Shrootless: macOS Vulnerability Allows Rootkit Installation

MITRE, CISA Announce 2021 List of Most Common Hardware Weaknesses

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 10.29.21 Friday, October 29, 2021 Hacker-Powered Security for AWS Applications The latest HackerOne eBook to help protect your cloud environment. Download Now 3 Questions for MDRs Helping to Get Your Enterprise to XDR If you are among the growing group of organizations looking to an MDR provider to supplement your security operations with XDR, make sure you consider these three factors. Read the Full Column by Marc Solomon Changing Approaches to Preventing Ransomware Attacks Conducting scaled and cost-effective attack surface and digital threat monitoring gives organizations of all sizes the best chance of identifying and defeating their adversaries. Read the Full Column by Landon Winkelvoss How to Spot an Effective Security Practitioner By understanding what makes a great security practitioner, organizations can learn how to recruit and retain effective security practitioners. Read the Full Column by Joshua Goldfarb The VC View: Vendor Risk Management While there still isn't a clear industry-accepted answer to Vendor risk management (VRM), there has been more interest in staying on top of and learning about the latest in this space. Read the Full Column by William Lin How Do We Know About New Phishing Attacks? Because Some Human Reported It. Leverage the power of the collective - the network effect – for its ever-evolving intelligence wherever possible to keep your employees free of all the bad stuff that has made it to their inboxes. Read the Full Column by Keith Ibarguen Meeting Backup Requirements for Cyber Insurance Coverage Most cyber insurance providers are demanding that companies supply proof of their backup implementation in order to obtain an affordable policy. Read the Full Column by Gordon Lawson Lots and Lots of Bots: Looking at Botnet Activity in 2021 Botnets are becoming more malicious, sometimes able to create hundreds of thousands of drones that can attack a variety of machines, including Mac systems, Linux, Windows systems, edge devices, IoT devices, and so on. Read the Full Column by Derek Manky How Integration is Evolving: The X Factor in XDR The goal of XDR is detection and response across the infrastructure, across all attack vectors, across different vendors, and across security technologies that are cloud based and on premises. Read the Full Column by Marc Solomon Building a Secure Remote Connection Solution for Today's Business Zero-trust network access (ZTNA) simplifies secure connectivity by providing seamless, per-use access to applications, no matter where the user or application may be locate Read the Full Column by John Maddison The New Paradigm for Work from Anywhere: Zero Trust Network Access (ZTNA) While there is no silver bullet to prevent cybersecurity attacks, ZTNA has become a necessity for organizations on their digital transformation journey by allowing to minimize the attack surface while ensuring the productivity of remote workers. Read the Full Column by Torsten George Supporting Cybersecurity Awareness Month Cybersecurity Awareness Month is an excellent time to reflect on any changes made, and that might still need to be made since, as for many people hybrid has become the working 'normal.' Read the Full Column by Laurence Pitt Optimizing Monitoring Services For Intelligence Teams In addition to evaluating the core capabilities and range of intelligence monitoring, organizations must consider data source integrity, and perhaps most importantly, the level of expert analysis included with each service. Read the Full Column by Landon Winkelvoss Hacker-Powered Security for AWS Applications The latest HackerOne eBook to help protect your cloud environment. Download Now See All Recent Articles at SecurityWeek.Com Shrootless: macOS Vulnerability Found by Microsoft Allows Rootkit Installation: Addressed by Apple in October 2021, the vulnerability allows an attacker to install rootkits, deploy persistent malware, or overwrite system files. Read More MITRE, CISA Announce 2021 List of Most Common Hardware Weaknesses: The 2021 CWE Most Important Hardware Weaknesses list includes 12 types of vulnerabilities. Read More NSA, CISA Release 5G Cloud Security Guidance: The NSA and CISA have released cybersecurity guidance to help cloud providers and mobile network operators secure 5G cloud infrastructure. Read More HelpSystems Expands Shopping Spree With Digital Guardian Acquisition: HelpSystems expanded its year-long cybersecurity shopping spree with a new deal to acquire data loss prevention