(IN)SECURE Magazine Notifications RSS

Intel releases updates to plug TPM-FAIL flaws, foil ZombieLoad v2 attacks

3 days 14 hours ago

Intel’s Patch Tuesday releases are rarely so salient as those pushed out this month: the semiconductor chip manufacturer has patched a slew of high-profile vulnerabilities in their chips and drivers. TPM-FAIL TPM-FAIL is a name given to vulnerabilities found in some Intel’s firmware-based TPM (fTPM) and STMicroelectronics’ TPM chipsets, discovered by Ahmad “Daniel” Moghimi and Berk Sunar from Worcester Polytechnic Institute, Thomas Eisenbarth from University of Lübeck and Nadia Heninger from University of California at … More →

The post Intel releases updates to plug TPM-FAIL flaws, foil ZombieLoad v2 attacks appeared first on Help Net Security.

Zeljka Zorz

November 2019 Patch Tuesday: Actively exploited IE zero-day fixed

3 days 17 hours ago

November 2019 Patch Tuesday comes with patches for an IE zero-day exploited by attackers in the wild and four Hyper-V escapes. Microsoft updates Microsoft has delivered fixes for 74 vulnerabilities in various products, 13 of which are deemed to be critical. The most notable ones in this batch are: CVE-2019-1429, a scripting engine memory corruption vulnerability that, according to researchers of the Google Threat Analysis Group, is being exploited in attacks in the wild to … More →

The post November 2019 Patch Tuesday: Actively exploited IE zero-day fixed appeared first on Help Net Security.

Zeljka Zorz

Lateral phishing makes for dangerous waters, here’s how you can avoid getting caught in the net

3 days 19 hours ago

As companies and consumers have become more aware of phishing, hackers have refined their techniques and are now launching a more advanced form of attack known as lateral phishing. This technique is highly convincing and, consequently, highly effective. Hackers are no longer phishing in the dark Millions of individuals have had their personal information exposed in recent breaches at companies like DoorDash, PCM Inc., and Nordstrom. When email addresses, dates of birth, names, and other … More →

The post Lateral phishing makes for dangerous waters, here’s how you can avoid getting caught in the net appeared first on Help Net Security.

Help Net Security

Product showcase: SpyCloud Active Directory Guardian

3 days 20 hours ago

Fueled by rampant employee password reuse across work and personal logins, account takeover represents a major risk to the enterprise. According to the 2019 Verizon Breach Report, the use of stolen credentials has been the number one hacking tactic for three years running. When employees reuse the same credentials across multiple logins, one data breach puts all of those accounts at risk. It’s trivial for criminals to access all accounts that use those compromised credentials, … More →

The post Product showcase: SpyCloud Active Directory Guardian appeared first on Help Net Security.

Mirko Zorz

Researchers discover massive increase in Emotet activity

3 days 20 hours ago

Emotet had a 730% increase in activity in September after being in a near dormant state, Nuspire discovered. Emotet, a modular banking Trojan, has added additional features to steal contents of victim’s inboxes and steal credentials for sending outbound emails. Those credentials are sent to the other bots in its botnet which are used to then transmit Emotet attack messages. When Emotet returned in September, it appeared with TrickBot and Ryuk ransomware to cause the … More →

The post Researchers discover massive increase in Emotet activity appeared first on Help Net Security.

Help Net Security

Enterprise cybersecurity in the Asia-Pacific region

3 days 21 hours ago

Almost one in five business organizations in the Asia-Pacific (APAC) region experienced more than six security breaches in the past two years, a new ESET enterprise cybersecurity survey has revealed. ESET polled over 1,835 managers and C-level executives working in organizations in a variety of industries in India, China, Hong Kong, Taiwan, Japan, Thailand and Indonesia, and also found that: 91 percent of organizations have a cybersecurity awareness program. The percentage reaches as high as … More →

The post Enterprise cybersecurity in the Asia-Pacific region appeared first on Help Net Security.

