How North Korean Hackers Stole Data From Isolated Network Segment

The Race to Find Profits in Securing Email | Meet the Vaccine Appointment Bots

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 02.26.21 Friday, February 26, 2021 Blind Administration: A Supply Chain Compromise Crisis Simulator Join the Immersive Labs team as they attempt to respond to a sophisticated cyberattack, possibly led by a nation state, that has potentially compromised one of your cyber weapons, along with other national secrets. (Live - March 17th at 1PM ET) Register Now Securing Today's Networks Requires Consolidation and Collaboration Security tools, regardless of where they have been deployed, need to be able leverage common security intelligence feeds and share alerts and threat data with other security tools. Read the Full Column by John Maddison Is Your Suppliers' Security Your Business? Supply chain cyber risk is complicated and spans the entire lifecycle of a product—across design, manufacturing, distribution, storage, and maintenance. Read the Full Column by Yaniv Vardi Protecting Against Vaccine-Themed Attacks and Misinformation Over the coming weeks, we must be vigilant as there will be a glut of activity and misinformation from cybercriminals wanting to disrupt the COVID-19 vaccine rollout. Read the Full Column by Laurence Pitt Elevate the Value of Threat Intelligence in the SOC The center of gravity of the Security Operations Center (SOC) used to be the SIEM, but this is shifting as the mission of the SOC shifts to become a detection and response organization. Read the Full Column by Marc Solomon Actions Enterprises Can Take to Combat Common Fraud Types Josh Goldfarb discusses what enterprises can do to mitigate risk and limit losses account takeover (ATO) fraud, account opening (AO) fraud, and payment fraud. Read the Full Column by Joshua Goldfarb Introducing DAIC: A Suggested System for Preventing BEC Fraud Proposed Distributed Account Information Certification (DAIC) enables organizations to quickly and securely validate the bank account information of companies before they send payments Read the Full Column by Idan Aharoni The Intelligent Edge: An Increasing Target for Bad Actors If the history of cybersecurity has taught us anything, it's that any time that we implement a new tool, a new capability, or a new functionality, security threats follow. Read the Full Column by Derek Manky Blind Administration: A Supply Chain Compromise Crisis Simulator Join the Immersive Labs team as they attempt to respond to a sophisticated cyberattack, possibly led by a nation state, that has potentially compromised one of your cyber weapons, along with other national secrets. (Live - March 17th at 1PM ET) Register Now See All Recent Articles at SecurityWeek.Com Here's How North Korean Hackers Stole Data From Isolated Network Segment: The Lazarus group was able to log into a router and abused it to access and steal data from a restricted network segment. Read More Unprotected Private Key Allows Remote Hacking of Rockwell Controllers: A critical authentication bypass vulnerability can be exploited by hackers to remotely compromise Rockwell controllers. Read More The Race to Find Profits in Securing Email: NEWS ANALYSIS: Armorblox raises $30 million and joins a growing list of well-heeled startups taking a stab addressing one of cybersecurity's most difficult problems: keeping malicious hackers out of corporate mailboxes. Read More HYAS Raises $16 Million to Hunt Adversary Infrastructure: HYAS, a provider of threat intelligence based on adversary infrastructure, closed a $16M Series B round of funding led by S3 Ventures. Read More Meet the Vaccine Appointment Bots, and Their Foes: Bots have emerged amid widespread frustration with the online world of vaccine appointments. Read More Chinese Threat Actor Uses Browser Extension to Hack Gmail Accounts: New TA413 campaign leverages a malicious browser extension to gain access to and control intended victims' Gmail accounts. Read More Security, Privacy Issues Found in Tens of COVID-19 Contact Tracing Apps: Using a new tool called COVIDGUARDIAN, a group of researchers has identified vulnerabilities in more than twenty Android contact tracing apps. Read More Microsoft Releases Open Source Resources for Solorigate Threat Hunting: The tech giant used these queries to analyze source code at scale and identify indicators of compromise (IoCs) associated with Solorigate. Read More TikTok owner ByteDance to pay $92M in US privacy Settlement: TikTok's Chinese parent company ByteDance has agreed to pay $92 million in a settlement to U.S. users who are part of a class-action lawsuit alleging that the video-sharing app failed to get their consent to collect data. Read More Cisco Patches Severe Flaws in Network Management Products, Switches: The security bugs could be exploited by unauthenticated, remote attackers to bypass protections, access device information, or modify files with root privileges. Read More Ukraine Says Russian Cyberspies Targeted Gov Agencies in Supply Chain Attack: Ukraine says its government agencies have been targeted by Russia in DDoS and supply chain attacks. Read More Venture Capital Giant Sequoia Targeted in BEC Attack: Venture capital giant Sequoia Capital said the recently disclosed cybersecurity incident was apparently part of a BEC attack. Read More Google Funds Linux Kernel Security Development: Full-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to focus on improving security. Read More Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability: Hackers have already started scanning the web for VMware vCenter Server instances affected by a recently patched vulnerability. Read More Google Discloses Details of Remote Code Execution Vulnerability in Windows: Google Project Zero has disclosed the details and released a PoC exploit for a serious Windows vulnerability that can be exploited for remote code execution. Read More Washington Senate OKs Measure Creating State Office of Cybersecurity: In response to a security breach that exposed personal information from unemployment claims, Washington Senate has unanimously passed a measure that creates a state Office of Cybersecurity. Read More PerimeterX Banks $57 Million for Bot Protection Expansion: Bot protection startup PerimeterX raises $57 million more in new financing to fuel its push into new markets globally. Read More GitHub Hires Mike Hanley as Chief Security Officer: GitHub has hired former Cisco CISO Mike Hanley as its new Chief Security Officer (CSO). Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2020 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Customer Contact Data Notice Sent by news@securityweek.com