Woodstock Wire: Enterprise Security News

September 19, 2021

Azure Firewall Introduces New Security Features

Enterprise -- InfoQ - Microsoft recently announced new features for Azure Firewall, the managed network security service to protect Azure Virtual Network resources. By Renato Losio

September 19, 2021 12:02 AM

September 18, 2021

Experts warn that Mirai Botnet starts exploiting OMIGOD flaw

Infosec -- Security Affairs - The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online.



Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked...

September 18, 2021 04:18 AM

September 17, 2021

Zero-Click iMessage Exploit

Infosec -- Schneier on Security - Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group's Pegasus spyware.

Apple patched the vulnerability; everyone needs to update their OS immediately.

News articles on the exploit.

September 17, 2021 09:31 PM

A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

Infosec -- Security Affairs - Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines.



Security researchers from Lumen's Black Lotus Labs have discovered several malicious Linux...

September 17, 2021 08:12 PM

OMIGOD, an exploitable hole in Microsoft open source code!

Infosec -- Naked Security - Got Linux? Here's a bug you weren't expecting, in software you might not know you have.

September 17, 2021 07:56 PM

September 16, 2021

DDoS Attacks: A Flourishing Business for Cybercrooks - Podcast

Infosec -- Threatpost - Imperva's Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,

September 16, 2021 08:26 PM

Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk

Infosec -- Threatpost - Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said.

September 16, 2021 08:18 PM

Critical Flaws Discovered in Azure App That Microsoft Secretly Installed on Linux VMs

Infosec -- The Hacker News - Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable...

September 16, 2021 08:03 PM

Microsoft fixes OMIGOD bugs in secret Azure app

Infosec -- Record by Recorded Future - As part of its monthly Patch Tuesday security updates, Microsoft has patched a collection of four vulnerabilities in OMI, a mostly unknown application that the company has been silently installing on most Linux-based Azure...

September 16, 2021 07:59 PM

Steganography explained and how to protect against it

Infosec -- CSO Online - Steganography definition

Steganography is a millennia-old concept that means hiding a secret message within an ordinary-looking file that doesn't raise any suspicions. The word has Greek roots, being a combination of steganos, which translates...

September 16, 2021 07:46 PM

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

Infosec -- The Hacker News - A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office,...

September 16, 2021 07:46 PM

Understanding the Benefits of Managed Cyber Services

Infosec -- TripWire - The State of Security - As part of our upcoming attendance at the International Cyber Expo & International Security Expo, we were lucky enough to sponsor The Cyber Security Webinar Series with Nineteen Group and Grey Hare Media. Both Philip...

September 16, 2021 07:45 PM

ForgeRock Announces Pricing of Initial Public Offering

Business Wire -- ForgeRock, Inc. (ForgeRock), a global identity leader, announces the pricing of its initial public offering.

September 16, 2021 05:52 PM

Guardicore Partners With Fortinet to Simplify Zero Trust Segmentation in Dynamic Hybrid Environments

Business Wire -- Guardicore announced a new technology integration as part of its Fabric-Ready technology alliance partnership with Fortinet.

September 16, 2021 05:47 PM

McAfee Reports Quarterly Dividend for the Third Quarter 2021

Business Wire -- McAfee Corp. ("McAfee" or the "Company") (NASDAQ: MCFE), announced that its Board of Directors has declared a cash dividend for the third quarter of 2021 of $0.115 per share on the Company's Class A common stock. The dividend is payable on or about October...

September 16, 2021 05:41 PM

Ping Identity Names Jason Kees Chief Information Security Officer

Business Wire -- Ping Identity (NYSE: PING), the intelligent identity solution for the enterprise, appointed Jason Kees as the company's new chief information security officer (CISO). He will spearhead Ping Identity's security initiatives that support new services and...

September 16, 2021 05:41 PM

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

Infosec -- Kali Linux - Today we have released the newest version of Kali Linux, 2021.3 (quarter #3), which is now ready for download or updating.

A summary of the changes since the 2021.2 release from June are:

OpenSSL - Wide compatibility by default -

September 14, 2021 08:37 PM

Synopsys Transforms Workspace Security with Citrix(r)

Business Wire -- It's an eternal question among IT organizations: how do you keep corporate data and devices safe without hampering the user experience - particularly in the world of hybrid work? For Synopsys, a global leader in electronic design automation...

