Wednesday, April 21, 2021

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

Over the past few months, several cyberespionage groups, including one believed to be tied to the Chinese government, have been breaking into the networks of organizations from the United States and Europe by exploiting vulnerabilities in VPN appliances from...

21 best free security tools

As an infosec professional, you may be already familiar with decades-old network monitoring and security tools like Nmap, Wireshark or Snort, and password crackers like Ophcrack. Having these applications at your disposal has been an indispensable part of the...

How to write a cyberthreat report executives can really use

The CEO’s email landed in Maurice Stebila’s inbox around midnight, the message asking whether Stebila, the company’s CISO at the time, had heard about the latest news-making cyber event.“He had no idea we were already looking at this event,”...

BrandPost: Strong Security Comes in Small Packages

Larger organizations may have bigger cybersecurity budgets and IT teams, but those aren’t the only paths to building successful security programs. There’s evidence that security teams in small and midsize businesses (SMBs) are doing a better job in enabling...

Rethinking collaboration: 8 vendors offer new paths to remote work

With the need for efficient collaboration tools exploding in recent months, a variety of companies hope to refine how those tools work and what they can do. We look at eight now pushing the envelope.(Insider Story)

7 most common ways to fail at DevSecOps

Organizations adopt DevSecOps for a variety of reasons: to enable digital transformation projects, deliver value faster, gain a competitive advantage, lower the cost of security remediations, and more. Despite the rush to adoption, organizations sometimes fail with their DevSecOps...

FBI cleans web shells from hacked Exchange servers in rare active defense move

In a move that has been described as unprecedented, the FBI obtained a court order that allowed it to remove a backdoor program from hundreds of private Microsoft Exchange servers that were hacked through zero-day vulnerabilities earlier this year....

FBI cleans web shells from hacked Exchange servers in rare active defense move

In a move that has been described as unprecedented, the FBI obtained a court order that allowed it to remove a backdoor program from hundreds of private Microsoft Exchange servers that were hacked through zero-day vulnerabilities earlier this year....

US sanctions Russian government, security firms for SolarWinds breach, election interference

The Biden Administration announced a robust, coordinated series of punitive measures to confront Russia’s growing malign behavior, including its massive hack of SolarWind's software, attempts to interfere with the 2020 elections, and other destructive deeds against the US. The...

The CSO guide to top security conferences, 2021

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your...

BrandPost: Dirty Tricks: The Latest in Ransomware Tactics

Criminal ransomware techniques have evolved in the last few years and are now even harder to detect – and more damaging if they get through network defenses.One particular insidious type of new ransomware is from a gang known as...

BrandPost: The Top 3 Most Common Cloud Attacks and How to Avoid Them

The advantages of the cloud are clear, which is why so many enterprises are leveraging platforms like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) to facilitate web applications. Benefits like scalability, storage, and operational efficiencies...

The password hall of shame (and 10 tips for better password security)

Pop quiz: What has been the most popular — and therefore least secure — password every year since 2013? If you answered “password,” you’d be close. “Qwerty” is another contender for the dubious distinction, but the champion is the...

Top cybersecurity M&A deals for 2021

2021 is shaping up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity is driven by growth in sectors such as identity...

BrandPost: Remediate Insecure Configurations to Improve Cybersecurity

A data breach can result in catastrophic consequences for any organization. Ensuring that your IT environment is safe from cyber threats can be a real challenge.To keep intruders out of your networks and data, you need more than up-to-date...

Tips to improve domain password security in Active Directory

The concept of zero trust is that nothing should be trusted by default. Most of us are trying to work our way to zero trust but are not there yet. Until then, you can take steps to protect your...

BrandPost: Microsoft Exchange Server Security

The recent news of active exploitation of the Microsoft Exchange Server vulnerabilities has highlighted the importance of network visibility in securing critical server infrastructure. Microsoft quickly patched the vulnerability, but there remain two important points to note.First, the general...

BrandPost: Why Network Detection and Response Belongs in Your 2021 Strategy

2020 brought with it a series of changes with very little notice, and left even less time for planning. A year after a mass work-from-home migration, it has become clear that the changes seen in 2020 marked a turning...

BrandPost: What Is a Next-Generation Intrusion Detection System?

After an online panel discussion on upgrading intrusion detection systems (IDS) to next-generation IDS, an interested participant reached out through LinkedIn. He had a simple question: “So, what is the definition of next generation intrusion detection system (NG-IDS)?”I started to...

BrandPost: Fortinet Secure SD-WAN Provides Simplified Compliance for More Than 1,000 Retail Locations

For retailers, high-speed “always-on” network connectivity is key to the customer experience. Likewise, performance delays and an unreliable network infrastructure can also have significant impact on an organization’s revenue stream. Bottom line, many retailers are looking to address these challenges by...
The Hacker News

3 Zero-Day Exploits Hit SonicWall Enterprises Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary...
The Hacker News

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there...
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...