Woodstock Wire: Enterprise Security News

November 30, 2021

Introducing ThreatConnect 6.4 - Improving Threat Intelligence Processes and SOC Metrics

Business Wire -- ThreatConnect 6.4 significantly improves the threat intelligence process and helps SOC directors to identify and understand threats with more context.

November 30, 2021 09:05 PM

November 29, 2021

New E-Commerce Cybersecurity Guide Helps Brands be Proactive This Holiday Shopping Season

Infosec -- RiskIQ - This year, our goal is to help brands fight back by sharing approachable ways for beginners and seasoned cybersecurity professionals alike to keep their organizations safe. Phishing and other malicious sites have distinct characteristics we can...

November 29, 2021 06:19 AM

A Simple 5-Step Framework to Minimize the Risk of a Data Breach

Infosec -- The Hacker News - Today's businesses run on data. They collect it from customers at every interaction, and they use it to improve efficiency, increase their agility, and provide higher levels of service. But it's becoming painfully obvious that all of...

November 29, 2021 06:16 AM

New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

Infosec -- The Hacker News - Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites...

November 29, 2021 06:16 AM

Are China's new privacy laws scuppering access to ship positioning systems?

Infosec -- Record by Recorded Future - The International Maritime Organization and other shipping bodies need to know where large ships are sailing in order to prevent them from running into each other. So they use something called the automatic identification...

November 29, 2021 06:14 AM

Microsoft addresses a high-severity vulnerability in Azure AD

Infosec -- Security Affairs - Microsoft recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306, affecting Azure AD.

Microsoft has recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306, affecting Azure...

November 29, 2021 06:07 AM

Addressing the Low-Code Security Elephant in the Room

Infosec -- Dark Reading - The danger of anyone being able to spin up new applications is that few are thinking about security. Here's why everyone is responsible for the security of low-code/no-code applications.

November 29, 2021 06:05 AM

Attackers deploy Linux backdoor on e-stores compromised with software skimmer

Infosec -- Security Affairs - Researchers discovered threat actors installing a Linux backdoor on compromised e-commerce servers after deploying a credit card skimmer into e-stores.

Security researchers from Sansec Threat Research Team discovered a Linux backdoor...

November 29, 2021 05:15 AM

3 Top Tools for Defending Against Phishing Attacks

Infosec -- Threatpost - Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.

November 29, 2021 05:13 AM

November 23, 2021

How to Build a Security Awareness Training Program that Yields Measurable Results

Infosec -- The Hacker News - Organizations have been worrying about cyber security since the advent of the technological age. Today, digital transformation coupled with the rise of remote work has made the need for security awareness all the more critical.


November 23, 2021 05:59 AM

6 Tips To Keep in Mind for Ransomware Defense

Infosec -- Dark Reading - Ransomware is everywhere, including the nightly news. Most people know what it is, but how do ransomware attackers get in, and how can we defend against them?

November 23, 2021 05:54 AM

Hundreds of WordPress sites defaced in fake ransomware attacks

Infosec -- Record by Recorded Future - Hundreds of WordPress sites have been defaced over the weekend with a message claiming that the site's data was encrypted in what security firm Sucuri has described as "fake ransomware."

November 23, 2021 05:53 AM

HTTP header smuggling attack against AWS API Gateway exposes systems to cache poisoning

Infosec -- The Daily Swig - New hacking technique may pave the way for other serious attacks

November 23, 2021 04:27 AM

8 Tips To Keep in Mind for Ransomware Defense

Infosec -- Dark Reading - Ransomware is everywhere, including the nightly news. Most people know what it is, but how do ransomware attackers get in, and how can we defend against them?

November 23, 2021 04:23 AM

Biden signs infrastructure bill that provides nearly $2 billion for cybersecurity

Infosec -- CyberScoop - Presdent Joe Biden signed a $1 trillion infrastructure bill into law on Monday that includes nearly $2 billion for cybersecurity and related provisions.

The biggest piece of digital security funding is a Federal Emergency Management Agency...

November 23, 2021 04:23 AM

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Infosec -- Security Affairs - Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps).

Cloudflare, Inc. is an American web infrastructure and website security company that provides...

November 23, 2021 04:22 AM

Initial Access Brokers: Selling Entry into Your Network

Infosec -- PhishLabs - In this post, we take a look at Initial Access Brokers (IABs), popular ransomware affiliates that sell access to compromised networks.

November 23, 2021 04:20 AM

Evasive maneuvers: HTML smuggling explained

Infosec -- Malwarebytes Unpacked - Microsoft Threat Intelligence Center (MSTIC) last week disclosed "a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features" that it calls HTML smuggling.

