Tag: Spotlight

Europe, Global Security News, North America, Vulnerabilities

Using AI/ML to Secure the Hybrid Workforce

by Sue Poremba • July 1, 2022

First, workplaces went fully remote to keep business operations running during the COVID-19 pandemic. Now, as the pandemic is easing into endemic, organizations are asking their employees to return to their offices. Many workers are choosing a hybrid …

Google Launches Advanced API Security to Combat API Threats

by Nathan Eddy • June 30, 2022

Google launched a preview version of a service called Advanced API Security aimed at helping organizations combat growing threats targeting application programming interfaces (APIs). The goal of the service, built on the API management platform Apige…

Palo Alto Networks Expands Web App and API Security Options

by Michael Vizard • June 30, 2022

Palo Alto Networks has added an out-of-band option for securing web applications and application programming interfaces (APIs) to its Prisma Cloud service. In addition, Palo Alto Networks has added an agentless capability for extending Prisma Cloud to…

Cerby Emerges From Stealth to Transform Application Security

by Michael Vizard • June 28, 2022

Cerby this week emerged from stealth to unveil a security platform that allows end users to enroll their preferred applications rather than being limited to a set of applications that were pre-approved by an IT organization. Fresh from raising $12 mil…

Russian Hackers Declare War on Lithuania — Killnet DDoS Panic

by Richi Jennings • June 28, 2022

NATO member Lithuania is under attack from Russian hacking group Killnet. It raises serious concerns over Russia’s use of cyber warfare against NATO states.
The post Russian Hackers Declare War on Lithuania — Killnet DDoS Panic appeared first on Secur…

Using AI and ML to Fight Zero-Day Attacks

by Sue Poremba • June 28, 2022

If it felt like you were asked to download a lot of patches in May and June, it’s because there were a lot of patches in May and June. An increase in zero-day vulnerabilities and exploits led to an increase in attacks. In fact, Mandiant reported that …

Detection, isolation, and negotiation: Improving your ransomware preparedness and response

by Help Net Security • June 28, 2022

The risks presented by ransomware and cyber extortion events have likely found a place in your own security team’s discussions, and rightfully so. Ransomware attacks have proliferated in the last decade. The numbers are staggering if not overwhelming, …

ADPPA US Privacy Law: Coming Soon in Wake of Roe v. Wade Redo

by Richi Jennings • June 27, 2022

We could soon have a federal GDPR. But the American Data Privacy and Protection Act wasn’t the only privacy related issue on Capitol Hill last week.
The post ADPPA US Privacy Law: Coming Soon in Wake of Roe v. Wade Redo appeared first on Security Boul…

Hermit Previews Sophisticated Spyware To Come

by Teri Robinson • June 27, 2022

The appropriately named Hermit enterprise-grade Android surveillanceware currently used by the Kazakhstan government within its borders—and deployed to Italy and Syria—portends the sophistication of spyware to come. “The Hermit app that initially is i…

House Passes ICS Cybersecurity Training Act

by Christopher Burgess • June 27, 2022

In a predominantly bipartisan vote, the Industrial Control Systems Cybersecurity Training Act was passed by the House of Representatives on the evening of June 21, 2022. The bill, sponsored by Representative Eric Swalwell (D-CA) establishes within the…

NSA Wants To Help you Lock Down MS Windows in PowerShell

by Richi Jennings • June 24, 2022

A new cheatsheet from four infosec agencies tells us how to use PowerShell for good, rather than let scrotes misuse it to “live off the land.”
The post NSA Wants To Help you Lock Down MS Windows in PowerShell appeared first on Security Boulevard.

