A new cheatsheet from four infosec agencies tells us how to use PowerShell for good, rather than let scrotes misuse it to “live off the land.”
The post NSA Wants To Help you Lock Down MS Windows in PowerShell appeared first on Security Boulevard.
Tag: Application Security
Global Security News, Vulnerabilities
CrowdStrike: Ransomware Actor Caught Exploiting Mitel VOIP Zero-Day
by Ryan Naraine •
Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.
read more
Europe, Global Security News, North America
NIST Sets SSE Framework in Final SP 800-160 Guidance
by Nathan Eddy •
The National Institute of Standards and Technology (NIST) published a final version of updated standards for systems security engineering (SSE) with significant content and design changes, including a renewed emphasis on the importance of systems engi…
Global Security News
US, UK, New Zealand Issue PowerShell Security Guidance
by Ionut Arghire •
The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Cyber Security Centres in New Zealand (NZ NCSC) and the United Kingdom (NCSC-UK) have issued joint guidance on the proper configuration…
Europe, Global Security News, North America
Why Automation is a Must Have for Disaster Recovery
by Prakash Sinha •
We have seen a spate of cloud service provider outages with overly negative economic impact. The AWS outage in December 2021 disrupted Disney+, Ticketmaster, Slack and Netflix, among a host of others. The Facebook (now Meta) outage in October 2021 was…
Global Security News, Vulnerabilities
Top Cryptographers Flag ‘Devastating’ Flaws in MEGA Cloud Storage
by Ryan Naraine •
Cryptographers at Swiss university ETH Zurich have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service and warned that the issues could lead to “devastating attacks on the confidentiality and integrity of use…
Europe, Global Security News, North America
Cloudflare’s Outage – Key Takeaway, Design for Failures
by Vivek Gopalan •
Downtime and outages: are they common? While downtime and inaccessibility of small sites go unnoticed, the awareness of massive outages spreads faster and makes it into the headlines. The recent.
The post Cloudflare’s Outage – Key Takeaway, Design for …
Security Vendor News
Natural Language Processing and “Mindful” AI Drive More Sophisticated Bad Bot Attacks
by Oren Gravier •
The evolution from human to bot attacks Over the last several years of my career in cyber security, I have been fortunate to work with professionals who researched and developed new cyber security detection and prevention solutions that block high-end cyber attacks. Initially, these attacks were driven by humans and later by sophisticated bad bots. […]
The post Natural Language Processing and “Mindful” AI Drive More Sophisticated Bad Bot Attacks appeared first on Blog.
Global Security News, Vulnerabilities
Aqua Security Ships Open-Source Tool for Auditing Software Supply Chain
by Ryan Naraine •
Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark….
Europe, Global Security News, North America
IDC Link on CodeSec – Contrast’s new free developer security tool
by Orlando Villanueva •
On June 2, 2022, Contrast Security released a new, free developer security tool: CodeSec by Contrast. The tool brings Contrast’s fastest and most accurate scanner in the market right to developers at no cost. Providing actionable remediation gui…
Europe, Global Security News, North America, Vulnerabilities
Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’
by Richi Jennings •
Capital One hacker Paige A. Thompson has been found guilty. But it has to be said that Capital One’s security design was absolutely awful.
The post Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’ appeared first on S…
Europe, Global Security News, North America
Why the Long View Matters in API Attack Protection
by Bret Settle •
In API attack protection, context is key. The old-school method of looking for attack signatures then swatting away threats as they emerge will not be effective against contemporary API attacks. Attackers are sophisticated, stealthy, and patient: API a…
Global Security News, Vulnerabilities
RevealSecurity Raises $23M for Application Detection and Response
by Ryan Naraine •
RevealSecurity, an Israeli data security startup building technology to thwart malicious insider threats, on Tuesday announced the closing of a $23 million funding round led by SYN Ventures.
