US Says Agencies Largely Fended Off Latest Russian Hack

Industry Comments on Biden's Executive Order on Strengthening Cybersecurity Defenses

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 05.31.21 !--------------------------------------------> Monday, May 31, 2021 CISO Guide to Preventing Vendor Email Compromise Vendor Email Compromise (VEC) attacks – payroll, invoice, and RFQ fraud – come from trusted sources, compromised or spoofed. Join this webinar to learn more on how organizations can better prepare to stop these threats. June 10, 2021, at 1PM ET Register Now Resilience: RSA Conference 2021 For many of us, RSA Conference 2020 in San Francisco was the last time we came together as a community, met with colleagues, and saw new technology offerings. Read the Full Column by Laurence Pitt What Cybersecurity Can Learn From Video Games (Part II) By taking some lessons from outside our cybersecurity sandbox, we can address some of the significant challenges in cybersecurity. Read the Full Column by Rob Fry Why Evaluating Cybersecurity Prior to Mergers and Acquisitions is Necessary While cyber due diligence has yet to become commonplace in M&A transactions, the consequences of failing to identify risks and active campaigns can have costly implications. Read the Full Column by Landon Winkelvoss The VC View: Identity = Zero Trust for Everything The most common "new project" in identity nowadays is in Zero Trust. This concept has been evolving for years, and is building controls around an interesting premise: the idea that every resource will one day be internet-facing. Read the Full Column by William Lin The Rise of Continuous Attack Surface Management In the merry-go-round world of InfoSec technologies and "what's old is new again," this year we should include Attack Surface Management with a dash of Continuous. Read the Full Column by Gunter Ollmann Lessons Learned From High-Profile Exploits Although every network environment is unique, there are steps any organization can begin to implement now to reduce their risk from ransomware and other advanced threats. Read the Full Column by William Lin A Renewed Push to Improve the Nation's Cybersecurity President Biden's Executive Order (EO) to improve the nation's cybersecurity is a good first step but it is likely not going to materially change the defensive posture of the nation. Read the Full Column by Torsten George CISO Guide to Preventing Vendor Email Compromise Vendor Email Compromise (VEC) attacks – payroll, invoice, and RFQ fraud – come from trusted sources, compromised or spoofed. Join this webinar to learn more on how organizations can better prepare to stop these threats. June 10, 2021, at 1PM ET Register Now See All Recent Articles at SecurityWeek.Com US Says Agencies Largely Fended Off Latest Russian Hack: The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives. Read More Vulnerability Allows Remote Hacking of Siemens PLCs: Researchers have discovered a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack Siemens PLCs. Read More Microsoft Creates Cybersecurity Council for the Public Sector in APAC: The Microsoft initiative builds on the need for APAC governments to build cyber-defense strategies and keep the region protected from attacks through strong collaboration with tech companies. Read More Interpol Says 585 People Arrested in APAC Operation Against Cyber-Enabled Crime Interpol and specialized law enforcement in Asia Pacific intercepted $83 million in illicit transfers and froze 1,600 bank accounts. Read More Kenyan Arrested in Qatar First Targeted by Phishing Attack: A Kenyan security guard now facing charges in Qatar after writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest. Read More SonicWall Patches Command Injection Flaw in Firewall Management Application: A severe vulnerability in Network Security Manager (NSM) could be exploited by authenticated attackers through crafter HTTP requests. Read More Cybercriminals Target Companies With New 'Epsilon Red' Ransomware: A new piece of ransomware named Epsilon Red has been spotted targeting organizations (in the United States) via unpatched Microsoft Exchange servers. Read More CISA-FBI Alert: 350 Organizations Targeted in Attack Abusing Email Marketing Service: An alert released by the FBI and CISA warns that the SolarWinds hackers have abused an email marketing service to send malicious emails to 350 organizations. Read More Activists Launch Action Against 'Cookie Banner Terror': A group of online privacy activists said Monday it is taking action against hundreds of websites over their use of pop-up banners asking users to consent to "cookies", the files that track users' activity. Read More Nuclear Flash Cards: US Secrets Exposed on Learning Apps: US troops charged with guarding nuclear weapons in Europe used popular education websites to create flash cards, exposing their exact locations and top-secret security protocols. Read More Security Analytics Firm Uptycs Raises $50 Million: Cloud-native security analytics provider Uptycs has closed a $50 million Series C funding round, bringing the total raised by the company to date up to $93 million. Read More Chinese Hackers Started Covering Tracks Days Before Public Exposure of Operations: At least two threat actors supporting the Chinese government's interests are targeting organizations in the US and Europe. Read More Canada Post Says 950,000 Customers Hit by Breach at Supplier: Canada Post says information on 950,000 customers was exposed following a malware attack on a supplier. Read More FBI Shares IOCs for APT Attacks Exploiting Fortinet Vulnerabilities: These include new user accounts, specific executable files, FTP transfers, and unrecognized scheduled tasks. Read More SolarWinds Hackers Impersonate U.S. Government Agency in New Attacks: The Russia-linked SolarWinds hackers (Nobelium) are launching new attacks on the U.S. in a campaign that abuses a mass mailing service and impersonates a government agency. Read More U.S. Charges 22 in Stolen Payment Cards Crackdown: The U.S. Justice Department announces indictments against 22 charged with purchasing and using stolen payment cards. Read More Japanese Ministries Confirm Impact from Fujitsu Data Breach: Japan's government agencies confirm customer data was stolen from a breach at service provider Fujitsu Limited. Read More DataDome Raises $35 Million for Its Anti-Bot Solution: DataDome, which provides a platform designed to help organizations fight bad bots and online fraud, has raised $35 million in Series B funding. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com