Cybercriminals Hit Travel and Hospitality – Hard

by Teri Robinson • June 24, 2022

As if travel and travel-related activities aren’t fraught enough after the onset of the COVID-19 pandemic, cybercriminals have added an extra layer of turmoil, promoting scams to take advantage of people ready to spread their wings and travel after ye…

NIST Sets SSE Framework in Final SP 800-160 Guidance

by Nathan Eddy • June 24, 2022

The National Institute of Standards and Technology (NIST) published a final version of updated standards for systems security engineering (SSE) with significant content and design changes, including a renewed emphasis on the importance of systems engi…

Machine Learning Tackles Ransomware Attacks

by Sue Poremba • June 22, 2022

There are approximately 250 known ransomware families, and these families are directly related to the rise of ransomware-as-a-service, according to Bitdefender. “Ransomware infection is just the final step; these modern attacks take some time to prepa…

Webinar: What’s trending in email security?

by Help Net Security • June 21, 2022

77% of security leaders agree that their company must increase protection for messages and documents sent via email (Forrester). What market shifts are impacting security strategies and data breaches? How are companies building customer trust and makin…

Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’

by Richi Jennings • June 21, 2022

Capital One hacker Paige A. Thompson has been found guilty. But it has to be said that Capital One’s security design was absolutely awful.
The post Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’ appeared first on S…

TechStrong Con: Diversity Key to Solving Cybersecurity Talent Shortage

by Michael Vizard • June 21, 2022

The only way to address the cybersecurity talent shortage is to further invest in diversity, equity and inclusion. DEI can provide the added benefit of bringing a wide range of perspectives to bear in solving complex cybersecurity challenges. A “Why D…

Digital Value Chain Attacks on the Rise

by Nathan Eddy • June 21, 2022

Cybercriminals are moving to exploit vulnerabilities in the digital value chain as organizations fight to secure a rapidly expanding threat surface. These were among the findings of a report from Micro Focus subsidiary CyberRes. The study revealed No…

Uvalde Shooting Investigation Reveals Major Privacy Violation

by Mark Rasch • June 20, 2022

In Carpenter v. United States, the Supreme Court noted that, in order for law enforcement officials to obtain location data for cell phones, they needed to have a warrant signed by a neutral and detached magistrate, establish probable cause to believe…

Episode 239: Power shifts from Russia to China in the Cyber Underground

by Paul Roberts • June 20, 2022

Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixGill talks to host Paul Roberts about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities.
The post Epis…

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

by Richi Jennings • June 17, 2022

A study shows many U.S. hospitals are leaking personal information to Facebook. Experts say it’s a HIPAA violation.
The post HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook appeared first on Security Boulevard.

Surfshark Finds US is the Most-Breached Country

by Natan Solomon • June 17, 2022

A recent study by cybersecurity company Surfshark showed that the U.S. is the most breached country—and has been since 2004, among other alarming findings. With cybersecurity threats on the rise, Surfshark’s latest project is the first-ever tool that…

Survey: Maintaining Cybersecurity Balance is a Challenge

by Michael Vizard • June 17, 2022

A survey of 1,007 IT decision-makers at small-to-medium enterprises (SMEs) found two-thirds of respondents (66%) conceded that adding security measures resulted in more cumbersome user experiences. The survey polled SMEs in the U.S. and United Kingdom…

Radware Survey Reveals API Security Weaknesses

by Michael Vizard • June 16, 2022

A survey published today suggests there is a disconnect between the perceived and actual level of security being applied to application programming interfaces (APIs). The survey polled 203 IT professionals in Europe, Asia and North America from organi…

Koverse Unveils Zero-Trust Platform for Managing Data

by Michael Vizard • June 15, 2022

Koverse, Inc., a unit of SAIC, has updated its software-as-a-service (SaaS) platform this week to provide customers with a zero-trust approach to managing data. Version 4.0 of the Koverse Data Platform (KDP) adds a set of granular controls that limit …

BlackBerry Set to Unfurl Zero-Trust Network Access Service

by Michael Vizard • June 15, 2022

BlackBerry Ltd. next month will make available a zero-trust network access-as-service offering based on a gateway it hosts on its cloud platform. Alex Willis, vice president of global sales engineering and independent software vendors (ISVs), said the…

Noname Security Expands API Security Platform

by Michael Vizard • June 14, 2022

Noname Security has updated its platform for securing application programming interfaces (APIs) to make it possible to discover them in seconds and then automatically remediate vulnerabilities when discovered. In addition, Noname API Security Platform…

