Project Zero Flags High-Risk Zoom Security Flaw

Armis Raises $300M at $3.4 Billion Valuation | Key Questions for CISOs

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 11.29.21 Monday, November 29, 2021 Virtual Event: Security Operations Summit Learn best practices and gain insights for adopting tools and processes to help SOCs be more effective and efficient. December 8th, 2021 Register Now 3 Key Questions for CISOs on the Wave of Historic Industrial Cybersecurity Legislation If you're a CISO or security leader, here are three questions to ask yourself as you consider this legislation and look to improve the security posture of your OT environment. Read the Full Column by Yaniv Vardi Preventing a Cyber Pandemic in Healthcare With tight resources for managing healthcare, the IT challenge to keep track of vast amounts of data being created, accessed and modified is critical. Read the Full Column by Laurence Pitt Delivering on the Promise of 5G Requires New Security Standards In order to deliver on the promise of 5G, we need new industry standards for security, testing, and training to proactively combat 5G cyber threats and minimize risks. Read the Full Column by Marie Hattar Acronyms Aside, the SOC of the Future Needs These 3 Capabilities Security Operations Centers do not need another acronym. What they need are capabilities that enable them to address their top use cases faster and more thoroughly in the face of evolving attacks. Read the Full Column by Marc Solomon How to Improve Red Team Effectiveness using Obfuscation For red teams, using an obfuscated network for testing offers the advantage of hiding who is performing the attack and where it is originating, for a more real-life context. Read the Full Column by Gordon Lawson Four Things Your CISO Wants Your Board to Know There's no doubt that there are a lot of things on your CISO's mind. Whether they have an active role at board meetings or not, chances are these are some of the most pressing items they'd like to discuss with you. Read the Full Column by Tim Bandos Enlisting Employees to Fight Cyber Threats Most organizations rely too heavily on their cybersecurity pros to protect them from threats, ignoring the painful reality that human error is by far the most common cause of security breaches. Read the Full Column by Jeff Orloff Security is Everywhere. Can Your Services Keep Up? Recent changes have resulted in a proliferation of devices and users working from anywhere, which has expanded the digital attack surface and exposed more applications, devices, data, and users to risk. Read the Full Column by John Maddison Engaging Customers on an Uncertain Journey One of the best approaches to identifying both the value you are bringing to a customer and opportunities to increase that value is by going on the change-journey with your customers. Read the Full Column by Keith Ibarguen Another Cybersecurity Awareness Month Has Passed and Little Has Changed Before the next Cybersecurity Awareness Month comes along, companies across all industries should consider moving to a Zero Trust approach, powered by additional security measures such as MFA and endpoint resilience. Read the Full Column by Torsten George 3 Questions for MDRs Helping to Get Your Enterprise to XDR If you are among the growing group of organizations looking to an MDR provider to supplement your security operations with XDR, make sure you consider these three factors. Read the Full Column by Marc Solomon Changing Approaches to Preventing Ransomware Attacks Conducting scaled and cost-effective attack surface and digital threat monitoring gives organizations of all sizes the best chance of identifying and defeating their adversaries. Read the Full Column by Landon Winkelvoss Virtual Event: Security Operations Summit Learn best practices and gain insights for adopting tools and processes to help SOCs be more effective and efficient. December 8th, 2021 Register Now See All Recent Articles at SecurityWeek.Com Project Zero Flags High-Risk Zoom Security Flaw: Google Project Zero's Natalie Silvanovich reports a pair of Zoom security defects that expose Windows, macOS, Linux, iOS and Android users to malicious hacker attacks. Read More Marine Services Provider Swire Pacific Offshore Discloses Data Breach: The Singapore company says an unauthorized party accessed confidential proprietary commercial information and personal data. Read More Panasonic Investigating Data Breach: Panasonic recently discovered a network breach in which someone accessed a file server reportedly storing