Operation North Star attackers appear to be Hidden Cobra
A phishing lure disguised as a legitimate inquiry by a recruiter for a new job opportunity inserts a malicious template into an attached Word document, which then gathers intelligence on the target, usually a highly-skilled technology worker in the...
Defense and aerospace workforce targeted in latest phishing scheme
A phishing lure disguised as a legitimate inquiry by a recruiter for a new job opportunity inserts a malicious template into an attached Word document, which then gathers intelligence on the target, usually a highly-skilled technology worker in the...
Pandemic accelerating security at financial institutions
Prior to the pandemic, financial institutions spent an average $2,700 on cybersecurity per full-time employee, up from $2,300 the previous year ), with COVID-19 now driving the need for companies to doubledown on cybersecurity going forward, according to a...
Emerging Products: Breach and attack simulation technologies
SC Labs takes a look at 7 leading breach and attack products that deliver detailed metrics on a company’s security performance. (Source: XM Cyber) Manual security testing can’t keep pace with the threat landscape. Penetration testing takes time...
Feds arrest teen Twitter hack leader, accomplices
The ringleader of the Twitter breach that used prominent accounts to run a cryptocurrency scam turns out to be a 17-year-old in Tampa arrested earlier today.
Two accomplices, Nima Fazeli, 22, of Orlando and Mason Sheppard, 19, in the U.K.,...
Spotlight on CMS security after fake news actors compromise media websites
Social media companies have started to become more efficient at recognizing and taking down fake accounts designed to spread fake news and propaganda. But operators of traditional media websites and other digital platforms that regularly publish vital news information...
Adobe mends critical code execution flaws in Magento
Adobe this week released a security update fixing four vulnerabilities – two critical – in its Magento Commerce 2 and Magento Open Source 2 e-commerce platforms.
The two most significant bugs are identified as a path traversal flaw (CVE-2020-9689) and a Security Mitigation bypass (CVE-2020-9692), both of...
XM Cyber 1.35
XM Cyber’s dashboard offers flexible assessments with an unlimited number of scenarios and configurations, displays results with actionable, at-a-glance information, reveals changes in security ratings and highlights at-risk assets. (Source: XM Cyber) Vendor: XM Cyber
Price: $95,000
Contact: www.xmcyber.com
Quick Read
What it...
Spirent Communications CyberFlood Data Breach Assessment v2.02
Spirent CyberFlood Data Breach Assessment offers multiple views of an environment, letting security pros toggle between them to access different vantage points between frameworks. (Spirent Communications, plc.)Vendor: Spirent Communications, plc.
Price: $45,000
Contact: www.spirent.com
Quick Read
What it does: Spirent CyberFlood Data Breach...
Sophos Phish Threat
The main Sophos Phish Threat dashboard shows many useful statistics regarding active campaigns, such as the ratio of end users who have fallen for phishing emails as compared with those who have reported them. (Source: Sophos) Vendor: Sophos
Price: $4...
SafeBreach Platform
The MITRE ATT&CK heat map in the SafeBreach Platform lets security pros make deep dives into an environment’s strengths and weaknesses (Source: SafeBreach)Vendor: SafeBreach
Price: N/A – Based on the size of deployment
Contact: www.safebreach.com
Quick Read
What it does: SafeBreach Platform automatically...
Twitter hackers duped employees with phone spear phishing scam
Hackers who briefly commandeered high-profile Twitter accounts to perpetuate a cryptocurrency scam used a phone spear phishing attack to get into to the social media platform’s internal network as well as to “specific employee credentials” to access internal support...
The Picus Security Validation Platform 3113
Vendor: Picus Security
Price: $10,000
Contact: www.picussecurity.com
Quick Read
What it does: The Picus Security Validation Platform takes a threat-centric approach to cyber resilience and offers continuous security validation that assists teams in identifying potential breach gaps and executing real-time and retrospective analysis...
Cymulate Breach and Attack Simulation Platform 3.30.16
Vendor: Cymulate
Price: $40,000
Contact: www.cymulate.com
Quick Read
What it does: Cymulate Breach and Attack Simulation proactively assesses the efficacy of security controls against the full attack kill chain using simulated attacks that mimic the tactics and techniques of real adversaries.
What we liked:...
AttackIQ Platform v2.17
Vendor: AttackIQ
Price: $5,000 per test endpoint
Contact: www.attackiq.com
Quick Read
What it does: AttackIQ Platform identifies gaps in production environments and helps mitigate risk so organizations may measure the effectiveness of their security posture and increase the overall return on investment of...
GreyNoise Raises $4.8 Million in Seed Funding to Combat Alert Fatigue
GreyNoise Intelligence, a startup focused on helping security teams reduce alert fatigue, has raised nearly $5 million in seed investment to help the company expand its intelligence service that helps teams “prioritize alerts that matter by quieting ones that...
Tampa Teenager Accused in Twitter Hack Pleads Not Guilty
A Florida teen identified as the mastermind of a scheme that gained control of Twitter accounts of prominent politicians, celebrities and technology moguls pleaded not guilty on Tuesday to multiple counts of fraud.
read more
Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates
Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities.
read more
EU launching deep probe into Google’s planned $2.1 billion Fitbit buy
Enlarge / Logo of Google is displayed on a smartphone by logo of Fitbit in Brussels, Belgium on August 4, 2020. (credit: Dursun Aydemir | Andalou Agency | Getty Images)
Regulators in the European Union are launching...
Newsletter WordPress Plugin Opens Door to Site Takeover
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites.
