Chinese Hackers Target Russian Defense Sector

Weaknesses in Software Supply Chains: Cyber's Unspoken Reality

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 04.30.21 Friday, April 30, 2021 Webinar Weaknesses in Software Supply Chains: Cyber's Unspoken Reality Join this webinar as we examine the weaknesses in software supply chains and what organizations should consider to protect themselves from attacks. May 4th at 1PM ET Register Now Effective Security Needs to See and Interrupt Every Step in an Attack Chain The best defense in depth strategy is one that enables multiple tools, deployed across the distributed network—including endpoints, clouds, and applications—to work as a unified solution to detect and respond to threats. Read the Full Column by John Maddison Today's Security Trap: Increasing Spending but Not Efficacy Despite the long-standing belief that deploying more security solutions will result in greater protection against threats, the truth of the matter can be very different. Read the Full Column by Torsten George Reveal: The First Pillar of Industrial Cybersecurity Companies in the industrial space face unique challenges when it comes to revealing what needs to be secured. Read the Full Column by Yaniv Vardi As You Modernize Your SOC, Remember the Human Element As Security Operations Centers (SOCs) mature and transition to become detection and response organizations, they need to tackle some tough challenges with respect to data, systems and people. Read the Full Column by Marc Solomon Targeting Remote Learning: Defending Against Cyberattacks in our Schools School network administrators should be taking precautions to prepare for the new challenges of the upcoming academic year. Read the Full Column by Laurence Pitt The Growing Need for a New Security Platform There is really nothing to be gained by micromanaging talented employees. While it can be a difficult transition from individual contributor to manager, it is worth taking the time to avoid slipping into micromanagement. Read the Full Column by Joshua Goldfarb Creating Cyber Resilience Through Training Everyone is familiar with the three legs of cybersecurity stool: people, processes and technology. But most companies typically invest in just one area – technology. Read the Full Column by Gordon Lawson The VC View: Data Security - Deciphering a Misunderstood Category Data security is a tough topic to summarize and I'd argue it may be the most misunderstood category in security right now. Read the Full Column by William Lin Webinar Weaknesses in Software Supply Chains: Cyber's Unspoken Reality Join this webinar as we examine the weaknesses in software supply chains and what organizations should consider to protect themselves from attacks. May 4th at 1PM ET Register Now See All Recent Articles at SecurityWeek.Com Unknown Chinese APT Targets Russian Defense Sector: Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector. Read More Task Force Calls for Aggressive US 'Anti-Ransomware' Campaign: A task force from the Institute for Security and Technology recommends a comprehensive framework for preparing for, disrupting, and responding to ransomware attacks. Read More Contract Tracing Breach Impacts Private Info of 72K People: Employees of a vendor paid to conduct COVID-19 contact tracing in Pennsylvania may have compromised the private information of at least 72,000 people, including their exposure status and their sexual orientation. Read More Security Operations and Management Startup StrikeReady Emerges From Stealth: The company's platform is designed to help security teams quickly respond to incidents and defend against threats. Read More SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched: Over the past half a year, the advanced threat actor was observed using multiple malware families and aggressively pressuring victims into paying the ransom. Read More Cybersecurity Community Unhappy With GitHub's Proposed Policy Updates: The cybersecurity community is not happy with GitHub's proposed policy updates related to malware and exploits. Read More Dutch Government Pauses Coronavirus App Over Data Leak Fears: The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system. Read More BIND Vulnerabilities Expose DNS Servers to Remote Attacks: Several vulnerabilities patched recently in the BIND DNS software can be exploited for DoS attacks and possibly even remote code execution. Read More Stealthy RotaJakiro Backdoor Targeting Linux Systems: Previously undocumented and stealthy Linux backdoor named RotaJakiro has been discovered targeting Linux X64 systems, and has been undetected for at least three years. Read More BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices: Researchers at Microsoft discovered 25 remote code-execution vulnerabilities affecting a wide range of IoT and OT devices the industrial, medical, and enterprise networks. Read More Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks: Attackers can use spoofed authentication responses to hijack a KDC connection and gain local administrative access. Read More DigitalOcean Discloses Breach Involving Billing Information: Cloud solutions provider DigitalOcean has started informing customers about a breach involving their billing information. Read More Threat Detection Firm Vectra Raises $130 Million at $1.2 Billion Valuation: Threat detection and response company Vectra AI has raised $130 million and has become a cybersecurity unicorn at a valuation of $1.2 billion. Read More Apple Patches Security Bypass Vulnerability Impacting Macs With M1 Chip: Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that only impacts Macs with M1 chips. Read More FluBot Android Malware Expected to Start Targeting U.S.: The FluBot Android malware has been stealing information from phones in Europe, but it's soon expected to expand operations to the United States. Read More Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks: The Cisco firewall vulnerabilities could be exploited to achieve arbitrary code execution or to cause a denial of service condition. Read More Chinese Cyberspies Target Military Organizations in Asia With New Malware: Running until at least March 2021, the latest Naikon campaign employed a new backdoor alongside known malware, but also abused legitimate software. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com