FBI Warns of Iranian Cyberattacks | Outlook Security Feature Bypass Allowed Sending Malicious Links

Zerodium Offering $400,000 for Microsoft Outlook Zero-Day Exploits

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 01.28.22 Friday, January 28, 2022 Report: Architecting the Next Generation for OT Security Gain research-backed insights into current conditions and emerging trends in the OT Security realm Get Report In the Hacker's Crosshairs: K-12 Schools Schools should take measures to identify and secure sensitive data, keep devices up-to-date, and ensure that their endpoint security controls are working. Read the Full Column by Torsten George Combating the Surge in Retail Theft and E-Commerce Fraud With Open Source Intelligence Similar to investigations that disrupt cyberattacks on retailers, the same tactics, techniques, and procedures (TTPs) can be leveraged against those that sell counterfeit or stolen goods. Read the Full Column by Landon Winkelvoss Seven Ways to Ensure Successful Cross-Team Security Initiatives While there are many approaches to successfully accomplishing cross-team security initiatives, these seven points are helpful when working to push these efforts across the finish line. Read the Full Column by Joshua Goldfarb Living Off the "Edge" of the Land Living-off-the-land attacks are effective because they allow attackers to hide their activities in legitimate processes and makes it harder for defenders to detect them. These tools also make attack attribution much harder. Read the Full Column by Derek Manky How to Attract Hard-to-Find Cybersecurity Talent When organizations adopt a broader yet more focused framework for cybersecurity staffing, they're suddenly positioned to gain a clear competitive advantage in the labor market. Read the Full Column by Jeff Orloff Meshed Cybersecurity Platforms Enable Complex Business Environments Cybersecurity deployments have become as complex as the networks they are trying to protect. And that's not a good thing. Read the Full Column by John Maddison CISA Steps up Public and Private Sector Collaboration in 2021 Under the leadership of Jen Easterly, CISA launch several key initiatives to significantly increase government collaboration among federal agencies as well as with the private sector. Read the Full Column by Galina Antova The Second Building Block for the SOC of the Future: An Open Integration Framework An open integration architecture provides the greatest access to data from technologies, threat feeds and other third-party sources, and the ability to drive action back to those technologies once a decision is made. Read the Full Column by Marc Solomon Defense Contractors Must do More to Conceal Their Attack Surface The rise of social engineering tactics as well as risks associated with embedded vulnerabilities in contractor networks makes keeping this technology confidential and out of the hands of adversaries increasingly difficult. Read the Full Column by Gordon Lawson IoT's Importance is Growing Rapidly, But Its Security Is Still Weak" There is a pressing need tighten IoT security, especially in an insecure world where these unmanaged devices are playing a rapidly-growing and increasingly important role. Read the Full Column by Marie Hattar A New Year Will Bring New Targets: What to Look for in 2022 While the sky just may be the limit (or actually, it may not be), when it comes to cybercriminals, three key areas where we expect to see more activity in the coming year are space, digital wallets and esports. Read the Full Column by Derek Manky What to Expect in 2022: Microservices Will Bring Macro Threats Defense-in-depth encourages a review of all tools in place, ultimately defining a strategy to use everything available to create a layered security approach between users (or potential attackers) and applications/microservices in use. Read the Full Column by Laurence Pitt Anomaly Detection in Cybersecurity for Dummies Integrating anomaly detection into your security analytics solution can thwart internal & external attacks. Learn how from this For Dummies e-book. Grab Your Copy See All Recent Articles at SecurityWeek.Com FBI Warns of Iranian Cyberattacks: The FBI has warned organizations about the hacker attacks conducted by an Iran-based cyber company named Emennet Pasargad. Read More Zerodium Offering $400,000 for Microsoft Outlook Zero-Day Exploits: The exploit acquisition firm also says it is willing to pay up to $200,000 for zero-days in Mozilla Thunderbird. Read More Network Security Firm Portnox Raises $22 Million in Series A