Thursday, May 19, 2022

CISA issues emergency warning over two new VMware vulnerabilities

The U.S. Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive over two new vulnerabilities in VMware products. According to the advisory, threat actors are likely to exploit CVE-2022-22972 and CVE-2022-22973 in several products including VMware Workspace ONE...

Two account compromise flaws fixed in Strapi headless CMS

Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised.According to...

QuSecure launches end-to-end post-quantum cybersecurity solution

Post-quantum cryptography company QuSecure has announced its debut with the launch of a new post-quantum cybersecurity solution, QuSecure Nucleus. The firm claimed that Nucleus is the industry’s first end-to-end quantum software-based platform designed to protect encrypted communications and data...

How to choose a certificate management tool

Many years ago, Madonna sang about sharing her secrets with us. While the IT version may not be as entertaining as what was discussed in that song, there are still important reasons to understand your corporate encryption secrets and...

Uber CISO's trial underscores the importance of truth, transparency, and trust

Truth, transparency and trust are the three T’s that all CISOs and CSOs should embrace as they march through their daily grind of keeping their enterprise and the data safe and secure. Failure to adhere to the three T’s...

WannaCry 5 years on: Still a top threat

Who doesn’t love an anniversary and the opportunity to reminisce about “where we were” when an historical event happened? Such is the case over the last several days when it comes to remembering WannaCry, the ransomware that infected thousands...

Deepfence Cloud builds on ThreatStryker security observability platform

Deepfence, a security observability and protection company, has launched Deepfence Cloud, a fully managed, cloud-native security SaaS observability system built on the company's on-premises ThreatStryker software.Deepfence Cloud, unveiled at the KubeCon + CloudNativeCon Europe 2022 event this week, is...

How SAML works and enables single sign-on

What is SAML and what is it used for? The Security Assertion Markup Language (SAML) is an open standard that allows security credentials to be shared by multiple computers across a network. It describes a framework that allows one computer...

BrandPost: How a Culture of Learning Can Help Close the Cybersecurity Skills Gap

While the past two years have seen a decrease in the skills gap, dropping from 3.12 million cybersecurity professionals needed to 2.72 million according to a 2021 (ISC)² Cybersecurity Workforce Study, there is still a significant number of positions...

NanoLock’s zero-trust cybersecurity suite to protect industrial machinery, production lines

NanoLock has announced the launch of a new suite of zero-trust cybersecurity solutions for the industrial and manufacturing market. In a press release, the firm claimed to be the first to offer device-level protection solutions designed specifically for legacy...

Open-source standard aims to unify incompatible cloud identity systems

A new open-source project aims to unify incompatible cloud identity systems such as Azure, AWS and Google, giving users the ability to apply consistent identity and access policies across multi-cloud platforms. Announced by identity orchestration firm Strata Identity, the...

BrandPost: The Evolving Role of the Firewall in a Hybrid Workplace

The workplace is indelibly changing, according to the latest data from Gallup . Organizations expect that moving forward only 23% of their employees will be fully on-site, 24% will be exclusively remote, and 53% will split their time between...

Top Linux endpoint protection software

I've been running the Linux desktop since the great desktop debate was between C Shell and Bash. I've never felt a need for a Linux antivirus program. But, that's not to say that I thought I could get away...

What Microsoft Defender can tell you about your network

Endpoint detection and response (EDR) is typically not something that smaller firms have. Defender for Business makes it easier to deploy EDR in a reasonable fashion and in an affordable package. At $3 per user per month, it takes...

Keyloggers explained: How attackers record computer inputs

What is a keylogger? A keylogger is a tool that can record and report on a computer user's activity as they interact with a computer. The name is a short version of keystroke logger, and one of the main ways...

BrandPost: Future- Proofing Cloud Security: 5 Things Every CISO Needs to Know

Digital transformation has pushed organizations to adopt a hybrid IT approach and created a mix of on-premises and cloud infrastructure that must be supported and protected.Unfortunately, while hybrid IT holds significant promise for businesses when it comes to creating...

Google to launch repository service with security-tested versions of open-source software packages

Developers across the enterprise space are concerned about the security of the open-source software supply chain which they heavily depend on for their application development. In response, Google plans to make its own security-hardened internal open-source component repository available...

BrandPost: DDos Extortion Takes VoIP Providers Offline

Threat actors are continually innovating and rethinking their attack patterns – as well as who they target with attacks. This is clearly seen in their targeting of  Voice over Internet Protocol (VoIP) providers, as highlighted in NETSCOUT’s 2H 2021 Threat...

Rezilion launches Dynamic SBOM for software supply chain devsecops

Aiming to help organizations manage security across the software development life cycle (SDLC), devsecops platform developer Rezilion is launching Dynamic SBOM (software bill of materials), an application designed to plug into an organization's software environment to examine how multiple...

MITRE ATT@CK v11 adds ICS matrix, sub-techniques for mobile threats

The MITRE Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) Framework has become a mainstay of the cybersecurity industry. The framework represents relevant adversary behavior, and organizations can leverage it to bolster their cybersecurity defenses and improve their ability to...

Spyware Vendors Target Android With Zero-Day Exploits

New research from Google's Threat Analysis Group outlines the risks Android users face from the surveillance-for-hire industry.
The Hacker News

New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars

A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE),...
SecurityWeek

Phishers Add Chatbot to the Phishing Lure

Researchers have discovered a new approach being taken by phishers to increase victim engagement and confidence: the addition of an interactive chatbot. We have all become accustomed to the chatbots used by many of the largest service providers –...
SecurityWeek

QuSecure Lauches Quantum-Resilient Encryption Platform

New firm launches to provide the Easy Button for implementing quantum secure encryption The pressure to implement quantum secure encryption is increasing. This isn’t because functioning quantum computers able to crack asymmetric encryption are expected tomorrow, but because of the...
The Register

Iran, China-linked gangs join Putin’s disinformation war online

They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives...