Tuesday, August 3, 2021
The Register

Do you have a grip on the lifecycle security of your AWS-deployed applications?

Learn how to manage the risks of cloud native environments with Aqua and AWS Promo  There’s no doubt that adopting DevOps methodologies and CI/CD pipelines, and extending cloud native technologies like containerization can massively accelerate your application development and...
TechRepublic

Beef up security in Firefox with Fission

Jack Wallen shows you how to enable Fission. Firefox developers understand web browser security is at a premium, so they've rolled out a site isolation feature.
TechRepublic

Cybersecurity professionals: Positive reinforcement works wonders with users

The blame game is not working; experts suggest using positive reinforcement to improve employee attitude and performance.
SecurityWeek

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...

Awful transaction and timing: AT&T finally ditches DirecTV

Enlarge (credit: Getty Images | Ronald Martinez) AT&T has completed its spinoff of DirecTV after six years of mismanagement in which nearly 10 million customers ditched the company's pay-TV services. AT&T bought DirecTV for $49 billion ($67 billion including...
SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” read more
Google

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...
TechRepublic

DDoS attacks largely target the US and the computers and internet sectors

DDoS attacks are a nuisance to be sure, but they're also used in a variety of ways that make them a severe threat, says Atlas VPN.

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...

BazarCaller – the malware gang that talks you into infecting yourself

Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.

How American Law Lets Feds Spy On WhatsApp Without Needing To Say Why

Pen registers let governments keep tabs on who WhatsApp users are talking with, when and what IP addresses they’re using, and they don’t have to give judges a full explanation as to why. The same goes for surveillance on...
The Register

UK’s Ministry of Defence coughs up bug bounties for public-facing web pentesting

Small steps could lead to bigger strides The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed its websites for vulnerabilities, according to a cheery missive from HackerOne.…
Security Affairs

Cisco fixed Remote Code Execution issue in Firepower Device Manager On-Box software

Cisco addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that allows attackers to execute arbitrary code on vulnerable devices. Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software, tracked as CVE-2021-1518,...
TechRepublic

Olympic-themed passwords put people at risk

Beyond using "tokyo" and "olympics" as their passwords, people have been turning to names of athletes, such as "kenny," "williams," and "asher," says NordPass.
SecurityWeek

Finite State Raises $30 Million in Series B Funding

Connected device security provider Finite State on Monday announced that it has raised $30 million in Series B funding. To date, the company has raised $49.5 million. The funding round was led by Energize Ventures. Merlin Ventures and Schneider Electric...

How to go from stolen PC to network intrusion in 30 minutes

Enlarge (credit: Getty Images) Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using...
ZDNet

Raccoon stealer-as-a-service will now try to grab your cryptocurrency

The malware has been upgraded to target even more financial information.

France Cracked Down on Google’s Ad Tech. What’s Next?

The French Competition Agency has hit the company with $855 million in fines this year. The money is meaningless—but the changes could be profound.
Cisco

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper...
F5 Networks

systemd vulnerability CVE-2021-33910

systemd vulnerability CVE-2021-33910 Security Advisory Security Advisory Description basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive ...
F5 Networks

Linux kernel vulnerability CVE-2021-33909

Linux kernel vulnerability CVE-2021-33909 Security Advisory Security Advisory Description fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer ...
CERT

VU#405600: Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks

Overview Microsoft Windows Active Directory Certificate Services (AD CS) by default can be used as a...