JFrog Discloses Config Vulnerability in Envoy Proxy Software

by Michael Vizard • June 14, 2022

A security research team at JFrog, a provider of a continuous integration/continuous delivery (CI/CD) platform, has discovered a vulnerability in certain compression configurations of open source Envoy proxy software that can be used by a distributed …

Workforce Shortage Affecting Cybersecurity Posture

by Nathan Eddy • June 14, 2022

The shortage of IT security professionals is negatively affecting organizations as they struggle to keep assets safe in an era of rising threats and increasing IT complexity. These were the results of global survey of 1,000 cybersecurity professional…

(IN)SECURE Magazine: RSAC 2022 special issue released

by Help Net Security • June 14, 2022

RSA Conference concluded its 31st annual event at the Moscone Center in San Francisco on Friday, June 10. Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and…

Apple M1 Flaw Can’t be Fixed — PACMAN Panic

by Richi Jennings • June 13, 2022

Apple’s M1 chip isn’t as safe from buffer overflows as previously thought. M1 and other designs based on ARMv8.3 can have their ‘PAC’ protection neutered.
The post Apple M1 Flaw Can’t be Fixed — PACMAN Panic appeared first on Security Boulevard.
…

Expel Report Surfaces High Percentage of BEC Attacks

by Michael Vizard • June 13, 2022

A report from managed security operations center (SOC) provider Expel found a spike in business email compromise (BEC) attacks involving Microsoft Office 365 (O365) in the first quarter of 2022. Well over half of the security incidents tracked by Expe…

Authorities Arrest ‘Prominent’ Nigerian BEC Threat Actor

by Teri Robinson • June 13, 2022

No doubt remote work has tilled fertile ground for miscreants bent on executing business email compromise (BEC) scams, which is why it’s good news that authorities have one operator—from Nigeria—in custody. As part of a joint initiative called Operati…

Tesla Fails Yet Again: Hackers can Steal Cars via NFC

by Richi Jennings • June 10, 2022

Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Two separate research groups found this new bug at around the same time.
The post Tesla Fails Yet Again: Hackers can Steal Cars via NFC appeared first on Security Bouleva…

Radware Finds New Era of DDoS Attacks Dawning

by Michael Vizard • June 10, 2022

A report published by Radware this week indicated the number of malicious distributed denial-of-service (DDoS) attacks rose nearly 75% in the first quarter of 2022. The increase is mainly due to an increase in so-called “micro floods” that are classif…

Arctic Wolf Aims to Accelerate Cyberinsurance Assessments

by Michael Vizard • June 10, 2022

Arctic Wolf is making available a tailored benchmark framework for vulnerability and insurability assessments to help cyberinsurers speed up evaluations and quickly determine whether organizations qualify for cyberinsurance. The number of organization…

Automox Allies With Rapid7 to Automate Patch Management

by Michael Vizard • June 9, 2022

Automox this week at the RSAC 2022 event launched an automated vulnerability identification and remediation platform in collaboration with Rapid7, a provider of a cloud platform for assessing the severity of vulnerabilities. Paul Zimski, vice presiden…

Checkmarx Adds Vulnerability Correlation Engine to AppSec Portfolio

by Michael Vizard • June 9, 2022

At the RSAC 2022 conference, Checkmarx this week announced it has added a correlation engine to its application security portfolio that delivers the results of multiple static code and runtime scans in a single graph. Razi Sharir, chief product office…

DoJ, FBI, IRS Make Empty Boast: SSNDOB ‘Seized’

by Richi Jennings • June 9, 2022

Feds are gloating over their “seizure” of the notorious SSNDOB marketplace, which traded in stolen personal information. But the action seems too little, too late.
The post DoJ, FBI, IRS Make Empty Boast: SSNDOB ‘Seized’ appeared first on Security Bou…

Ransomware Actors, Access Brokers Form Lucrative Relationships

by Nathan Eddy • June 9, 2022

When ransomware crews need access to launch their attacks, they reach out to initial access merchants—malicious actors who offer to sell compromised network access to cybercriminals. As key enablers in the financially motivated cybercriminal undergr…

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.