Tag: Endpoint

Europe, Global Security News, North America, Vulnerabilities

Using AI/ML to Secure the Hybrid Workforce

by Sue Poremba • July 1, 2022

First, workplaces went fully remote to keep business operations running during the COVID-19 pandemic. Now, as the pandemic is easing into endemic, organizations are asking their employees to return to their offices. Many workers are choosing a hybrid …

Cerby Emerges From Stealth to Transform Application Security

by Michael Vizard • June 28, 2022

Cerby this week emerged from stealth to unveil a security platform that allows end users to enroll their preferred applications rather than being limited to a set of applications that were pre-approved by an IT organization. Fresh from raising $12 mil…

Russian Hackers Declare War on Lithuania — Killnet DDoS Panic

by Richi Jennings • June 28, 2022

NATO member Lithuania is under attack from Russian hacking group Killnet. It raises serious concerns over Russia’s use of cyber warfare against NATO states.
The post Russian Hackers Declare War on Lithuania — Killnet DDoS Panic appeared first on Secur…

Using AI and ML to Fight Zero-Day Attacks

by Sue Poremba • June 28, 2022

If it felt like you were asked to download a lot of patches in May and June, it’s because there were a lot of patches in May and June. An increase in zero-day vulnerabilities and exploits led to an increase in attacks. In fact, Mandiant reported that …

Hermit Previews Sophisticated Spyware To Come

by Teri Robinson • June 27, 2022

The appropriately named Hermit enterprise-grade Android surveillanceware currently used by the Kazakhstan government within its borders—and deployed to Italy and Syria—portends the sophistication of spyware to come. “The Hermit app that initially is i…

NSA Wants To Help you Lock Down MS Windows in PowerShell

by Richi Jennings • June 24, 2022

A new cheatsheet from four infosec agencies tells us how to use PowerShell for good, rather than let scrotes misuse it to “live off the land.”
The post NSA Wants To Help you Lock Down MS Windows in PowerShell appeared first on Security Boulevard.

Machine Learning Tackles Ransomware Attacks

by Sue Poremba • June 22, 2022

There are approximately 250 known ransomware families, and these families are directly related to the rise of ransomware-as-a-service, according to Bitdefender. “Ransomware infection is just the final step; these modern attacks take some time to prepa…

5 Tips to Thwart Business Email Compromise (BEC) Attacks

by Oliver Noble • June 21, 2022

There’s been an astounding 84% increase in business email compromise (BEC) attacks, according to the latest NordLocker Email Threat Report, which compared half-yearly statistics. The news should be particularly alarming to organizations that use email…

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

by Richi Jennings • June 17, 2022

A study shows many U.S. hospitals are leaking personal information to Facebook. Experts say it’s a HIPAA violation.
The post HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook appeared first on Security Boulevard.

We Need Zero-Trust for Private Cellular Networks

by Liron Ben-Horin • June 17, 2022

For years, there were IP networks and public cellular networks. Each had its own functions, goals and purpose, and never did the ‘twain meet. But with the growth of private LTE and 5G networks, cellular technology now serves the same purposes that IP …

Surfshark Finds US is the Most-Breached Country

by Natan Solomon • June 17, 2022

A recent study by cybersecurity company Surfshark showed that the U.S. is the most breached country—and has been since 2004, among other alarming findings. With cybersecurity threats on the rise, Surfshark’s latest project is the first-ever tool that…

Survey: Maintaining Cybersecurity Balance is a Challenge

by Michael Vizard • June 17, 2022

A survey of 1,007 IT decision-makers at small-to-medium enterprises (SMEs) found two-thirds of respondents (66%) conceded that adding security measures resulted in more cumbersome user experiences. The survey polled SMEs in the U.S. and United Kingdom…

Radware Survey Reveals API Security Weaknesses

by Michael Vizard • June 16, 2022

A survey published today suggests there is a disconnect between the perceived and actual level of security being applied to application programming interfaces (APIs). The survey polled 203 IT professionals in Europe, Asia and North America from organi…

4 Cloud Application Security Best Practices

by Gilad David Maayan • June 16, 2022

In today’s digital-first landscape, more and more organizations move their workloads to the cloud. However, many do not realize that cloud environments come with a certain set of unique security threats. In this article, you will learn about top clou…

