Tuesday, August 4, 2020
SC Magazine

Operation North Star attackers appear to be Hidden Cobra

A phishing lure disguised as a legitimate inquiry by a recruiter for a new job opportunity inserts a malicious template into an attached Word document, which then gathers intelligence on the target, usually a highly-skilled technology worker in the...
SC Magazine

Defense and aerospace workforce targeted in latest phishing scheme

A phishing lure disguised as a legitimate inquiry by a recruiter for a new job opportunity inserts a malicious template into an attached Word document, which then gathers intelligence on the target, usually a highly-skilled technology worker in the...
SC Magazine

Pandemic accelerating security at financial institutions

Prior to the pandemic, financial institutions spent an average $2,700 on cybersecurity per full-time employee, up from $2,300 the previous year ), with COVID-19 now driving the need for companies to doubledown on cybersecurity going forward, according to a...
SC Magazine

Emerging Products: Breach and attack simulation technologies

SC Labs takes a look at 7 leading breach and attack products that deliver detailed metrics on a company’s security performance. (Source: XM Cyber)  Manual security testing can’t keep pace with the threat landscape. Penetration testing takes time...
SC Magazine

Feds arrest teen Twitter hack leader, accomplices

The ringleader of the Twitter breach that used prominent accounts to run a cryptocurrency scam turns out to be a 17-year-old in Tampa arrested earlier today. Two accomplices, Nima Fazeli, 22, of Orlando and Mason Sheppard, 19, in the U.K.,...
SC Magazine

Spotlight on CMS security after fake news actors compromise media websites

Social media companies have started to become more efficient at recognizing and taking down fake accounts designed to spread fake news and propaganda. But operators of traditional media websites and other digital platforms that regularly publish vital news information...
SC Magazine

Adobe mends critical code execution flaws in Magento

Adobe this week released a security update fixing four vulnerabilities – two critical – in its Magento Commerce 2 and Magento Open Source 2 e-commerce platforms. The two most significant bugs are identified as a path traversal flaw (CVE-2020-9689) and a Security Mitigation bypass (CVE-2020-9692), both of...
SC Magazine

XM Cyber 1.35

XM Cyber’s dashboard offers flexible assessments with an unlimited number of scenarios and configurations, displays results with actionable, at-a-glance information, reveals changes in security ratings and highlights at-risk assets. (Source: XM Cyber) Vendor: XM Cyber Price: $95,000 Contact: www.xmcyber.com Quick Read What it...
SC Magazine

Spirent Communications CyberFlood Data Breach Assessment v2.02

Spirent CyberFlood Data Breach Assessment offers multiple views of an environment, letting security pros toggle between them to access different vantage points between frameworks. (Spirent Communications, plc.)Vendor: Spirent Communications, plc. Price: $45,000 Contact: www.spirent.com Quick Read   What it does: Spirent CyberFlood Data Breach...
SC Magazine

Sophos Phish Threat

The main Sophos Phish Threat dashboard shows many useful statistics regarding active campaigns, such as the ratio of end users who have fallen for phishing emails as compared with those who have reported them. (Source: Sophos) Vendor: Sophos Price: $4...
SC Magazine

SafeBreach Platform

The MITRE ATT&CK heat map in the SafeBreach Platform lets security pros make deep dives into an environment’s strengths and weaknesses (Source: SafeBreach)Vendor: SafeBreach Price: N/A – Based on the size of deployment Contact: www.safebreach.com Quick Read  What it does: SafeBreach Platform automatically...
SC Magazine

Twitter hackers duped employees with phone spear phishing scam

Hackers who briefly commandeered high-profile Twitter accounts to perpetuate a cryptocurrency scam used a phone spear phishing attack to get into to the social media platform’s internal network as well as to “specific employee credentials” to access internal support...
SC Magazine

The Picus Security Validation Platform 3113

Vendor: Picus Security Price: $10,000 Contact: www.picussecurity.com Quick Read   What it does: The Picus Security Validation Platform takes a threat-centric approach to cyber resilience and offers continuous security validation that assists teams in identifying potential breach gaps and executing real-time and retrospective analysis...
SC Magazine

Cymulate Breach and Attack Simulation Platform 3.30.16

Vendor: Cymulate Price: $40,000 Contact: www.cymulate.com Quick Read   What it does: Cymulate Breach and Attack Simulation proactively assesses the efficacy of security controls against the full attack kill chain using simulated attacks that mimic the tactics and techniques of real adversaries. What we liked:...
SC Magazine

AttackIQ Platform v2.17

Vendor: AttackIQ Price: $5,000 per test endpoint Contact: www.attackiq.com Quick Read What it does: AttackIQ Platform identifies gaps in production environments and helps mitigate risk so organizations may measure the effectiveness of their security posture and increase the overall return on investment of...
SecurityWeek

GreyNoise Raises $4.8 Million in Seed Funding to Combat Alert Fatigue

GreyNoise Intelligence, a startup focused on helping security teams reduce alert fatigue, has raised nearly $5 million in seed investment to help the company expand its intelligence service that helps teams “prioritize alerts that matter by quieting ones that...
SecurityWeek

Tampa Teenager Accused in Twitter Hack Pleads Not Guilty

A Florida teen identified as the mastermind of a scheme that gained control of Twitter accounts of prominent politicians, celebrities and technology moguls pleaded not guilty on Tuesday to multiple counts of fraud. read more
SecurityWeek

Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates

Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities. read more

EU launching deep probe into Google’s planned $2.1 billion Fitbit buy

Enlarge / Logo of Google is displayed on a smartphone by logo of Fitbit in Brussels, Belgium on August 4, 2020. (credit: Dursun Aydemir | Andalou Agency | Getty Images) Regulators in the European Union are launching...

Newsletter WordPress Plugin Opens Door to Site Takeover

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites.