ProxyToken' Exchange Vulnerability Leads to Email Compromise

New Edition of Pipeline Cybersecurity Standard Covers All Control System

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 08.31.21 Tuesday, August 31, 2021 CISO Forum Fireside Chat Prevent Never-Before-Seen Cyber Attacks Hear from former White House CIO, Theresa Payton! Register Now A Case for Recruiting and Retaining "Franchise Players" in Security Software Development Great franchise players can be attracted and retained, but not without addressing how people today find and maintain their career sweet-spot and are motivated by what they are doing, and that is not built by accident. Read the Full Column by Keith Ibarguen How Threat Detection is Evolving Evolving our definition of detection to encompass greater breadth and depth of understanding through internal and external data aggregation, correlation and investigation, delivers the information we need to execute faster with confidence. Read the Full Column by Marc Solomon The VC View: Digital Transformation After every company goes through digital transformation, their threat model will change in response. Read the Full Column by William Lin Cyber Warfare May be Losing Its Advantage of Deniability Plausible deniability provides a massive operational leeway to military operations in cyberspace, enabling governments to take actions without risking an all-out war. Read the Full Column by Idan Aharoni Detect: The Third Pillar of Industrial Cybersecurity Whether your company is assessing your existing capability to detect and respond to threats within your OT environment or considering new solutions, these three questions can help guide your evaluation. Read the Full Column by Yaniv Vardi Defeating the False Sense of Cyber Safety As we see an increasing number of recent attacks against critical infrastructure – cybersecurity and physical security can be intrinsically linked. Read the Full Column by Derek Manky Cloud Considerations Learned from the Pandemic The flexible and secure nature of the cloud allows security and application teams to focus on defining strategy for the future rather than being consumed by the management of what is in place today. Read the Full Column by Laurence Pitt Politics and Security Don't Mix As difficult as it may be, particularly in recent years, it is in the security team's best interests to keep politics out of the workplace. Read the Full Column by Joshua Goldfarb How to Train Your SOC Staff: What Works and What Doesn't Offering SOC staff professional development opportunities turns out to be a tool for talent retention. Read the Full Column by Jeff Orloff Security is a Big Data Problem, and It's Getting Bigger Security is a big data problem. Solving it is all about prioritized data flow, continuously processing data for analysis and translating and exporting it to create a single security infrastructure. Read the Full Column by Marc Solomon Protect: The Second Pillar in Your Journey to Improve Industrial Cybersecurity Posture Wherever you are on your industrial cybersecurity journey, the important thing is to start strengthening cyber defenses and resilience now. Read the Full Column by Yaniv Vardi Leveraging People in the Email Security Battle Leveraging humans for detection makes it hard for the attackers to predict whether or not their malicious emails will be identified and using technology to automate response provides scale and speed in resolution. Read the Full Column by Keith Ibarguen CISO Forum Fireside Chat Prevent Never-Before-Seen Cyber Attacks Hear from former White House CIO, Theresa Payton! Register Now See All Recent Articles at SecurityWeek.Com 'ProxyToken' Exchange Server Vulnerability Leads to Email Compromise: An attacker could exploit the vulnerability to reconfigure other users' mailboxes and set forwarding rules without authorization. Read More New Edition of Pipeline Cybersecurity Standard Covers All Control Systems: The American Petroleum Institute (API) has published the third edition of its pipeline cybersecurity standard. Read More CISA Expands 'Bad Practices' List With Single-Factor Authentication: This week, the agency added single-factor authentication to its Bad Practices list, underlining that attackers may access systems by matching a single factor only. Read More Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems: Researchers have found a couple of vulnerabilities that can be used to remotely disarm home security systems made by Fortress. Read More Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities: Companies that use OpenSSL in their products have started releasing security advisories for the recently patched vulnerabilities. Read More CISO Conversations: Zoom, Thycotic CISOs Discuss the CISO Career Path: The CISO is an organization's top person in cybersecurity. Is that it? Is that the end of a CISO's career progression? In fact ‒ is being CISO effectively a dead-end job? Read More Code Generated by GitHub Copilot Can Introduce Vulnerabilities: Researchers: Because it was trained over open-source GitHub code that contained vulnerabilities, the artificial intelligence model likely introduces security bugs. Read More Check Point Buys Cloud Email Security Provider Avanan: Israeli software giant Check Point joins the cybersecurity shopping spree with a definitive deal to acquire Avanan. Read More U.S. Justice Department Introduces Cyber Fellowship Program: The three-year course will help train future prosecutors and attorneys on handling cybersecurity-related cases. Read More Exploitation of Flaws in Delta Energy Management System Could Have 'Dire Consequences': An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences. Read More T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks: T-Mobile's CEO and an individual who claims to have hacked the company have shared some information about how the recent attack was carried out. Read More CISA, Microsoft Issue Guidance on Recent Azure Cosmos DB Vulnerability: Azure Cosmos DB instances with the Jupyter Notebook feature enabled were exposed to unauthorized access for months. Read More Experts Warn of Dangers From Breach of Voter System Software: Republican efforts to question the results of the 2020 election have led to two significant breaches of voting software that have alarmed election security experts. Read Feature Boston Public Library Hit With Cyberattack: The Boston Public Library was hit with a cyberattack that crippled its computer network, the library said in a statement. Read Feature FBI Shares IOCs for 'Hive' Ransomware Attacks: First observed in June 2021, the ransomware group employs various TTPs, encrypts and exfiltrates data, then threatens to publish it on the Tor site "HiveLeaks." Read Feature Vulnerability Allows Remote Hacking of Annke Video Surveillance Product: Researchers have discovered a critical vulnerability that can be exploited to remotely hack a video surveillance system made by Annke. Read Feature Enterprise Technology Management Provider Oomnitza Raises $20 Million: Seeking to help enterprises better manage and secure their technology assets, Oomnitza has raised $35 million to date. Read Feature Amazon to Offer Free Cybersecurity Training Materials, MFA Devices: Amazon says it will offer free multi-factor authentication devices for AWS customers and cybersecurity training materials. Read Feature In a Hybrid Workplace, Men Are More Likely to Engage in Risky Behavior Than Women: Study: Report shows a vast difference in risky online behaviors between men and women: 76% of risky users are men, and only 24% are women. Read Feature Critical Vulnerability Exposed Azure Cosmos DBs for Months: The vulnerability could have been exploited to gain full administrative access to the Cosmos DB instances of thousands of organizations. Read Feature FIN8 Hackers Add 'Sardonic' Backdoor to Malware Arsenal: Bitdefender discovers the financially motivated threat actor FIN8 using a new potent backdoor in its malware arsenal. Read More Engineering Workstations Are Concerning Initial Access Vector in OT Attacks: A study conducted by SANS shows that while OT organizations believe cyber risk is high, many of them are unsure if they have suffered a breach. Read More Cisco Patches Serious Vulnerabilities in Data Center Products: Improper access control in APIC could allow an unauthenticated, remote attacker to read or write arbitrary files. Read More Atlassian Patches Critical Code Execution Vulnerability in Confluence: Atlassian has patched a critical code execution vulnerability affecting Confluence Server and Data Center. Read More Microsoft Issues Guidance on ProxyShell Vulnerabilities: The company urges customers to install available patches as soon as possible, to ensure their deployments are protected from active attacks. Read More Vulnerabilities Allow Hackers to Tamper With Doses Delivered by Medical Infusion Pumps: A chain of known and newly identified vulnerabilities could lead to the injection of potentially lethal doses of prescribed medication. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com