specialists Digital Guardian. Read More Massachusetts Health Network Hacked; Patient Info Exposed: A Worcester, Mass. health care network says someone hacked into its employee email system, potentially exposing the personal information of thousands of patients. Read More Russian Man Extradited to U.S. for Role in TrickBot Malware Development: Vladimir Dunaev, 38, of Russia, was extradited from South Korea to face charges for his role in the TrickBot operation. Read More 12 People Arrested Over Ransomware Attacks on Critical Infrastructure: Europol announces the arrests of 12 individuals suspected of launching cyberattacks on critical infrastructure using ransomware such as LockerGoga, MegaCortex and Dharma. Read More Ransomware Attack Hits PNG Finance Ministry: A cyberattack on Papua New Guinea's finance ministry briefly disrupted government payments and operations, officials said late Thursday. Read More Chrome 95 Update Patches Exploited Zero-Days, Flaws Disclosed at Tianfu Cup: Google has patched two more actively exploited Chrome vulnerabilities, as well as flaws that earned hackers $300,000 at a recent Chinese hacking contest. Read More India's Top Court Orders Probe Into Pegasus Snooping: India's Supreme Court on Wednesday ordered an independent investigation into the alleged government use of Pegasus spyware on journalists, opposition politicians and activists with the chief justice calling the implications "Orwellian". Read More FBI Publishes Indicators of Compromise for Ranzy Locker Ransomware: Ranzy Locker ransomware has been targeting businesses in the United States since late 2020, with more than 30 victims identified by July 2021. Read More Free Decryption Tools Available for Babuk, AtomSilo and LockFile Ransomware: Free decryption tools have been released by Avast for Babuk, AtomSilo and LockFile ransomware. Read More Critical GoCD Authentication Flaw Exposes Software Supply Chain: A highly-critical vulnerability in a popular open-source CI/CD solution can be exploited to hijack sensitive secrets for downstream supply chain attacks. Read Feature Scottish Cybersecurity Startup Unveils Versatile AI-Based Deception: Scotland-based cybersecurity startup Lupovis has introduced versatile AI-based deception technology and announced significant pre-seed funding. Read Feature Vendor-Neutral Initiative Sets Bare-Minimum Baseline for Security: Google is partnering with multiple big-tech partners on a Minimum Viable Secure Product baseline aimed at building a set of minimum security requirements for business applications and services. Read Feature Phishing Protection Provider SlashNext Raises $26 Million: The investment will help the company grow its customer acquisition and operations domestically and internationally. Read Feature Cisco Patches High-Severity DoS Vulnerabilities in ASA, FTD Software: Addressed as part of Cisco's October 2021 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication, these bugs can be exploited remotely, some without authentication. Read Feature US Dismisses Assange Suicide Risk in Extradition Appeal: The United States urged two senior British judges on Wednesday to clear the extradition of WikiLeaks founder Julian Assange and reject a lower court's ruling that he is a suicide risk. Read Feature Dragos Becomes First Industrial Cybersecurity Unicorn After Raising $200 Million: Dragos has become the first industrial cybersecurity unicorn — with a valuation of $1.7 billion — after raising $200 million in Series D funding. Read Feature Ransomware Gang Claims to Have Stolen Data From National Rifle Association: A cybercrime group that uses the Grief ransomware claims to have stolen data from the National Rifle Association (NRA). Read More US Bans China Telecom Over National Security Concerns: The United States has banned China Telecom from operating in the country citing "significant" national security concerns, further straining already tense relations between the superpowers. Read More TransUnion Acquires Identity Security Company Sontiq for $638 Million: Credit reporting agency TransUnion is acquiring identity security solutions provider Sontiq for $638 million. Read More Washington Secretary of State Appointed CISA's Senior Election Security Lead: Washington Secretary of State Kim Wyman, the second woman to serve in this position in Washington's history, is considered an expert on elections and an experienced Secretary of State. Read More North Korean Hackers Targeting IT Supply Chain: Kaspersky: North Korean state-sponsored hacking group Lazarus was observed targeting an IT asset monitoring solution vendor. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com