Woodstock Wire: Enterprise Security News

Enterprise -- ZDNet News - Coalfire takes us through the story of security professionals arrested at a courthouse while conducting tests on behalf of the state.

Enterprise -- Data Center Knowledge - Researchers who found the path transversal vulnerability also found hundreds of exposed servers via the internet.

Enterprise -- Cloud Native Computing Foundation - We are proud to announce that the etcd team has successfully completed a 3rd party security audit for the etcd latest major release 3.4. The third party...

Globe Newswire -- Technology - WISeKey International Holding Ltd ("WISeKey" or "Company") (SIX: WIHN, NASDAQ: WKEY), a leading global cybersecurity and IoT company, announced today that it has entered into a Convertible Loan Agreement...

Enterprise -- CIO - The hits just keep coming - a global pandemic with no clear end in sight, business shutdowns, remote work mandates, a surge in cyber attacks, business strategy upheaval, and an uncertain business future. It's a wonder CIOs get any sleep at night....

Enterprise -- ZDNet News - The list has been shared on a Russian-speaking hacker forum frequented by multiple ransomware gangs.

Enterprise -- Amazon AWS Blog - In November 2019, Amazon launched a new version of AWS Web Application Firewall (WAF) that offers a richer and easier to use set of features. In this post, we show you some of the changes and how to migrate from AWS WAF Classic to the...

Enterprise -- ChannelBuzz.ca - As more cities and states brace for extended shutdowns, MSPs should be mindful of emerging security risks.

Enterprise -- Palo Alto Networks Blog - Clients often ask me, "How do I know if I have 'enough' security in the cloud?" This is a great question because it shows a willingness to learn. The truth is that there is no right answer.

However, a simple place to begin is...

Enterprise -- ChannelE2E - Software container deployments introduce new security challenges. Forrester's Sandy Carielli outlines best practices for container security.

Enterprise -- Channelnomics - Beware of internal bad actors and prying eyes



When we think of cybersecurity breaches, we often conjure up images of so-called black hats - miscreants with hooded garments sitting...

Enterprise -- Channelnomics - SOAR, partnered with Infoblox data, can help organizations efficiently respond to the rising number of cyberthreats.By Srikrupa Srivatsan, Director of Product Marketing,...

Enterprise -- ZDNet News - US government agencies say the Taidoor remote access trojan (RAT) has been used as far back as 2008.

Business Wire -- BLACK HAT USA--McAfee Advanced Threat Research (ATR), a leading source for threat research, threat intelligence, and cybersecurity thought leadership, today announced a joint research effort with JSOF, who discovered and responsibly disclosed 19 zero-day...

Business Wire -- Frontline 2021 release

Globe Newswire -- Technology - Second Quarter 2020 Highlights

Globe Newswire -- Technology - FortiGate 4400F is the Only Firewall Capable of Securing Hyperscale Data Centers and 5G Networks, Delivering the Industry's Highest Performance with Security Compute Ratings of up to 13x FortiGate 4400F is the Only Firewall Capable of Securing...

Globe Newswire -- LastPass by LogMeIn today unveiled a new Security Dashboard, providing end users with a complete overview of the security of their online accounts and actionable steps to strengthen their online security. Building on the original LastPass Security Challenge,...

Globe Newswire -- Technology - Yet only four out of 10 security leaders can answer the question, "How secure, or at risk, are we?" Yet only four out of 10 security leaders can answer the question, "How secure, or at risk, are we?"

Globe Newswire -- Technology - A U.S. Department of Defense Command Sponsors Zscaler for Certification; Zscaler to Deliver Secure Internet and SaaS Access to Federal Agencies A U.S. Department of Defense Command Sponsors Zscaler for Certification; Zscaler to Deliver Secure...

Globe Newswire -- Technology - Online eLearning program on cloud, network, endpoint, and mobile security now available to NYU's Tandon School of Engineering to develop student's cybersecurity knowledge Online eLearning program on cloud, network, endpoint, and mobile security...

Electronics -- IEEE Spectrum - SANS and AWS Marketplace will discuss the exercise of applying MITRE's ATT&CK Matrix to the AWS Cloud. They will also explore how to enhance threat detection and hunting in an AWS environment to maintain a strong security posture.

Business Wire -- CyberArk (NASDAQ: CYBR), the global leader in privileged access management, today announced financial results for the second quarter ended June 30, 2020. "We were pleased to deliver results ahead of all guided metrics for the second quarter," said Udi...