Zeljka Zorz

The leading challenge facing cloud migration projects is security

3 days 21 hours ago

60% of organizations misunderstand the shared responsibility model for cloud security and incorrectly believe the cloud provider is responsible for securing privileged access, according to Centrify. Securing cloud migration projects Furthermore, organizations are not employing a common security model or enforcing least privilege access to reduce risk, and the majority list security as their main challenge with cloud migrations. The cloud’s availability, accessibility, scalability, and speed of delivery make it an attractive option to deliver … More →

The post The leading challenge facing cloud migration projects is security appeared first on Help Net Security.

Help Net Security

Trend Micro enhances protection for industrial orgs

3 days 23 hours ago

Trend Micro, a global leader in cybersecurity solutions, announced its complete smart factory security solutions, designed to provide enhanced visibility and protection for embattled industrial control system (ICS) environments. The solutions will secure across all layers of Industry 4.0, mitigating this growing area of cyber risk to keep operations running. Gartner predicts that approximately 49 billion IoT devices will be connected in 2021 and that number will continue to increase for the foreseeable future. Even … More →

The post Trend Micro enhances protection for industrial orgs appeared first on Help Net Security.

Industry News

Jamf unveils Jamf Protect, an enterprise endpoint protection solution built for Mac

3 days 23 hours ago

Jamf launched Jamf Protect, an enterprise endpoint protection solution built for Mac. Jamf Protect leverages native Apple security tools and on-device analysis of macOS activity to create customized telemetry that gives enterprise security teams unparalleled visibility into their macOS fleet and the ability to respond and block identified threats. Jamf Protect is now generally available to commercial organizations in the United States. “Because of Jamf’s Apple-first and Apple-only approach, Jamf Protect is unique in how … More →

The post Jamf unveils Jamf Protect, an enterprise endpoint protection solution built for Mac appeared first on Help Net Security.

Industry News

Redis Labs launches RedisInsight and automated cluster recovery for Kubernetes

4 days ago

Redis Labs, the home of Redis and provider of Redis Enterprise, announced a new graphical user interface (GUI) tool for developers and administrators, RedisInsight, and automated cluster recovery capabilities for the company’s Kubernetes Operator toolkit, to make it even easier for organizations to deploy and operate Redis at scale. “Both RedisInsight and automated cluster recovery for Kubernetes will enable our customers to increase how and where they use Redis by simplifying how they develop and … More →

The post Redis Labs launches RedisInsight and automated cluster recovery for Kubernetes appeared first on Help Net Security.

Industry News

CloudVector’s API Threat Protection platform monitors and secures APIs to prevent data breaches

4 days ago

CloudVector, the first API Threat Protection platform to go beyond the gateway, announced the launch of its namesake solution, which discovers, monitors and secures APIs to prevent data breaches. The proliferation of APIs have encouraged threat actors to target this new attack vector, increasing the risk of major data breaches. Existing Web Application Firewall (WAF) and API Management gateways are unable to provide API Threat Protection because of inherent limitations in their architectures. According to … More →

The post CloudVector’s API Threat Protection platform monitors and secures APIs to prevent data breaches appeared first on Help Net Security.

Industry News

OpenText announces technology update with innovations across its entire portfolio

4 days ago

OpenText, a global leader in Enterprise Information Management (EIM), announced its latest technology update, with innovations across its entire portfolio. This release further improves the capture, governance, exchange and use of information to drive productivity, growth and a lasting competitive advantage. “OpenText builds the world’s most impressive and compelling EIM platform, designed to help companies gain the agility, scale and capability they need to empower their workforces and delight customers,” said Mark J. Barrenechea, OpenText … More →

The post OpenText announces technology update with innovations across its entire portfolio appeared first on Help Net Security.

Industry News

Bitdefender GravityZone enhanced with new endpoint defense capabilities

4 days 1 hour ago

Bitdefender, a global cybersecurity leader protecting over 500 million systems across 150 countries, announced new endpoint defense capabilities for GravityZone, the company’s unified endpoint prevention, detection and response platform designed to help enterprises stop threats earlier in the attack chain, as well as simplify and speed up incident response. With the new release, Bitdefender GravityZone extends its lead in endpoint prevention by identifying and stopping network-based and fileless attacks, exploits and malicious behaviors, before they … More →

The post Bitdefender GravityZone enhanced with new endpoint defense capabilities appeared first on Help Net Security.

