Skip to main content

BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices

Bug in Apple's M1 Chip Vulnerable Exploited in the Wild | Death of the Manual Pen-Test: Blind Spots, Limited Visibility
  Your SecurityWeek Briefing Webcasts
RSS Feed
04.29.21


Thursday, April 29, 2021

Splly Chain Security Webinar

Webinar

Weaknesses in Software Supply Chains: Cyber's Unspoken Reality

Join this webinar as we examine the weaknesses in software supply chains and what organizations should consider to protect themselves from attacks.

May 4th at 1PM ET

Register Now



Effective Security Needs to See and Interrupt Every Step in an Attack Chain
The best defense in depth strategy is one that enables multiple tools, deployed across the distributed network—including endpoints, clouds, and applications—to work as a unified solution to detect and respond to threats.
Read the Full Column
by John Maddison


Today's Security Trap: Increasing Spending but Not Efficacy
Despite the long-standing belief that deploying more security solutions will result in greater protection against threats, the truth of the matter can be very different.
Read the Full Column
by Torsten George



Reveal: The First Pillar of Industrial Cybersecurity
Companies in the industrial space face unique challenges when it comes to revealing what needs to be secured.
Read the Full Column
by Yaniv Vardi





As You Modernize Your SOC, Remember the Human Element
As Security Operations Centers (SOCs) mature and transition to become detection and response organizations, they need to tackle some tough challenges with respect to data, systems and people.
Read the Full Column
by Marc Solomon



Targeting Remote Learning: Defending Against Cyberattacks in our Schools
School network administrators should be taking precautions to prepare for the new challenges of the upcoming academic year.
Read the Full Column
by Laurence Pitt




The Growing Need for a New Security Platform
There is really nothing to be gained by micromanaging talented employees. While it can be a difficult transition from individual contributor to manager, it is worth taking the time to avoid slipping into micromanagement.
Read the Full Column
by Joshua Goldfarb



Creating Cyber Resilience Through Training
Everyone is familiar with the three legs of cybersecurity stool: people, processes and technology. But most companies typically invest in just one area – technology.
Read the Full Column
by Gordon Lawson




The VC View: Data Security - Deciphering a Misunderstood Category
Data security is a tough topic to summarize and I'd argue it may be the most misunderstood category in security right now.
Read the Full Column
by William Lin




Splly Chain Security Webinar

Webinar

Weaknesses in Software Supply Chains: Cyber's Unspoken Reality

Join this webinar as we examine the weaknesses in software supply chains and what organizations should consider to protect themselves from attacks.

May 4th at 1PM ET

Register Now




See All Recent Articles at SecurityWeek.Com

BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks. Read More

Security Bypass Vulnerability in Apple's M1 Chip Exploited in the Wild: Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that only impacts Macs with M1 chips. Read More

Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks: Attackers can use spoofed authentication responses to hijack a KDC connection and gain local administrative access. Read More

DigitalOcean Discloses Breach Involving Billing Information: Cloud solutions provider DigitalOcean has started informing customers about a breach involving their billing information. Read More

Threat Detection Firm Vectra Raises $130 Million at $1.2 Billion Valuation: Threat detection and response company Vectra AI has raised $130 million and has become a cybersecurity unicorn at a valuation of $1.2 billion. Read More

FluBot Android Malware Expected to Start Targeting U.S.: The FluBot Android malware has been stealing information from phones in Europe, but it's soon expected to expand operations to the United States. Read More

Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks: The Cisco firewall vulnerabilities could be exploited to achieve arbitrary code execution or to cause a denial of service condition. Read More

Chinese Cyberspies Target Military Organizations in Asia With New Malware: Running until at least March 2021, the latest Naikon campaign employed a new backdoor alongside known malware, but also abused legitimate software. Read More

US Government Taking Creative Steps to Counter Cyberthreats: An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed "judiciously" in the future. Read More

CISO Conversations: Raytheon and BAE Systems CISOs on Leadership, Future Threats: In this installment of SecurityWeek's CISO Conversations series, Jennifer Watson of Raytheon Intelligence & Space and Mary Haigh of BAE Systems, discuss cybersecurity leadership in the defense sector. Read More

Death of the Manual Pen-Test: Blind Spots, Limited Visibility: Manual penetration testing (pen-testing) is increasingly challenged by automated methods of vulnerability discovery and management. Read More

Google Data Protection Case to be Heard in UK Supreme Court: Google began a legal bid at Britain's highest court to try to block a class action alleging that it illegally tracked millions of iPhone users. Read More

Cyberspace Solarium Commission: CISA Funding Should Increase by at Least $400M: Two House representatives ask that CISA's budget for the fiscal year 2022 be increased by at least $400 million. Read More

Navy SEALs to Shift From Counterterrorism to Global Threats: The U.S. Navy is adding personnel to the SEAL platoons to beef up capabilities in cyber and electronic warfare and unmanned systems, honing their skills to collect intelligence and deceive and defeat the enemy. Read More

DevSecOps Company Sysdig Raises $188 Million at $1.19 Billion Valuation: DevSecOps company Sysdig raises $188 million in a Series F funding round and becomes a cybersecurity unicorn with a valuation of $1.19 billion. Read More

Dark Hash Collisions: New Service Confidentially Finds Leaked Passwords: Dark Hash Collisions can safely detect all a customer's users that have been compromised and consequently present a risk of credential stuffing. Read More

Russia-Linked 'Ghostwriter' Disinformation Campaign Tied to Cyberspy Group: Five operations running between October 2020 and January 2021 leveraged compromised social media accounts of Polish officials. Read More

Google Patches Yet Another Serious V8 Vulnerability in Chrome: Google has patched yet another serious V8 vulnerability in Chrome, and awarded the researcher who found it $15,000. Read More





To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book.

© 2021 Wired Business Media



Comments

Popular posts from this blog

ICS Cybersecurity Conference: Save $600 and register by April 30th

Registration & CFP Now Open for ICSCC25 – Don't Miss the ICS Pioneer Rate! Registration and CFP are Open! Buy your ticket by 4/30 and Save $600 Greetings! We’re excited to announce that registration and the Call for Presentations (CFP) are officially open for SecurityWeek's 2025 ICS Cybersecurity Conference. We’re returning to the beautiful InterContinental Atlanta from  October 27–30, 2025 , for another unforgettable week of expert insights, hands-on learning, and valuable connections with peers and innovators in the industrial cybersecurity space. Purchase your ticket by April 30th to get the ICS Pioneer Rate of $1795 -- a savings of $600 on a full conference pass. (GOV rate of $1595) Are you ready to share your expertise, lessons learned, or groundbreaking research with the community? The Call for Presentations (CFP) is open and we’re accepting proposals fo...

Euler Hermes Group recherche un/e Economic Research + 8 nouvelles offres de "Work Home Online"

Postulez aux offres publiĆ©es par Euler Hermes Group, Focus Home Interactive et CyberGhost  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌   ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌   ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌  ‌ ‌ ‌ ...

Microsoft Confirms Exploitation of 'Follina' Zero-Day Vulnerability

Surefire Cyber Tackles Incident Response With $10M Series A Funding Visit SecurityWeek.Com  | Advertise  | Contact   Webcasts RSS Feed 05.31.22 Tuesday, May 31, 2022 94% of Orgs Had an Insider Security Breach See 5 tips on reducing internal security risks. See How Learn to Use This First: Four Fundamental Tactics to Protect Email Ecosystems As email security is an ever-changing landscape, focusing on the most relevant issues in the threat landscape is where organizations need to start. Read the Full Column by Keith Ibarguen Defending t...