Globe Newswire -- Technology - Cortex XSOAR Marketplace enables organizations to discover, share and consume security orchestration innovations from a global ecosystem to scale up automation Cortex XSOAR Marketplace enables organizations to discover, share and consume...

Infosec -- Security Affairs - Red Hat is warning customers to not install the package updates released to address the BootHole vulnerability due to possible problems reported by the users.



This week, firmware security company Eclypsium reported that billions...

Infosec -- The Daily Swig - Google's Project Zero argues that detection bias might be at play when we consider zero-day vulnerability rates in popular products

Infosec -- The Hacker News - Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server.



Remote timing attacks that work...

Infosec -- Dark Reading - Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.

Infosec -- Security Affairs - Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue, dubbed BootHole, that can be exploited to install a stealthy malware.



Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader...

Infosec -- Dark Reading - New IBM study shows that security system complexity and cloud migration can amplify breach costs.

Infosec -- EFF Deeplinks - This November, Californians will be called upon to vote on a ballot initiative called the California Privacy Rights Act, or Proposition 24. EFF does not support it; nor does EFF oppose it.

EFF works across the country to enact and defend...

Infosec -- Krebs on Security - Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which...

Infosec -- The Hacker News - A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide-including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution...

Infosec -- Threatpost - The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT,IoT and home networks.

Infosec -- CSO Online - Operating system maintainers, computer manufacturers, security and virtualization software vendors have worked together over the past few months to coordinate a unified response to a vulnerability that allows attackers to bypass boot process...

Infosec -- CyberScoop - In June, the antivirus company ESET stumbled across an insidious strain of ransomware that prevents a computer from loading and locks its data.

A saving grace was that, in order for the attack to work, a ubiquitous feature known as UEFI Secure...

Infosec -- Security Affairs - Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers



Cybersecurity researchers at Intezer spotted a new completely undetectable Linux...

Infosec -- CSO Online - The need to manage patching on home machines that have no Group Policy, Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) control means that you may be looking for alternatives. Employees' personal machines...

Infosec -- WeLiveSecurity - The Bureau expects cybercriminals to increasingly abuse new threat vectors for large-scale DDoS attacks

Infosec -- CyberScoop - Sometime in the second half of 2019, suspected Iranian hackers started burrowing into the network of an unnamed organization in the Middle East. What likely began, according to investigators, as a breach of a virtual private network application...

Infosec -- Schneier on Security - The Atlantic Council has a released a report that looks at the history of computer supply chain attacks.



Key trends from their summary:



Deep Impact from State Actors: There were at least 27 different state attacks against the...

Infosec -- Krebs on Security - Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity...

Infosec -- Recorded Future - Our guest today is Sherri Davidoff. She's the founder and CEO of LMG Security, a cybersecurity and digital forensics firm with clients across the globe. She shares the story of her professional journey, including her time deep in the...

Enterprise -- Silicon Republic - Earlier in July, Twitter experienced a major hack targeting the accounts of celebrities such as Elon Musk, Bill Gates, Jeff Bezos, Mike Bloomberg and Kanye West.

As a result of the cyberattack, hackers managed to collect $116,000 worth...

Enterprise -- AWS Insider - Cloud giants Amazon Web Services and Microsoft Azure are at particular risk for hidden admin users to take over customer accounts, according to a recent report by cybersecurity specialist CyberArk.

Enterprise -- SiliconANGLE - A newly discovered serious vulnerability that affects most Linux and Windows installations, including servers, opens the door to hackers to run riot. Discovered by security researchers at enterprise device security firm Eclypsium Inc....

Enterprise -- DevOps.com - Here's what developers need to know to ensure compliance with the two biggest privacy laws The digital landscape is continuously evolving, and privacy regulations such as CCPA (California Consumer Privacy Act) and the European Union's GDPR...

Enterprise -- Silicon Republic - With just months to go before the Data Protection Commission (DPC) begins enforcing its guidance on web cookie compliance, Sligo web design business Dmac Media has warned Irish businesses that they may not yet be compliant with the...

Enterprise -- Channelnomics - Pulse Secure Eases Access to Cloud, Data Center ApplicationsJuly 28, 2020MSSPs and other partners can leverage new PZTA solution for enterprise customersBy Jeffrey BurtPulse Secure is launching a cloud-based secure access service that...

Enterprise -- Network World News - Businesses considering the secure access service edge (SASE) model need to understand that there are numerous ways to implement it that can be tailored to their future needs and the realities of their legacy networks.As defined by...