In addition to SYN Ventures, Hanaco Ventures, SilverTech Vent…
Europe, Global Security News, North America
Uvalde Shooting Investigation Reveals Major Privacy Violation
by Mark Rasch •
In Carpenter v. United States, the Supreme Court noted that, in order for law enforcement officials to obtain location data for cell phones, they needed to have a warrant signed by a neutral and detached magistrate, establish probable cause to believe…
Security Vendor News
Four Key Findings from the 2022 Cyberthreat Defense Report
by Bruce Lynch •
For the ninth year, Imperva is proud to sponsor CyberEdge Group’s annual Cyberthreat Defense Report. In this report, CyberEdge Group delivers a detailed accounting of how IT security professionals perceive cyberthreats today and reveals actionable insights into how they plan to defend their enterprises against them. To develop these findings, CyberEdge Group surveyed 1,200 IT […]
The post Four Key Findings from the 2022 Cyberthreat Defense Report appeared first on Blog.
Europe, Global Security News, North America, Vulnerabilities
HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook
by Richi Jennings •
A study shows many U.S. hospitals are leaking personal information to Facebook. Experts say it’s a HIPAA violation.
The post HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook appeared first on Security Boulevard.
Europe, Global Security News, North America, Vulnerabilities
Deepfence FAQ – June 2022
by Jamie Gale •
Welcome to our first FAQ blog post where we recap popular questions we’ve received along with the answers to them. What is the inspiration for this particular post? While on the road recently, at KubeCon + CloudNativeCon Europe, as well
The post Deepfe…
Europe, Global Security News, North America, Vulnerabilities
Radware Survey Reveals API Security Weaknesses
by Michael Vizard •
A survey published today suggests there is a disconnect between the perceived and actual level of security being applied to application programming interfaces (APIs). The survey polled 203 IT professionals in Europe, Asia and North America from organi…
Global Security News, Vulnerabilities
‘MaliBot’ Android Malware Steals Financial, Personal Information
by Ionut Arghire •
Researchers at F5 Labs have nabbed a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices.
read more
Global Security News, Vulnerabilities
Volexity Blames ‘DriftingCloud’ APT For Sophos Firewall Zero-Day
by Ryan Naraine •
Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors and launch man-in-the-middle attacks.
read more
Europe, Global Security News, North America
The Danger of API Security Overconfidence: Four Takeaways from Radware’s 2022 State of API Security Survey
by Prakash Sinha •
A short list of the companies that have suffered recent API-related breaches are a who’s-who of the global technology brain trust: Microsoft, Venmo, Equifax, Instagram, Facebook, Amazon, PayPal, and many others. If even these tech-savvy organizations …
Security Vendor News
ZTNA 1.0 Has an App Problem — It Can’t Secure All Apps
by Amelia Albanese •
While legacy ZTNA 1.0 solutions only address a fraction of enterprise apps, ZTNA 2.0 will secure all apps consistently, regardless of where they’re hosted.
The post ZTNA 1.0 Has an App Problem — It Can’t Secure All Apps appeared first on Palo Alto Networks Blog.
Global Security News, Vulnerabilities
GreyNoise Attracts Major Investor Interest
by Ryan Naraine •
GreyNoise Intelligence, a startup competing in the crowded threat-intelligence space, has deposited $15 million in a new round of venture capital funding led by Radian Capital.
read more
Global Security News, Vulnerabilities
GreyNoise Attracts Major Investor Interest
by Ryan Naraine •
GreyNoise Intelligence, a startup competing in the crowded threat-intelligence space, has deposited $15 million in a new round of venture capital funding led by Radian Capital.
read more
North America
Cloud Native Application Protection Platform: A Utility Knife for Cloud Security Services
by Michael Massimi •
Does the world need another acronym? Probably not. But it seems like one is born every day in the cybersecurity market. As a tradeoff for the brain power to recall their cryptic meanings, we should at least expect progress on the technology front. We have seen this before. With all that’s happened in the last […]
The post Cloud Native Application Protection Platform: A Utility Knife for Cloud Security Services appeared first on Security Intelligence.
Global Security News, Vulnerabilities
Jit Banks Massive $38.5 Seed Round Funding
by Ryan Naraine •
Jit, an Israeli startup promising technology to help developers simplify security when deploying cloud apps, has banked an eye-opening $38.5 million in seed-stage funding.
