BootHole Patches Causing Chaos

Red Hat's BootHole Patches Cause Systems to Hang

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 07.31.20 Friday, July 31, 2020 Cloud Security Summit Learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Register Now August 13, 2020 Money is Everywhere, Should We Think More Like Banks? Intelligence is one of a few vital security concepts that industries are increasing their investments in as they recognize the documented value of proactive security. Read the Full Column by Marc Solomon Emerging Threats During Times of Crisis: Insights from Airbus Cybersecurity's Phil Jones Phil Jones who, who has overseen Operations within Airbus Cybersecurity since 2016, discusses some of the key takeaways from the current crisis. Read the Full Column by Marc Solomon Warning Signs of a Startup in a Downward Spiral Some security start-ups bring much needed creative thinking and new ideas to a challenging field. Others donít bring much of anything to the table, and in some cases, can actually harm an organizationís security posture. Read the Full Column by Joshua Goldfarb Digital Transformation and Cybersecurity as a Competitive Advantage Three recommendations that can help foster acceptance for Digital transformation initiatives so that more companies can move quickly and drive business value. Read the Full Column by Galina Antova Security Posture Fatigue As SecOps teams increasingly take on proactive risk reduction, their vocabulary expands from security threats to include posture lapses, and posture fatigue will grow. Read the Full Column by Gunter Ollmann Defending Against the Latest Ransomware Surge Ransomware is just one of many tactics, techniques, and procedures (TTPs) that threat actors are using to attack organizations by compromising remote user devices. Read the Full Column by Torsten George Finding the Right Threat Intelligence Vendors The threat intelligence space is filled with great vendors who can provide organizations with a lot of value in helping them protect their brand, employees and customers. Read the Full Column by Idan Aharoni Security Automation Challenges to Adoption: Overcoming Preliminary Obstacles To minimize the effect of an attack, an automated response is vital, which can reduce the amount of time between infection and resolution. Read the Full Column by Laurence Pitt OT Networks Are Becoming Essential Components of IT Risk Management, Governance With the right tools in place, IT and OT teams can work together, leveraging visibility and continuity across the attack surface to govern OT networks with the same processes and reporting metrics. Read the Full Column by Galina Antova The Case for Intent-Based Segmentation with SD-WAN By combining verifiable trust, intent-based segmentation, and integrated security, organizations can establish a trustworthy, security-driven networking strategy. Read the Full Column by John Maddison Two Musts for Managing a Remote Workforce: Identity Governance and Lifecycle Let's look at some real-world examples of the identity management challenges remote work is creating, and at what it means to rethink identity governance and lifecycle to meet those challenges. Read the Full Column by Jim Ducharme The Communication Imperative for CISOs As we look to the remainder of 2020 and where we should focus our attention, I encourage security leaders to take advantage of one of the few silver linings of the pandemic. Read the Full Column by Marc Solomon Defending Your Budget: How to Show ROI of Cybersecurity Investments Developing an ROI model takes time - my recommendation would be to focus on a simple security project that will return high value to the business when proven successful. Read the Full Column by Laurence Pitt Non-Human Identities: The New Blindspot in Cybersecurity The integration of identity with security is still work in progress, with less than half of businesses having fully implemented key identity-related access controls according to a research study. Read the Full Column by Torsten George New Reality of IT-OT: Convergence, Collaboration and Digital Transformation Acceleration It's very challenging for OT professionals to play catch up and close the 25+ year IT-OT security gap, particularly as the number of connectivity points grows exponentially. Read the Full Column by Galina Antova To Err Is Human: Accepting Responsibility to Regain Confidence Regardless of what goes wrong, the right attitude goes a long way towards helping stakeholders regain confidence in the security team and the security program it is running. Read the Full Column by Joshua Goldfarb Navigating the Rapid Digital Shift: Ticket on the Bus, Not the Whole Bus With a diverse and globally distributed workforce, cybersecurity buying decisions will increasingly factor accessibility, usability, and inclusiveness in solution design and operability. Read the Full Column by Gunter Ollmann See All Recent Articles at SecurityWeek.Com BootHole Patches Causing Many Systems to Become Unbootable: The patches released by Linux distributions for the GRUB2 vulnerability dubbed BootHole (CVE-2020-10713) are causing many systems to become unbootable. Read More Red Hat's BootHole Patches Cause Systems to Hang: Red Hat has told customers not to install the package updates released in response to the BootHole vulnerability after users reported that their systems hung after applying the updates. Read More Autofill Through Biometric Authentication Coming to Chrome: Google this week announced a series of security and ease-of-use improvements for the Autofill feature in Chrome. Read More Mimecast Acquires Messaging Security Provider MessageControl: Email and data security provider Mimecast on Thursday announced the acquisition of messaging security company MessageControl. Read More Cybercriminals Could Be Cloning Payment Cards Using Stolen EVM Data: Cybercriminals could be stealing data from EMV payment cards and using it to create magnetic stripe cards which they can use for card-present transactions. Read More Twitter Employees Targeted With Phone Spear-Phishing in Recent