BlackBerry Set to Unfurl Zero-Trust Network Access Service

by Michael Vizard • June 15, 2022

BlackBerry Ltd. next month will make available a zero-trust network access-as-service offering based on a gateway it hosts on its cloud platform. Alex Willis, vice president of global sales engineering and independent software vendors (ISVs), said the…

Noname Security Expands API Security Platform

by Michael Vizard • June 14, 2022

Noname Security has updated its platform for securing application programming interfaces (APIs) to make it possible to discover them in seconds and then automatically remediate vulnerabilities when discovered. In addition, Noname API Security Platform…

Apple M1 Flaw Can’t be Fixed — PACMAN Panic

by Richi Jennings • June 13, 2022

Apple’s M1 chip isn’t as safe from buffer overflows as previously thought. M1 and other designs based on ARMv8.3 can have their ‘PAC’ protection neutered.
The post Apple M1 Flaw Can’t be Fixed — PACMAN Panic appeared first on Security Boulevard.
…

Authorities Arrest ‘Prominent’ Nigerian BEC Threat Actor

by Teri Robinson • June 13, 2022

No doubt remote work has tilled fertile ground for miscreants bent on executing business email compromise (BEC) scams, which is why it’s good news that authorities have one operator—from Nigeria—in custody. As part of a joint initiative called Operati…

Radware Finds New Era of DDoS Attacks Dawning

by Michael Vizard • June 10, 2022

A report published by Radware this week indicated the number of malicious distributed denial-of-service (DDoS) attacks rose nearly 75% in the first quarter of 2022. The increase is mainly due to an increase in so-called “micro floods” that are classif…

Palo Alto Networks Sees Rise in Ransomware Payments

by Michael Vizard • June 8, 2022

Palo Alto Networks this week disclosed that, in cases worked by its Unit 42 incident response team, the average ransomware payment rose to $925,162 during the first five months of 2022. That average was pushed higher by two multi-million dollar paymen…

CrowdStrike Adds Automated Asset Discovery to Cloud Platform

by Michael Vizard • June 7, 2022

At the RSAC 2022 event this week, CrowdStrike unveiled CrowdStrike Asset Graph, a new graph database it has added to its cloud security services portfolio. In addition, the company introduced a Humio for Falcon service that extends the amount of time …

IBM to Acquire Randori to Provide More Cybersecurity Visibility

by Michael Vizard • June 7, 2022

At the RSAC 2022 event this week, IBM revealed that it plans to acquire Randori, a provider of an attack surface asset analysis tool. Chris Meenan, vice president of product management for IBM Security, said Randori employs graph software to visually …

Microsoft Suggests Work-Around For ‘Serious’ Follina Zero-Day

by Teri Robinson • June 7, 2022

While malicious email attachments are nothing new, there’s reason to be particularly cautious when it comes to the new zero-day vulnerability, dubbed Follina, found in Microsoft Word, for which the tech giant almost immediately issued a workaround. Th…

Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS

by Richi Jennings • June 6, 2022

A nasty zero-click, zero-day RCE bug remains unpatched in Windows. Dubbed “Follina,” Microsoft’s done diddly-squat about it.
The post Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS appeared first on Security Boulevard.

Emotet Proved Too Effective for Threat Actors to Abandon

by Teri Robinson • June 3, 2022

Old malware—even strains that have been taken down by law enforcement—never die. Nor do they just fade away; instead, they disappear for a while, regroup and re-emerge. This is exactly what the self-propagating and modular loader Emotet has done, and …

Cybersecurity Mesh: What It Is and Why You Need It

by Ashley Guerra • May 31, 2022

The nature of a trend is that it is developing consistently enough to catch the attention of the general public or a specific audience. Well, for better or for worse, cybersecurity professionals, experts and analysts are noticing troubling trends in m…

Shodan: Still the Scariest Search Engine on the Internet?

by Ran Levy • May 31, 2022

In April of 2013, CNN introduced the world to Shodan, a search engine for internet-connected devices, by publishing an article titled, Shodan: The scariest search engine on the Internet. CNN described how Shodan was used to find vulnerabilities: “&#82…

