Saturday, January 16, 2021

NSA Appoint Rob Joyce as Cyber Director

Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA's top representative in the UK.

NSA Appoints Rob Joyce as Cyber Director

Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA's top representative in the UK.

Successful Malware Incidents Rise as Attackers Shift Tactics

As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.

How to Achieve Collaboration Tool Compliance

Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.

Name That Toon: One Last Thought

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses

A new machine learning tool aims to mine privacy policies on behalf of users.

'Chimera' Threat Group Abuses Microsoft & Google Cloud Services

Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.

Businesses Struggle with Cloud Availability as Attackers Take Aim

Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.

NSA Recommends Using Only 'Designated' DNS Resolvers

Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.

Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?

It's a question that continues to engage debate, as the majority of new physical security devices being installed are now connected to a network. While this offers myriad benefits, it also raises the question: Who is responsible for their...

Vulnerability Management Has a Data Problem

Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.

SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns

Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.

Huntress Acquires EDR Technology From Level Effect

Huntress seeks to improve its detection and response capabilities with a more comprehensive view of endpoint security.

Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation

Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.

Understanding TCP/IP Stack Vulnerabilities in the IoT

Internet of Things devices are highly susceptible to attacks, breaches, and flaws emanating from issues within the TCP/IP network communications architecture. Here's an overview of what you need to know to mitigate risks.

The Data-Centric Path to Zero Trust

Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.

More SolarWinds Attack Details Emerge

A third piece of malware is uncovered, but there's still plenty of unknowns about the epic attacks purportedly out of Russia.

United Nations Security Flaw Exposed 100K Staff Records

Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.

Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021

Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
ZDNet

Iconic BugTraq security mailing list shuts down after 27 years

BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.

Weekly Update 226

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
SC Magazine

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise. “Several...
ZDNet

Joker's Stash, the internet's largest carding forum, is shutting down

Joker's Stash to shut down on February 15, 2021.
SC Magazine

Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles

President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical...