...

June 06, 2021 09:41 PM

Why CISOs & CIOs Need to Rethink Their Approach to SaaS

Infosec -- The Identity Quotient Blog - The future of work depends on SaaS and today's approach needs a remix. How your identity security strategy needs to reconsider what you consider "visibility" and the dangerous gaps that exist with your current approach.

June 06, 2021 09:40 PM

Johnson Controls and DigiCert Partner to Bring Secure Connectivity to Smart Building Solutions

Media -- Control.com News - Johnson Controls and DigiCert partner to improve security and push forward the digital transformation of smart buildings with a public key infrastructure (PKI).

June 06, 2021 09:26 PM

Proofpoint Delivers Advanced Data Loss Prevention for Microsoft Teams

Globe Newswire -- Technology - Becomes a certified Teams security and compliance partner for data loss prevention Becomes a certified Teams security and compliance partner for data loss prevention

June 06, 2021 03:04 AM

Michael R. Cote to Retire as Secureworks CEO; Board Appoints Wendy K. Thomas as Next President & CEO

Globe Newswire -- Secureworks(r) (NASDAQ:SCWX), a global leader in cybersecurity, today announced that Chief Executive Officer Michael R. Cote is retiring as CEO and a member of the Secureworks Board of Directors, effective Sept. 3, 2021. The Secureworks Board of Directors...

June 06, 2021 03:04 AM

Ping Identity Names Jason Wolf As New Chief Revenue Officer

Business Wire -- Ping Identity, the Intelligent Identity solution for the enterprise, announced the addition of Jason Wolf as Chief Revenue Officer. Wolf is a highly accomplished sales leader holding his most recent role as chief revenue officer at SAP, overseeing the...

June 06, 2021 02:55 AM

VMware Releases 2021 Global Security Insights Report Detailing the Surge in Cyberattacks Targeting the Anywhere Workforce

Business Wire -- At Security Connect, VMware releases the 2021 Global Security Insights Report, detailing the impact of cyberattacks and breaches on organizations.

June 06, 2021 02:54 AM

EfficientIP and IDC: DNS Attacks Rise in the UK, 91% of Organisations Surveyed Have Experienced an Attack With an Average Cost Of £530,000

Business Wire -- Over 90% of organizations in UK have experienced a DNS attack, a rise from last year according to 2021 Global DNS Threat Report.

June 06, 2021 02:49 AM

Blancco Makes Data Erasure Services Available to Government with New Vietnam Office

Business Wire -- Blancco, the industry standard in data erasure, reinforces cybersecurity in Vietnam, opening Hanoi office on 16th floor of Daeha Business Center.

June 06, 2021 02:46 AM

ERI Publishes New Book, "The Insecurity of Everything"

Business Wire -- ERI has published the new book, "The Insecurity of Everything: How Hardware Data Security is Becoming the Most Important Topic in the World."

June 06, 2021 02:42 AM

June 02, 2021

This scary security flaw could let hackers change contracts you already signed

Tech -- BGR - One news publication I've written a fair amount of content for always required that writers prepare and submit invoices in PDF form, ostensibly because they're less susceptible to manipulation compared to a garden variety text-based document. At...

June 02, 2021 07:05 PM

Ping Identity Achieves FAPI-CIBA Certification to Help Companies Gain Financial-Grade Security and a Better Customer Experience

Business Wire -- Ping Identity (NYSE: PING), the Intelligent Identity solution for the enterprise, showcases a continued commitment to open standards through the achievement of the Financial-grade API Client Initiated Back-Channel Authentication (FAPI-CIBA) certification....

June 02, 2021 06:47 PM

JD - 77,449,341 breached accounts

Infosec -- Have I been pwned - In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as...

June 02, 2021 04:36 PM

Cybersecurity requires a more balanced approach to remediation

Infosec -- Barracuda - Every time there is a major security breach every cybersecurity professional gets the same queasy feeling in the pit of their stomach. They all know the difference between their organization and the unfortunate victims of attacks like the...

June 02, 2021 04:35 PM

New Barebones Ransomware Strain Surfaces

Infosec -- Dark Reading - The authors of Epsilon Red have offloaded many tasks that are usually integrated into the ransomware -- such as Volume Shadow Copy deletion -- to PowerShell scripts.

June 02, 2021 04:34 PM