Digital Driver’s License Fails Spectacularly — ‘Laughably Easy’ to Forge

by Richi Jennings • May 26, 2022

Is your state implementing a digital driver’s license? You’d better hope it does better than the Australian state of New South Wales.
The post Digital Driver’s License Fails Spectacularly — ‘Laughably Easy’ to Forge appeared first on Security Boulevar…

10 Reasons Why Email Protection is Critical in 2022

by Annie Keller • May 25, 2022

We all use email all day long. No matter what industry you’re in or where you are working around the globe, you’re more than likely using email to communicate, work and socialize. Most of us check our email multiple times a day – the average is eleven …

Rajiv Kulkarni Talks about the Malware Analysis Pipeline

by Tony Bradley • May 25, 2022

TechSpective Podcast Episode 089 There is no such thing as perfect or invulnerable cybersecurity. The goal of cybersecurity is to raise the bar or cost of entry to make it as challenging as possible for threat actors, and to detect and identify new thr…

Get API Protection Best Practices With “The Definitive Guide to API Attack Protection”

by Suzanne Ciccone • May 25, 2022

In recent months, we’ve been fielding a lot of questions about API security from our prospects and customers. We know it’s top of mind for many security professionals today, and it’s why we were thrilled to help play a role in creating The Definitive G…

Forging Australian Driver’s Licenses

by Bruce Schneier • May 23, 2022

The New South Wales digital driver’s license has multiple implementation flaws that allow for easy forgeries.

This file is encrypted using AES-256-CBC encryption combined with Base64 encoding.
A 4-digit application PIN (which gets set during the initi…

The True Danger for Organizations: Unpatched Vulnerabilities

by Aaron Sandeen • May 20, 2022

It is no secret that 2021 saw an increase in cyberattacks all around the globe; specifically in critical infrastructure organizations. In October of that year, The U.S. Cybersecurity and Infrastructure Security Agency issued Alert AA21-287 in response…

‘Incompetent’ Tesla Lets Hackers Steal Cars — via Bluetooth

by Richi Jennings • May 19, 2022

Tesla cars can be unlocked and stolen via a simple relay attack. The company shrugged and said it’s “a known limitation.”
The post ‘Incompetent’ Tesla Lets Hackers Steal Cars — via Bluetooth appeared first on Security Boulevard.

A Guide to GDPR Encryption

by Editor • May 12, 2022

Learn about GDPR Encryption which is a method used for encoding data in such a way that it can only be accessed by authorised users.
The post A Guide to GDPR Encryption appeared first on Cyphere | Securing Your Cyber Sphere.
The post A Guide to GD…

Palo Alto Networks Makes the Case for ZTNA 2.0

by Michael Vizard • May 11, 2022

Palo Alto Networks today launched a zero-trust network architecture (ZTNA) 2.0 initiative defined by an ability to apply more granular controls to remote access. Kumar Ramachandran, senior vice president of product at Palo Alto Networks, said the firs…

Mobile Devices As Attack Vector for Ransomware

by Sue Poremba • May 11, 2022

The amount of damage that can be done by a ransomware attack against a network is well known. We’ve seen the stories about hospitals, universities, and governments taken offline and the threats made to organizational and consumer information. The focu…

TLStorm 2.0 Flaws Leave Aruba, Avaya Switches Vulnerable

by Teri Robinson • May 9, 2022

A handful of vulnerabilities in the implementation of TLS communications in Aruba and Avaya switches extend TLStorm flaws first discovered in March to millions of enterprise-grade network infrastructure devices. By exploiting these latest five vulnera…

Putin’s ‘Victory Parade’ TV Show Hacked: ‘Blood on Your Hands’

by Richi Jennings • May 9, 2022

Ukrainian hackers and their friends continue to pummel Russian computers. “Hundreds of millions of documents” are being leaked. And today, Putin’s famous Victory Parade has been marred by hackers.
The post Putin’s ‘Victory Parade’ TV Show Hacked: ‘Blo…

5 Top IoT Security Challenges and Solutions

by Gilad David Maayan • May 9, 2022

The internet of things (IoT) is growing exponentially, with as many as 25 billion devices expected to be deployed by 2030. IoT technology has many benefits for consumers, corporations and, in particular, the manufacturing, health care and transportati…

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.