Attack: Twitter on Thursday revealed that several employees were targeted with phone spear-phishing in a social engineering attack leading to the recent security incident. Read More Bill Aimed at Ending 'Warrant-Proof' Encryption Introduced in House: Roughly one month after senators introduced a ìbalancedî bill that would require tech companies to provide law enforcement with access to encrypted user data, a companion bill was introduced in the House of Representatives this week. Read More Offensive Security Acquires Cybersecurity Training Project VulnHub: Information security training and certification provider Offensive Security this week announced the acquisition of VulnHub, an open-source catalog of security training resources. Read More Cisco Patches Serious Vulnerabilities in Data Center Network Manager: Cisco has patched critical and high-severity vulnerabilities in its Data Center Network Manager (DCNM) product. Read More EU Sanctions on Russian, Chinese 'Cyber Attackers': The European Union imposed its first ever sanctions against alleged cyber attackers, targeting Russian and Chinese individuals and a specialist unit of Moscow's GRU military intelligence agency. Read More Vulnerability Allowed Brute-Forcing Passwords of Private Zoom Meetings: A vulnerability that Zoom addressed in its web client could have allowed hackers to join private meetings by brute-forcing the passcode. Read More US Warns of 'Consequences' If Brazil Picks Huawei 5G: The US ambassador in Brasilia warned of "consequences" if Brazil chooses Chinese telecoms company Huawei to develop its 5G network. Read More FBI Warns of NetWalker Ransomware Targeting Businesses: The FBI has released an alert to warn businesses of ongoing cyberattacks involving the NetWalker ransomware. Read More Companies Respond to 'BootHole' Vulnerability: Companies affected by the BootHole vulnerability in the GRUB2 bootloader have started issuing advisories. Read More Britain Names Turkish Speaker as New Top Spy: Britain named former ambassador to Turkey Richard Moore as the new director of the MI6 Secret Intelligence Service. Read More 'BootHole' Flaw Allows Installation of Stealthy Malware, Affects Billions of Devices: Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader vulnerability dubbed BootHole that can be exploited to install persistent and stealthy malware. Read More Identity and Data Protection Provider Ermetic Raises $17 Million: Identity and access protection provider Ermetic secured $17.25 million in a Series A funding round, which brings the total amount raised by the company to $27.3 million. Read More 'Ghostwriter' ñ Widespread Disinformation Campaign Associated with Russia: FireEye security researchers have linked a series of disinformation operations to Russia, that have been ongoing since at least March 2017. Read More AWS Fraud Detection Service Becomes Generally Available: AWS announces the general availability of a fully managed service designed to help customers identify potentially fraudulent online activities. Read More Vatican Allegedly Hacked by China Ahead of Key Talks: The Vatican and the Catholic Diocese of Hong Kong have been the targets of alleged Chinese state-backed hackers ahead of talks on renewal of a landmark 2018 deal that helped thaw diplomatic relations between the Vatican and China. Read More Video Creation Service Promo.com Discloses Data Breach: Video creation service Promo.com this week confirmed that user data was exposed as a result of a data breach identified last week. Read More US Officials: Russia Behind Spread of Virus Disinformation: Researchers disclose the details of Shadow Attacks, new methods for hiding and replacing content in signed PDF files without invalidating their signature. Russian intelligence services are using a trio of English-language websites to spread disinformation about the coronavirus pandemic, seeking to exploit a crisis that America is struggling to contain ahead of the presidential election in November. Read More North Korean Hackers Operate VHD Ransomware, Kaspersky Says: The VHD ransomware family that emerged earlier this year is the work of North Korea-linked threat actor Lazarus. Read More Cybersecurity Training Company RangeForce Raises $16 Million: Cybersecurity training company RangeForce raises $16 million in a Series A funding round. Read More ZDI Announces Rules, Prizes for Pwn2Own Tokyo 2020: ZDI has announced the rules and prizes for Pwn2Own Tokyo 2020, where white hat hackers can earn tens or hundreds of thousands of dollars for vulnerabilities in smartphones and IoT devices. Read More Industrial Systems Can Be Hacked Remotely via VPN Vulnerabilities: Vulnerabilities discovered in VPN products primarily used for remote access to industrial systems can allow hackers to gain access to ICS and possibly cause physical damage. Read More U.S. Election Administrators Failed to Implement Phishing Protections: Study: A majority of election administrators in the United States have yet to implement cybersecurity controls designed to provide protection against phishing attacks. Read More Several New Mac Malware Families Attributed to North Korean Hackers: North Korean-linked threat actor Lazarus has been employing at least four new Mac-targeting malware families in recent attacks. Read More Source Code From Major Firms Leaked via Unprotected DevOps Infrastructure: Source code belonging to Microsoft, Adobe, AMD and tens of other companies has been leaked online after it was found unprotected. Read More US, UK Warn of Malware Targeting QNAP NAS Devices: The United States and the United Kingdom warned in a joint alert issued this week that a piece of malware has infected over 62,000 QNAP NAS devices. Read More Facebook Says EU Antitrust Probe Invades Employee Privacy: Facebook is asking EU courts to review "exceptionally broad" requests by antitrust regulators there that would scoop up employees' personal information. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2020 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | About our service provider Sent by news@securityweek.com