Industry News

Wind River and Xilinx develop new platform for automated driving apps

4 days 1 hour ago

Wind River, a leader in delivering software for the intelligent edge, announced a collaboration with Xilinx on the development of a comprehensive automated driving platform that integrates Xilinx’s Versal adaptive compute acceleration platform (ACAP) and Wind River automotive software. The collaboration will provide carmakers with a flexible, high-performance compute platform for delivering safe and secure connected and automated driving vehicles. Using IP from both companies, the platform will provide a foundation that rapidly enables and … More →

The post Wind River and Xilinx develop new platform for automated driving apps appeared first on Help Net Security.

Industry News

Avaya expands global availability of its DaaS offering

4 days 2 hours ago

Avaya Holdings announced that it has expanded global availability of its Device as a Service (DaaS) offering, enabling businesses to acquire Avaya’s latest smart devices with the flexibility of a monthly subscription rather than an upfront purchase. Following a successful introduction in the United States in 2018, this offering is now available to customers in Canada and a number of European countries. The Avaya DaaS offering is now available for Avaya IX IP Phones, the … More →

The post Avaya expands global availability of its DaaS offering appeared first on Help Net Security.

Industry News

Aqua Security acquires CloudSploit to expand into CSPM

4 days 2 hours ago

Aqua Security, the leading platform provider for securing container-based, serverless, and cloud native applications announced its expansion into cloud security posture management (CSPM) with its acquisition of CloudSploit. CloudSploit’s SaaS-based platform allows customers to monitor their public cloud accounts within minutes, providing visibility to their entire estate of cloud resources, and reduce threats due to misconfiguration and vulnerabilities. CloudSploit automatically manages cloud security risk and benchmarks against industry standards to ensure compliance and has garnered … More →

The post Aqua Security acquires CloudSploit to expand into CSPM appeared first on Help Net Security.

Industry News

Your supplier’s BEC problem is your BEC problem

4 days 19 hours ago

Business email compromise (BEC) scams are a burgeoning threat for organizations and, despite rising awareness, new victims are cropping up daily. BEC scammers don’t care what business the potential targets are in: all they care is that they have money that can be stolen – preferably lots of it – and that they have vulnerabilities they can exploit to pull off the heist. Four major BEC fraud techniques “The most common misconception about BEC scams … More →

The post Your supplier’s BEC problem is your BEC problem appeared first on Help Net Security.

Zeljka Zorz

The FBI multi-factor authentication notification that should have never been

4 days 20 hours ago

While reviewing the recent Private Industry Notification from the FBI about using social engineering and technical attacks to circumvent multi-factor authentication, I was floored at how each of these account takeover scenarios seemed completely preventable. That’s because SIM swap and session hijacking were at the center of each account takeover scenario. Let’s take a closer look at each of these attack vectors and how to prevent them. SIM swap attack SIM swap attacks are when … More →

The post The FBI multi-factor authentication notification that should have never been appeared first on Help Net Security.

Help Net Security

The password reuse problem is a ticking time bomb

4 days 20 hours ago

Despite Bill Gates predicting the demise of passwords back in 2004, they are still very much in use. Passwords, like email, seem future proof; but they are also the source of many cybersecurity problems. Key drivers of these issues are human behavior and the desire for convenience, which results in password reuse across multiple accounts. The 2018 Global Password Security Report shows a staggering 50 percent of users use the same passwords for their personal … More →

The post The password reuse problem is a ticking time bomb appeared first on Help Net Security.

Mirko Zorz

Top concerns for audit executives? Cyber risks and data governance

4 days 21 hours ago

As organizations continue to collect customer and employee data, chief audit executives (CAEs) are increasingly concerned about how to govern and protect it. Gartner conducted interviews and surveys from across its global network of client organizations to identify the biggest risks facing boards, audit committees and executives in 2020. Data governance has risen to the top spot of CAEs’ audit concerns, up from second place in last year’s report, replacing cybersecurity preparedness. Increased regulatory scrutiny … More →

The post Top concerns for audit executives? Cyber risks and data governance appeared first on Help Net Security.

Help Net Security