Tuesday, May 21, 2019

From APES to Bespoke Security Automated as a Service

Many of the most innovative security start-ups I come across share a common heritage - their core product evolved from a need to automate the delivery of an advanced service that had begun as a boutique or specialized consulting...

Industrial Robotics – Are You Increasing Your Cybersecurity Risk?

There’s nothing fundamentally novel about the use of robots in industrial environments. For nearly half a century, they’ve been changing the way that we manufacture products and deal with risk in hazardous environments. From automotive assembly lines to mines,...

LeakedSource Operator Pleads Guilty in Canada

Canadian authorities announced last week that Defiant Tech Inc., the company that ran LeakedSource, pleaded guilty to trafficking identity information and possession of property obtained through crime. read more

US Delays Huawei Ban for 90 Days

US officials Monday delayed a ban on American technology exports to Chinese tech giant Huawei until mid-August, saying the time was needed to allow for software updates and other contractual obligations. read more

DHS Highlights Common Security Oversights by Office 365 Customers

As organizations migrate to Microsoft Office 365 and other cloud services, many fail to use proper configurations that ensure good security practices, the U.S. Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) warns.  read more

Siemplify Raises $30 Million in Series C Funding

Siemplify, a New York, NY-based provider of security orchestration, automation and response (SOAR) tools, today announced that it has secured $30 million in a Series C funding round led by Georgian Partners. read more

Linux Kernel Privilege Escalation Vulnerability Found in RDS Over TCP

A memory corruption vulnerability recently found in Linux Kernel’s implementation of RDS over TCP could lead to privilege escalation.  Tracked as CVE-2019-11815 and featuring a CVSS base score of 8.1, the flaw impacts Linux kernels prior to 5.0.8, but only...

Faulty Database Script Exposed Salesforce Data to Wrong Users

Salesforce Shuts Down Instances After Database Script Erroneously Enabled All Permissions on User Profiles read more

TeamViewer Confirms It Was Hacked in 2016

Remote control and support solutions provider TeamViewer has confirmed that hackers likely operating out of China breached its systems back in 2016, but the company decided not to disclose the incident at the time as it found no evidence...

How to Evaluate Threat Intelligence Vendors That Cover the Deep & Dark Web

Deep & dark web (DDW) communities have long been must-have data sources for threat intelligence programs, but only recently has the market caught up with this need. read more

User Data Exposed in Stack Overflow Hack

Hackers had access to Stack Overflow systems for nearly one week before the attack was detected and some user data was exposed after all, the company has admitted. read more

Hacktivist Attacks Declined 95 Percent Since 2015: IBM

The number of hacktivist attacks that resulted in quantifiable damage to the victim has declined by 95 percent since 2015, according to IBM. read more

Slack Flaw Allows Hackers to Steal, Manipulate Downloads

A recently patched vulnerability in the Slack desktop application for Windows can be exploited by malicious actors to steal and manipulate a targeted user’s downloaded files. read more

Tenable Updates Free Vulnerability Assessment Solution

Tenable this week announced Nessus Essentials, an expanded version of its free vulnerability assessment solution previously known as Nessus Home.  read more

Wormable Windows RDS Vulnerability Poses Serious Risk to ICS

A critical remote code execution vulnerability patched recently by Microsoft in Windows Remote Desktop Services (RDS) poses a serious risk to industrial environments, experts have warned. read more

Stack Overflow Discloses Security Breach

Stack Overflow, the popular Q&A platform for programmers, revealed on Thursday that someone gained access to its production systems over the weekend. read more

How to Securely Blend Your IoT Data with Business Data

Opportunities Created by the Integration of IoT Data With the Rest of Your Business Environment Are Vast read more

Authorities Takedown GozNym Cybercrime Group That Stole an Estimated $100 Million

Authorities in the United States and Europe on Thursday announced the takedown of an organized cybercrime network that used the GozNym malware to steal an estimated $100 million from victims.  read more

Cisco Patches Critical Vulnerabilities in Prime Infrastructure (PI) Software

Cisco has released patches for numerous vulnerabilities affecting its products, including Critical flaws in the Cisco Prime Infrastructure (PI) Software that could allow remote code execution. A total of three vulnerabilities were identified in the PI software, namely CVE-2019-1821, CVE-2019-1822, and...

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...