The funding round was Boldstart Ventures. Venture capital outfit Insight Partner…
Europe, Global Security News, North America
HID Global’s Three Pillars of Operational Security
by Karin Althaus •
In view of the more frequent and more sophisticated attacks on the software supply chain, securing the software development lifecycle has become more important than ever. But that’s easier said than done. Manual security scans require far too man…
Europe, Global Security News, North America
Identity and Access: The Game is the Same, But Fiercer
by Gunnar Peterson •
Earlier this year, cybercriminals infiltrated authentication provider Okta’s systems. Okta is used by thousands of organizations around the world to manage access to their networks and applications. The threat actor gang, known as Lapsus$, gained acce…
Europe, Global Security News, North America
Identity and Access: The Game is the Same, But Fiercer
by Gunnar Peterson •
Earlier this year, cybercriminals infiltrated authentication provider Okta’s systems. Okta is used by thousands of organizations around the world to manage access to their networks and applications. The threat actor gang, known as Lapsus$, gained acce…
Security Vendor News
Imperva Introduces New Features to Help Prevent Online Fraud
by Erez Hasson •
As we move more of our daily activities and the services we consume online, the threat of fraud grows, and the risks become greater. Data suggests the majority of organizations are already detecting a rise in online fraud. In a recent survey of senior risk executives, 67 percent said that their companies have experienced external […]
The post Imperva Introduces New Features to Help Prevent Online Fraud appeared first on Blog.
Global Security News, Vulnerabilities
New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD Processors
by Eduard Kovacs •
A team of academic researchers has identified a new side-channel method that can allow hackers to remotely extract sensitive information from a targeted system through a CPU timing attack.
read more
Europe, Global Security News, North America
Introducing Ghostwriter v3.0
by Christopher Maddalena •
The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and there has never been a better time to try out Ghostwriter.
Our goal was to make it much simpler to install and manage the application a…
Global Security News, Vulnerabilities
Adobe Plugs 46 Security Flaws on Patch Tuesday
by Ryan Naraine •
Adobe’s security response team has pushed out a massive batch of patches to cover at least 46 vulnerabilities in a wide range of enterprise-facing software products.
As part of its scheduled Patch Tuesday release for June, Adobe warned of “critical” co…
Global Security News, Vulnerabilities
Report: L3 Emerges as Suitor for Embattled NSO Group
by Ryan Naraine •
L3 Technologies, a U.S. government contractor that sells aerospace and defense technology, has emerged as a suitor for Israeli exploit merchant NSO Group.
read more
Europe, Global Security News, North America, Vulnerabilities
Noname Security Expands API Security Platform
by Michael Vizard •
Noname Security has updated its platform for securing application programming interfaces (APIs) to make it possible to discover them in seconds and then automatically remediate vulnerabilities when discovered. In addition, Noname API Security Platform…
Europe, Global Security News, North America, Vulnerabilities
JFrog Discloses Config Vulnerability in Envoy Proxy Software
by Michael Vizard •
A security research team at JFrog, a provider of a continuous integration/continuous delivery (CI/CD) platform, has discovered a vulnerability in certain compression configurations of open source Envoy proxy software that can be used by a distributed …
Global Security News, Vulnerabilities
Avast: New Linux Rootkit and Backdoor Align Perfectly
by Ionut Arghire •
Malware hunters at Avast have analyzed a newly discovered rootkit and backdoor that target Linux and appear designed to function in synergy with each other.
read more
Global Security News, Vulnerabilities
Avast: New Linux Rootkit and Backdoor Align Perfectly
by Ionut Arghire •
Malware hunters at Avast have analyzed a newly discovered rootkit and backdoor that target Linux and appear designed to function in synergy with each other.
read more
Security Vendor News
Gone Ape? How to Protect NFTs from Theft
by Nik Hewitt •
What are NFTs? Non-fungible tokens (NFTs) are unique and irreplaceable digital assets that, by their nature, have an intrinsic value. These could be digital art, photography, GIFs, avatars, memes, 3D objects, domain names, trading cards, virtual land, music, or other digitally tradable tokens. Each contains a distinctive identifier that allows them to be sold or […]
The post Gone Ape? How to Protect NFTs from Theft appeared first on Blog.
Global Security News, North America
Saas security: How to avoid “death by 1000 apps”
by Help Net Security •
SaaS applications have become synonymous with modern business environments, and CISOs and security teams struggle to find a happy medium between ensuring the security of their SaaS portfolio and empowering the organization’s streamlined business workfl…