BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices

Bug in Apple's M1 Chip Vulnerable Exploited in the Wild | Death of the Manual Pen-Test: Blind Spots, Limited Visibility

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 04.29.21 Thursday, April 29, 2021 Webinar Weaknesses in Software Supply Chains: Cyber's Unspoken Reality Join this webinar as we examine the weaknesses in software supply chains and what organizations should consider to protect themselves from attacks. May 4th at 1PM ET Register Now Effective Security Needs to See and Interrupt Every Step in an Attack Chain The best defense in depth strategy is one that enables multiple tools, deployed across the distributed network—including endpoints, clouds, and applications—to work as a unified solution to detect and respond to threats. Read the Full Column by John Maddison Today's Security Trap: Increasing Spending but Not Efficacy Despite the long-standing belief that deploying more security solutions will result in greater protection against threats, the truth of the matter can be very different. Read the Full Column by Torsten George Reveal: The First Pillar of Industrial Cybersecurity Companies in the industrial space face unique challenges when it comes to revealing what needs to be secured. Read the Full Column by Yaniv Vardi As You Modernize Your SOC, Remember the Human Element As Security Operations Centers (SOCs) mature and transition to become detection and response organizations, they need to tackle some tough challenges with respect to data, systems and people. Read the Full Column by Marc Solomon Targeting Remote Learning: Defending Against Cyberattacks in our Schools School network administrators should be taking precautions to prepare for the new challenges of the upcoming academic year. Read the Full Column by Laurence Pitt The Growing Need for a New Security Platform There is really nothing to be gained by micromanaging talented employees. While it can be a difficult transition from individual contributor to manager, it is worth taking the time to avoid slipping into micromanagement. Read the Full Column by Joshua Goldfarb Creating Cyber Resilience Through Training Everyone is familiar with the three legs of cybersecurity stool: people, processes and technology. But most companies typically invest in just one area – technology. Read the Full Column by Gordon Lawson The VC View: Data Security - Deciphering a Misunderstood Category Data security is a tough topic to summarize and I'd argue it may be the most misunderstood category in security right now. Read the Full Column by William Lin Webinar Weaknesses in Software Supply Chains: Cyber's Unspoken Reality Join this webinar as we examine the weaknesses in software supply chains and what organizations should consider to protect themselves from attacks. May 4th at 1PM ET Register Now See All Recent Articles at SecurityWeek.Com BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks. Read More Security Bypass Vulnerability in Apple's M1 Chip Exploited in the Wild: Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that only impacts Macs with M1 chips. Read More Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks: Attackers can use spoofed authentication responses to hijack a KDC connection and gain local administrative access. Read More DigitalOcean Discloses Breach Involving Billing Information: Cloud solutions provider DigitalOcean has started informing customers about a breach involving their billing information. Read More Threat Detection Firm Vectra Raises $130 Million at $1.2 Billion Valuation: Threat detection and response company Vectra AI has raised $130 million and has become a cybersecurity unicorn at a valuation of $1.2 billion. Read More FluBot Android Malware Expected to Start Targeting U.S.: The FluBot Android malware has been stealing information from phones in Europe, but it's soon expected to expand operations to the United States. Read More Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks: The Cisco firewall vulnerabilities could be exploited to achieve arbitrary code execution or to cause a denial of service condition. Read More Chinese Cyberspies Target Military Organizations in Asia With New Malware: Running until at least March 2021, the latest Naikon campaign employed a new backdoor alongside known malware, but also abused legitimate software. Read More US Government Taking Creative Steps to Counter Cyberthreats: An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed "judiciously" in the future. Read More CISO Conversations: Raytheon and BAE Systems CISOs on Leadership, Future Threats: In this installment of SecurityWeek's CISO Conversations series, Jennifer Watson of Raytheon Intelligence & Space and Mary Haigh of BAE Systems, discuss cybersecurity leadership in the defense sector. Read More Death of the Manual Pen-Test: Blind Spots, Limited Visibility: Manual penetration testing (pen-testing) is increasingly challenged by automated methods of vulnerability discovery and management. Read More Google Data Protection Case to be Heard in UK Supreme Court: Google began a legal bid at Britain's highest court to try to block a class action alleging that it illegally tracked millions of iPhone users. Read More Cyberspace Solarium Commission: CISA Funding Should Increase by at Least $400M: Two House representatives ask that CISA's budget for the fiscal year 2022 be increased by at least $400 million. Read More Navy SEALs to Shift From Counterterrorism to Global Threats: The U.S. Navy is adding personnel to the SEAL platoons to beef up capabilities in cyber and electronic warfare and unmanned systems, honing their skills to collect intelligence and deceive and defeat the enemy. Read More DevSecOps Company Sysdig Raises $188 Million at $1.19 Billion Valuation: DevSecOps company Sysdig raises $188 million in a Series F funding round and becomes a cybersecurity unicorn with a valuation of $1.19 billion. Read More Dark Hash Collisions: New Service Confidentially Finds Leaked Passwords: Dark Hash Collisions can safely detect all a customer's users that have been compromised and consequently present a risk of credential stuffing. Read More Russia-Linked 'Ghostwriter' Disinformation Campaign Tied to Cyberspy Group: Five operations running between October 2020 and January 2021 leveraged compromised social media accounts of Polish officials. Read More Google Patches Yet Another Serious V8 Vulnerability in Chrome: Google has patched yet another serious V8 vulnerability in Chrome, and awarded the researcher who found it $15,000. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com