November 23, 2021 01:54 AM

Microsoft fixes reflected XSS in Exchange Server

Infosec -- The Daily Swig - Researchers' bid to reproduce ProxyShell yields something entirely new

November 23, 2021 01:54 AM

Hackers fire off hoax email messages from FBI account after exploiting misconfigured server

Infosec -- CyberScoop - Hackers sent a barrage of fake emails over the weekend using an FBI email account, the agency acknowledged, to falsely warn recipients that an attacker stole their information.

The nonprofit spam-tracking service Spamhaus Project estimated...

November 23, 2021 01:54 AM

How to Tackle SaaS Security Misconfigurations

Infosec -- The Hacker News - Whether it's Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring these apps' security settings are properly configured falls...

November 23, 2021 01:46 AM

VERT Research Tips: Byting into Python

Infosec -- TripWire - The State of Security - The past few weeks, I've been spending a lot of my free time preparing for the OSCP exam, which means refreshing a lot of skills that I haven't used in years. A large part of that is rebuilding muscle memory around buffer...

November 23, 2021 01:44 AM

DNS Cache Poisoning Attack: Resurrections with Side Channels

Media -- Semiconductor Engineering - "DNS is one of the fundamental and ancient protocols on the Internet that supports many network applications and services. Unfortunately, DNS was designed without security in mind and is subject to a variety of serious...

November 23, 2021 01:10 AM

November 22, 2021

The ransomware threat is getting worse. But businesses still aren't taking it seriously

Enterprise -- ZDNet News - Ransomware is growing in scale and severity. It's time to start paying attention.

November 22, 2021 04:41 AM

Palo Alto software advances end-to-end enterprise cloud security

Enterprise -- Network World News - Palo Alto Networks has bolstered its security software to better protect enterprise Software-as-a-Service (SaaS) applications.The company rolled out a new version of its core cloud-security package, Prisma 3.0, which includes the...

November 22, 2021 04:35 AM

ThycoticCentrify Report: 57% of Organizations Suffered Security Incidents Related to Exposed Secrets in DevOps

Enterprise -- VMblog - ThycoticCentrify published a new survey report from Forrester that addresses the security innovation paradox in DevOps environments. While revealing...

November 22, 2021 04:31 AM

Ransomware gangs are now rich enough to buy zero-day flaws, say researchers

Enterprise -- ZDNet News - Zero-day cybersecurity vulnerabilities have traditionally been the area of nation-states - but now criminal gangs have the funds to buy their own.

November 22, 2021 04:26 AM

The next big thing in network security?

Enterprise -- CIO - It's no surprise, but the security threat landscape is rapidly becoming more sophisticated, as evidenced by the Colonial Pipeline, Kaseya, and SolarWinds attacks earlier this year. Considering the pace of digital transformation in today's business,...

November 22, 2021 02:23 AM

Hyperledger Fabric Security Threats: What to Look For

SupplyChain -- Hyperledger - Hyperledger Fabric is designed to enable secure collaboration between multiple organizations operating with limited trust. Despite the security improvements Hyperledger Fabric provides, deployments still require careful configuration and...

November 22, 2021 01:20 AM

November 21, 2021

RiskIQ Releases 2021 E-Commerce Guide To Help Businesses Unmask Cyber Threats This Holiday Shopping Season

Globe Newswire -- RiskIQ, a leader in internet security intelligence, today released its Holiday Shopping Cybersecurity Guide for E-Commerce. The guide examines twelve common characteristics, or red flags, of phishing and other malicious pages that threat actors will use...

November 21, 2021 02:22 AM

Sophos Ranked "Best Enterprise Endpoint Security" by SE Labs

Globe Newswire -- Technology - Sophos Intercept X Advanced Tops the Enterprise Endpoint Solutions Tested in SE Labs' 2021 Annual Report Sophos Intercept X Advanced Tops the Enterprise Endpoint Solutions Tested in SE Labs' 2021 Annual Report

November 21, 2021 02:22 AM

Sophos Discovers New Memento Ransomware

Globe Newswire -- Technology - Memento Ransomware Locked Files in a Password-Protected Archive When it Couldn't Encrypt the Data and Demands $1 Million in Bitcoin Memento Ransomware Locked Files in a Password-Protected Archive When it Couldn't Encrypt the Data and Demands...

November 21, 2021 02:20 AM

ForgeRock Announces Partial Early Lock-up Release

Business Wire -- ForgeRock, Inc. ("ForgeRock") (NYSE: FORG), a global leader in digital identity, today announced an upcoming partial early lock-up release with respect to ForgeRock's Class A common stock, par value $0.001 per share (the "shares"), pursuant to the terms...