September 14, 2021 08:33 PM

Why Zero Trust Security Makes More Sense than VPNs?

Enterprise -- dinCloud - The workplace has undergone massive changes during the past months. The mass scale remote work, triggered by the pandemic, added a whole new dimension of security challenges for organizations and their IT managers.



Given the present day security...

September 14, 2021 08:13 PM

Protect your remote workforce by using a managed DNS firewall and network firewall

Enterprise -- Amazon AWS Blog - More of our customers are adopting flexible work-from-home and remote work strategies that use virtual desktop solutions, such as Amazon WorkSpaces and Amazon AppStream 2.0, to deliver their user applications. Securing these workloads...

September 14, 2021 08:13 PM

Fortinet, Linksys joint venture aims to bring enterprise security to home offices

Enterprise -- ZDNet News - Linksys HomeWRK for Business will provide a new at-home networking package for both corporate and personal networks using enterprise-grade security.

September 14, 2021 07:42 PM

How to explain DevSecOps in plain English

Enterprise -- The Enterprisers Project - How to explain DevSecOps in plain English



Just as DevOps transformed how many IT shops build, deploy, and maintain software, DevSecOps...

September 14, 2021 07:39 PM

Apple releases emergency update: Patch, but don't panic

Infosec -- Malwarebytes Unpacked - Spyware developed by the company NSO Group is back in the news today after Apple released an emergency fix for iPhones, iPads, Macs, and Apple Watches. The update fixes a vulnerability silently exploited by software called Pegasus,...

September 14, 2021 06:51 PM

Google addresses a new Chrome zero-day flaw actively exploited in the wild

Infosec -- Security Affairs - Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited.



Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security...

September 14, 2021 06:46 PM

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

Infosec -- The Hacker News - Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild.

Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities...

September 14, 2021 06:40 PM

Popular NPM package Pac-Resolver affected by a critical flaw

Infosec -- Security Affairs - Experts found a critical flaw, tracked as CVE-2021-23406, in the popular NPM package 'Pac-Resolver' that has millions of downloads every week.



The development team behind a popular NPM package called 'Pac-Resolver' for the JavaScript...

September 14, 2021 06:40 PM

Venafi Survey: Execs Say Companies Negligent in Protecting Security Software Build Environments Should Face Clear Consequences

Business Wire -- Venafi(r), the inventor and leading provider of machine identity management, today announced survey results highlighting the challenges of improving software supply chain security. The survey evaluated the opinions of more than 1,000 IT and...

September 14, 2021 06:23 PM

8 pitfalls that undermine security program success

Infosec -- CSO Online - Some of the biggest breaches have come down to small mistakes.Hackers used a compromised password to access the company network via a virtual private network in the May 2021 Colonial Pipeline attack. A widely known vulnerability that hadn't...

September 14, 2021 03:26 AM

Booz Allen Acquires Tracepoint, Bolstering Market Leadership in Cybersecurity

Business Wire -- Booz Allen Hamilton (NYSE:BAH) today announced that it has completed the acquisition of Tracepoint, an industry-leading digital forensics and incident response (DFIR) company serving public and private sector clients. Booz Allen exercised its option to...

September 14, 2021 03:11 AM

September 11, 2021

Five Serious Cybersecurity Risks That Didn't Exist Ten Years Ago

TMCnet -- The world has changed profoundly in the past decade, bringing with it new innovations and technological breakthroughs. Google had just bought Android. Most of the world was connected through 3G. And most social media were accessed through bulky personal...

September 11, 2021 03:42 AM

Palo Alto Networks reveals malware-detecting WiFi router

Enterprise -- SiliconANGLE - Palo Alto Networks Inc.'s newest product is the Okyo Garde, a wireless mesh router with built-in cybersecurity capabilities that enterprises can use to protect remote workers' home networks from hacking attempts. The device was announced...

September 11, 2021 03:39 AM

Microsoft fixes Azurescape flaw in Azure Container Instances

Infosec -- Security Affairs - Microsoft has fixed the Azurescape issue, a flaw in Azure Container Instances that allows to take over containers of other platform users.



Microsoft has addressed a vulnerability in Azure Container Instances (ACI) called Azurescape...

September 11, 2021 03:09 AM

Yandex Pummeled by Potent Meris DDoS Botnet

Infosec -- Threatpost - Record-breaking distributed denial of service attack targets Russia's version of Google - Yandex.