technology and business information. Read More CISA Releases Guidance on Securing Enterprise Mobile Devices: The Enterprise Mobility Management (EMM) system checklist was designed to help mitigate vulnerabilities and protect business environments. Read More Armis Raises $300 Million at $3.4 Billion Valuation: Enterprise device security company Armis has raised another $300 million, at a valuation of $3.4 billion. Read More Recently Patched Apache HTTP Server Vulnerability Exploited in Attacks: A recently patched Apache HTTP Server SSRF vulnerability (CVE-2021-40438) has been exploited in attacks, according to Cisco and Germany's BSI cybersecurity agency. Read More Ransomware Operators Threaten to Leak 1.5TB of Supernus Pharmaceuticals Data: The biopharmaceutical company says it has no plans to pay a ransom, but warns of potential exploitation of the improperly obtained data. Read More UK Cyber Firm Faces Investors Over Stock Turmoil: Darktrace came under investor scrutiny over dramatic share price gyrations since its headline-grabbing London stock market float. Read More VMware Patches File Read, SSRF Vulnerabilities in vCenter Server: VMware has patched arbitrary file read and SSRF vulnerabilities in vCenter Server. Read More IoT Security Company Shield-IoT Raises $7.4 Million: The company says it can detect anomalies within minutes through transforming big data into small data sets. Read More Two Nigerians Sentenced to Prison in U.S. for Role in BEC Scams: Opeyemi Abidemi Adeoso was sentenced to 151 months in federal prison, while Benjamin Adeleke Ifebajo was sentenced to 120 months in prison. Read More GoDaddy Says Several Brands Hit by Recent WordPress Hosting Breach: GoDaddy says the recent WordPress hosting breach impacts several of its brands, including 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. Read More CISA, FBI Warn of Potential Critical Infrastructure Attacks on Holidays: All organizations – especially critical infrastructure entities – are encouraged to improve their security stance to prevent potentially impactful cyberattacks. Read More Researcher Awarded $10,000 for Google Cloud Platform Vulnerability: The access token for a Google Cloud project could be leaked, thus allowing users to elevate privileges in other internal projects. Read More Industrial Cybersecurity Firm Applied Risk Acquired by DNV: Assurance and risk management firm DNV is acquiring industrial cybersecurity company Applied Risk in an effort to create an industrial cybersecurity powerhouse. Read More Japan, Vietnam Look to Cyber Defense Against China: Japan and Vietnam on signed a cybersecurity agreement as the two Asian nations rapidly step up their military ties amid concerns over China's growing assertiveness. Read More Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation: Apple has filed a lawsuit seeking to hold NSO Group accountable for hacking into Apple's iOS mobile platform with so-called zero-click exploits to spy on researchers, journalists, activists, dissidents, academics, and government officials. Read More PoC Exploit Published for Latest Microsoft Exchange Zero-Day: Proof-of-concept (PoC) exploit code has been published for recently patched vulnerability in Microsoft Exchange Server. Read More Serious Vulnerability Found in Imunify360 Web Server Security Product: A vulnerability in the Imunify360 security suite for web servers can be exploited for remote code execution using specially crafted files. Read More Low Code/No Code App Security Firm Zenity Emerges From Stealth: The company announced a $5 million funding round that will help it expand customer acquisition, marketing, product, and research and development operations. Read More Biomanufacturing Facilities Warned of Attacks Involving Sophisticated Malware: New Tardigrade variant of Smoke Loader was detected within the networks of two biomanufacturing facilities roughly half a year apart. Read More Schwarz Group Acquires XM Cyber for $700 Million: Germany-based retail giant Schwarz Group has acquired Israel-based security posture management company XM Cyber for $700 million. Read More Cyber Insurance Firm Resilience Raises $80 Million: Cyber insurance and security solutions provider Resilience has raised $80 million in a Series C funding round. Read More Severe Code Execution Vulnerabilities Affect OpenVPN-Based Applications: Claroty researchers document a series of severe code execution vulnerabilities affecting virtual private network (VPN) solutions relying on OpenVPN. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com