November 21, 2021 12:57 AM

Guardicore Expands Coverage, Simplifies Segmentation Policy Creation and Enforcement to Secure Complex Environments Against Ransomware

Business Wire -- New Features Introduce DNS Security, Automated Labeling and Policy Suggestions, and Expanded Coverage Where Agents Cannot be Installed

November 21, 2021 12:38 AM

Offensive Security Unveils Its First Defensive Security Training and Certification Offering

Business Wire -- Offensive Security, the leading provider of hands-on cybersecurity training and certification, today announced the launch of two new courses, expanding the company's curriculum with new trainings for defensive security and web application...

November 21, 2021 12:19 AM

November 19, 2021

Code42 and Splunk Partner to Enhance Detection and Response to Insider Threat Events

Business Wire -- Code42, announced it is to deliver its data exfiltration alerts and dashboards within the Splunk(r) Security Operations Suite.

November 19, 2021 12:02 AM

November 18, 2021

Cloudflare Makes it Easy for Developers to Build Any Application on Its Industry-Leading Serverless Platform

Business Wire -- Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced new tools and integrations to make developing applications simple, flexible, and fast. Now developers will be able to...

November 18, 2021 11:59 PM

ForgeRock to Aid Australia's Reopening of Its International Borders

Business Wire -- Australia Uses ForgeRock Identity Platform to Build New Digital Passenger Declaration Cards to Open International Borders Post-pandemic.

November 18, 2021 11:55 PM

ForgeRock Ranks First for External Access Management Use Case in the 2021 Gartner(r) Critical Capabilities for Access Management

Business Wire -- ForgeRock ranks first in 2021 Gartner Critical Capabilities for Access Management for External Access Management Use Case.

November 18, 2021 11:55 PM

November 15, 2021

Bad bots on the rise: How to fight back

Infosec -- Barracuda - Bots account for about half of all internet traffic - and about half of that is due to malicious bots. These bots execute a wide variety of attacks, including web scraping, account takeover, distributed denial of service (DDoS), distributed...

November 15, 2021 03:00 AM

A flaw in WP Reset PRO WordPress plugin allows wiping the installation DB

Infosec -- Security Affairs - A critical vulnerability in the WP Reset PRO WordPress plugin can allow an authenticated user to wipe the entire database of WordPress sites.

Researchers from cybersecurity form Packstack have discovered a critical vulnerability...

November 15, 2021 02:59 AM

Experts found 14 new flaws in BusyBox, millions of devices at risk

Infosec -- Security Affairs - Researchers have identified a total of 14 new vulnerabilities in BusyBox that expose million of Unix-based devices to cyberattacks.

Researchers from software development company JFrog and industrial cybersecurity firm Claroty have...

November 15, 2021 02:59 AM

8 Best Practices for Data Security in Hybrid Environments

Infosec -- TripWire - The State of Security - Operating in hybrid environments can get really tricky at times. As more and more organizations are moving their sensitive data to the public cloud, the need to keep this data secure and private has increased significantly...

November 15, 2021 02:58 AM

Mozilla disables 'low usage' encryption feature to resolve Thunderbird HTTP/2 vulnerability

Infosec -- The Daily Swig - Multiple flaws in email client resolved with security update

November 15, 2021 02:57 AM

Types of Penetration Testing

Infosec -- The Hacker News - If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. With that knowledge, you'll be better equipped to define the scope for your...

November 15, 2021 02:56 AM

November 14, 2021

This sneaky trick lets attackers smuggle malware onto your network

Enterprise -- ZDNet News - Cyber criminals learn how to create crafty web attacks from state-sponsored hackers, Microsoft warns.

November 14, 2021 11:40 PM

Akamai Brings Web Application and API Security Together

Enterprise -- DevOps.com - Akamai Technologies, Inc. this week launched a service that consolidates the process of securing both web applications and application programming interfaces (APIs). Amol Mathur, vice president of product management and strategy for Akamai,...

November 14, 2021 11:22 PM

Palo Alto Networks patches 9.8 severity CVE in popular GlobalProtect product

Enterprise -- The Register - Arbitrary code execution by unauthenticated attacker? Big oops

Palo Alto Networks has issued a patch for a CVSS 9.8-rated buffer overflow affecting a VPN component of its widely used firewall software, warning that the flaw allows unauthenticated...

November 14, 2021 11:21 PM

What Machine Learning Can Do for Security

Enterprise -- InfoQ - Machine learning can be applied in various ways in security, for instance, in malware analysis, to make predictions, and for clustering security events. It can also be used to detect previously unknown attacks with no established signature. By...

November 14, 2021 11:19 PM

DNS Security - A Critical Element of the Shift to Long-Term Remote Work

Enterprise -- EfficientIP - Twenty months into the COVID-19 pandemic, remote work is no longer a temporary situation but the status quo for many. In fact, recently Gartner forecasts indicated that by the close of this year, 51% of knowledge workers worldwide are expected...

November 14, 2021 11:14 PM