Thursday, October 1, 2020

Microsoft on Apple in the enterprise

When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At JNUC2020 event I (virtually) spoke with Microsoft’s Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson,...

FBI, CISA Say DDoS Attacks Won’t Prevent Voting

While they might hinder access to information, distributed denial-of-service (DDoS) attacks against election infrastructure won’t prevent voting, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert issued this week. read more

How organizations can reduce their reliance on passwords

Passwordless authentication can be an effective option, though introducing such a method poses its own challenges, says LastPass.

#DTXNOW: Time to Remove Security from IT

#DTXNOW: Time to Remove Security from IT Speaking on a session titled “Is top level security possible on a shoestring budget?” as part of Digital Transformation Expo, security specialists were asked by moderator Jeremy White what their top tips were...

HP Offering Big Rewards for Cartridge Vulnerabilities

HP announced on Thursday that it has expanded its bug bounty program, inviting several white hat hackers to find vulnerabilities in its office-class ink and toner cartridges. read more
SC Magazine

Phishing pages leverage CAPTCHAs to fool users, evade detection

Cyberattackers targeting the hospitality industry were recently observed using a phishing page that featured CAPTCHA technology as a way to elude detection, as well as to give potential victims a false sense of security that the malicious site was...

#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams

#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams IT and security teams must learn how to navigate to uncertain environments in order to build lasting resilience, according to Jordan Schroeder, deputy MD & managing CISO at Hefestis, speaking...

InterPlanetary Storm: Cross-platform P2P botnet infects computers and IoT devices

IoT botnets have come a long way since Mirai showed its devastating potential in 2016 with distributed denial-of-server attacks that exceeded in strength anything seen before then. Myriad malware programs now infect poorly secured or vulnerable routers, IP cameras,...

Cisco researchers explain how disinformation tactics use your emotions to spread lies about the election

Before you share an "is this true?" post on social media, ask these questions to figure out if the post is designed to engage your emotions or your brain.
The Register

Huawei’s UK code reviewers say the company is still crap at basic software security

Last year telcos scrambled to plug 'critical user-facing vuln' in Chinese network kit security researchers examining Huawei source code have so far verified just eight firmware binaries out of more than 60 used across Britain's mobile phone networks,...

With API attacks rising, Cloudflare launches a free API security tool

Claudflare launches API Shield, a new service to protect web APIs against attacks.

Cybersecurity Awareness Month: Train employees to be first line of defense

This October looks quite different from previous years, as IT oversees staff who are no longer centrally located, creating a larger attack surface for bad actors. Awareness is key, experts say.
IBM Security

Integrating Security Awareness Training Into Employee Onboarding

Training your team on security awareness is an essential part of a successful security program. And, new employee onboarding is an optimal time to introduce your staff to your security best practices. This is in large part due to the...

Imperva acquires database security startup jSonar

jSonar secured a $50 million investment from Goldman Sachs only a few months ago.
Graham Cluley

What to do first when your company suffers a ransomware attack

For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals. There’s no magic...

New RiskLens Solution Helps Organizations Optimize Cybersecurity Spending

Cyber risk management solutions provider RiskLens on Thursday announced a new capability designed to help organizations improve investment and budget decisions. read more

When Coffee Machines Demand Ransom, You Know IoT Is Screwed

A researcher reverse engineered an internet-connected coffee maker to see what kinds of hacks he could do with it. The answer: quite a lot.

Russian Gets 7 Years in Prison for Linkedin, Dropbox & Formspring Hacks

A Russian man received a seven-year prison sentence for having hacked into computers belonging to LinkedIn, Dropbox and Formspring. On September 30, Honorable William H. Alsup, U.S. District Judge for the Northern District of California, sentenced Yevgeniy Alexandrovich Nikulin,...
Bruce Schneier

Detecting Deep Fakes with a Heartbeat

Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face: In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these...

Anthem to Pay Nearly $40M Settlement Over 2015 Cyberattack

Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people. read more

October is National Cybersecurity Awareness Month

Original release date: October 1, 2020October is National Cybersecurity Awareness Month (NCSAM), which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners—including the National Cyber Security Alliance—to ensure every American...

Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON)...

Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see...

Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability

A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.  The vulnerability is due to insufficient input validation. An...
F5 Networks

Intel CPU SRBDS side-channel vulnerability CVE-2020-0543

Intel CPU SRBDS side-channel vulnerability CVE-2020-0543 Security Advisory Security Advisory Description Incomplete cleanup from specific special register read operations in some Intel(R) ...