Funding: Network and endpoint security firm Portnox has raised $22 million in a Series A funding round. Read More Vulnerabilities in Swiss E-Voting System Earn Researchers Big Bounties: Researchers have already earned tens of thousands of euros for vulnerabilities found in Switzerland's new e-voting system. Read More HackerOne Bags $49 Million in Series E Funding: The hacker-powered security platform will invest in research and development and in expanding its go-to-market activities. Read More Xerox Quietly Patched Device-Bricking Flaw Affecting Some Printers: A specially crafted TIFF payload can be sent to a vulnerable printer to cause a denial of service condition that persists after reboots. Read More Web-Tracking 'Cookies' Meant to Protect Privacy: Inventor: The data-tracking "cookies" at the heart of concerns over online privacy were meant to shield people, rather than serve as cyber snoops, their inventor says. Read More Identity Verification Firm Veriff Raises $100 Million: Veriff, a provider of automated identity verification technology, has raised $100 million in a Series C funding round, bringing the total amount raised by the company to $200 million. Read More Over 100 Million Android Users Installed 'Dark Herring' Scamware: Zimperium zLabs has identified 470 malicious Android applications distributed through Google Play and third-party app stores. Read More Outlook Security Feature Bypass Allowed Sending Malicious Links: Specially crafted malicious links can be included in emails to bypass the security system's URL scanning feature. Read More Attack Surface Management Play Censys Scores $35M Investment: The jostling for space in the attack surface management space intensified this week with Michigan startup Censys banking a new $35 million funding round to fuel growth and expansion. Read More French Ministry of Justice Targeted in Ransomware Attack: LockBit 2.0 ransomware operators claim to have hit France's Ministry of Justice and they are threatening to leak stolen information. Read More Microsoft Saw Record-Breaking DDoS Attacks Exceeding 3 Tbps: In November and December 2021, Microsoft mitigated record-breaking DDoS attacks that exceeded 3 Tbps, the largest at 3.47 Tbps and 340 Mpps. Read More US Says National Water Supply 'Absolutely' Vulnerable to Hackers: Cyber defenses for US drinking water supplies are "absolutely inadequate" and vulnerable to large-scale disruption by hackers, a senior official said. Read More REvil Ransomware Operations Apparently Unaffected by Recent Arrests: The activity of the ransomware cooperative did not decrease following Russia's smackdown. Read More White House Publishes Federal Zero Trust Strategy: The White House has published a federal zero trust strategy, requiring agencies to meet cybersecurity standards and objectives by the end of 2024. Read More Software Supply Chain Protection Startup Scribe Security Raises $7 Million: The funding will help Scribe Security bring its end-to-end protection platform to market. Read More VMware Warns of Log4j Attacks Targeting Horizon Servers: VMware warns customers of potential compromise as attacks targeting the Log4j vulnerability in Horizon are ramping up. Read More QNAP Warns NAS Users of DeadBolt Ransomware Attacks: The ransomware hijacks the NAS device's login page to display a ransom note there. Read More Official Says Puerto Rico's Senate Targeted by Cyberattack: Puerto Rico's Senate says that it was the target of a cyberattack that disabled its internet provider, phone system and official online page, the latest in a string of similar incidents in recent years. Read More Rights Group Says Lebanese Staffer Targeted With NSO Spyware: Human Rights Watch said that one of its senior staff members was targeted last year with spyware designed by the Israeli hacker-for hire company NSO Group. Read More Apple Patches 'Actively Exploited' iOS Security Flaw: In a barebones advisory, Apple acknowledged the zero-day took aim at a memory corruption issue in IOMobileFrameBuffer, an oft-targeted iOS kernel extension. Read More Cyber Insights 2022: Identity: Identity has always been the key to security. But the industry became sidetracked into concentrating more on the content of traffic than on the source of the traffic. Read More Sophisticated Threat Actor Targets Governments, Defense Industry in Western Asia: Split into multiple stages to evade detection, the infection chain starts with the exploit for a MSHTML vulnerability (CVE-2021-40444) and uses the Graphite malware. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com