September 11, 2021 03:06 AM

HAProxy urges users to update after HTTP request smuggling vulnerability found

Enterprise -- ZDNet News - The vulnerability was announced earlier this week by researchers with JFrog, who released a report on the problem.

September 11, 2021 02:14 AM

Amazon offers tips on preventing one of the biggest cybersecurity threats facing IT pros: ransomware attacks

Enterprise -- SiliconANGLE - With great data comes great risk of data interception and security breaches, potentially costing companies millions in damages and various privacy lawsuits. The estimated GDP cost of cybercrime reached $1 trillion in 2018, calling many...

September 11, 2021 02:11 AM

Email Security Recommendations You Should Consider for 2021

Enterprise -- ChannelE2E - Based on 2021 trends, here are top recommendations for email security to safeguard against advanced threats like phishing and malware.

September 11, 2021 02:10 AM

Russia Influences Hackers but Stops Short of Directing Them, Report Says

Tech -- NY Times Technology - The arrangement allows the Russian government some plausible deniability for attacks, researchers found.

September 11, 2021 12:19 AM

September 10, 2021

Meet Meris, the new 250,000-strong DDoS botnet terrorizing the internet

Infosec -- Record by Recorded Future - A new botnet consisting of an estimated 250,000 malware-infected devices has been behind some of the biggest DDoS attacks over the summer, breaking the record for the largest volumetric DDoS attack twice, once in June and...

September 10, 2021 11:32 PM

Ransomware: Take these three steps to protect yourself from attacks and make it easier to recover

Enterprise -- ZDNet News - Microsoft sets out a three stage process to improve your defences against ransomware.

September 10, 2021 12:34 AM

Is Your Attack Surface Management Plan Ready?

Enterprise -- Palo Alto Networks Blog - For security teams, the threat of cyberattacks is constantly looming, but feeling that a breach is inevitable should never get in the way of being prepared. So the question is: Do you have an Attack Surface Management (ASM) plan...

September 10, 2021 12:33 AM

September 09, 2021

'Azurescape' Kubernetes Attack Allows Cross-Container Cloud Compromise

Infosec -- Threatpost - A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.

September 09, 2021 10:39 PM

HAProxy vulnerability enables HTTP request smuggling attacks

Infosec -- The Daily Swig - Project maintainers patch integer overflow flaw that has various potentially damaging outcomes

September 09, 2021 09:26 PM

Millions of Microsoft web servers powered by vulnerable legacy software

Infosec -- Security Affairs - CyberNews researchers identified more than 2 million web servers worldwide still running on outdated and vulnerable versions of Microsoft Internet Information Services software.



These legacy versions are no longer supported by Microsoft,...

September 09, 2021 09:26 PM

Yandex is under the largest DDoS attack in the history of Runet

Infosec -- Security Affairs - The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week.



The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet,...

September 09, 2021 09:25 PM

Groove gang leaks list of 500k credentials of compromised Fortinet appliances

Infosec -- Security Affairs - Groove gang leaked online Fortinet credentials that could be used to breach networks of organizations using the compromised devices.



The financially motivated threat actor Groove has leaked online compromised credentials belonging...

September 09, 2021 09:25 PM

Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows

Infosec -- Threatpost - Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files.

September 09, 2021 09:23 PM

New Cybersecurity Report from HP Reveals 91% of IT Teams Feel Pressure to Compromise Security

Globe Newswire -- Technology - Securing the growing hybrid workplace presents exponential threat landscape Securing the growing hybrid workplace presents exponential threat landscape

September 09, 2021 09:02 PM

WISeKey and FOSSA Systems present WISeSat at The International Cybersecurity Forum (FIC) for delivering secure and global, satellite IoT connectivity

Globe Newswire -- Technology - WISeKey and FOSSA Systems present WISeSat at The International Cybersecurity Forum (FIC) for delivering secure and global, satellite IoT connectivity

September 09, 2021 09:02 PM

IronNet to Ring Opening Bell at New York Stock Exchange

Business Wire -- IronNet, Inc. (NYSE: IRNT) ("IronNet"), an innovative leader transforming cybersecurity through Collective Defense, today announced that General (Ret.) Keith Alexander, IronNet Founder and co-Chief Executive Officer, will ring the Opening Bell(r) at the...

September 09, 2021 08:47 PM