'Nimbuspwn' Flaws Haunt Linux

How Linux Became the New Bullseye Attacks | Chilling Russian Cyber Aim in Ukraine

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 04.28.22 Thursday, April 28, 2022 The Ultimate Kubernetes Security Guide Learn Kubernetes attack vectors and how to secure containers and system resources. Download NeuVector's Ultimate Guide to Kubernetes Security here. How Linux Became the New Bullseye for Bad Guys Linux is becoming a more popular target for attackers as it operates the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications. Read the Full Column by Derek Manky Overcoming Cybersecurity Recruiting Challenges With the labor market for cybersecurity pros being extremely tight, the old ways of recruiting are rife with weaknesses and biases, while the urgency to recruit people is intense. Read the Full Column by Jeff Orloff Achieving Sustainable Cybersecurity Through Proper Care and Feeding It's time to step back and look at the role of the IT industry in developing, deploying, maintaining, growing and eventually, sustainably retiring technology and solutions. Read the Full Column by Laurence Pitt Defending Your Business Against Russian Cyberwarfare In the event of Russian cyberwarfare, reviewing the industries, styles, and objectives of their attacks can help organizations to prepare and implement more robust defenses. Read the Full Column by Landon Winkelvoss Why Ransomware Response Matters More Than Protection Organizations need to look beyond preventive measures when it comes to dealing with today's ransomware threats and invest in ransomware response, which improves their ability to prepare and quickly recover endpoints from ransomware attacks. Read the Full Column by Torsten George When Attacks Surge, Turn to Data to Strengthen Detection and Response As threat actors continue to evolve their TTPs to take advantage of crises and outbreaks, the intelligence sources and information sharing mechanisms available to help will become even more important. Read the Full Column by Marc Solomon Today's Network Is Different, Not Dead - Here's How You Secure It Security systems can struggle to keep up when networks are in a constant state of flux—optimizing connections, redirecting workflows, adding new edges or endpoints, or scaling to meet shifting demands. Read the Full Column by John Maddison When Is It Right to Stay Silent? If you know for a fact that a person or group has poor intentions, it may make sense to begin documenting and reporting nefarious activity you observe from them. Read the Full Column by Joshua Goldfarb Economic Warfare: Attacks on Critical Infrastructure Part of Geopolitical Conflict" The biggest advantage defenders have as the nature of the conflict and strategies evolve, is to know their networks better than the adversary. Read the Full Column by Galina Antova Think Like a Criminal: Knowing Popular Attack Techniques to Stop Bad Actors Faster Analyzing the attack goals of adversaries is important to be able to better align defenses against the speed of changing attack techniques. Read the Full Column by Derek Manky Healthcare and the Other CIA Obfuscation technology creates a path to data and applications residing in commercial clouds that cannot be traced, and can be helpful for healthcare data security. Read the Full Column by Gordon Lawson The Importance of Open Source to an XDR Architecture XDR architecture must be broad and deep so that organizations can get the most value out of their existing best-of-breed security solutions, including their free, open-source tools. Read the Full Column by Marc Solomon The Ultimate Kubernetes Security Guide Learn Kubernetes attack vectors and how to secure containers and system resources. Download NeuVector's Ultimate Guide to Kubernetes Security here. See All Recent Articles at SecurityWeek.Com Microsoft Warns of 'Nimbuspwn' Security Flaws Haunting Linux: Researchers at Microsoft find a way to exploit for a pair of privilege escalation flaws to plant a root backdoor on Linux systems. Read More 1.2 Million Bad Apps Blocked From Reaching Google Play in 2021: Google said it prevented 1.2 million bad apps from reaching Google Play in 2021, but cybercriminals continue finding ways to deliver their malware via the app store. Read More Synopsys to Acquire White Hat Security in $330M All-Cash Deal: Synopsys is expanding its reach into the cybersecurity business with plans to shell out $330 million to acquire White Hat security. Read More Russia Coordinating Cyberattacks With Military Strikes in Ukraine: Microsoft: Microsoft said that in "hybrid" warfare tactics, Russia often matches cyberattacks with military assaults on the battlefield. Read More Cisco Patches 11 High-Severity Vulnerabilities in Security Products: Cisco resolves 19 vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). Read More Critical Vulnerabilities in Azure PostgreSQL Exposed User Databases: Cloud security company Wiz details ExtraReplica, a series of critical Azure PostgreSQL vulnerabilities that could have been exploited to access user databases. Read More National Cybersecurity Agencies List Most Exploited Vulnerabilities of 2021: Cybersecurity agencies in the US, Canada, UK, Australia and New Zealand said the most commonly exploited vulnerabilities of 2021 included Log4Shell, ProxyLogon, and ProxyShell. Read More Cloudflare Customer Targeted in Record HTTPS DDoS Attack: Cloudflare says it mitigated a 15.3 million request-per-second (RPS) distributed denial of service (DDoS) attack carried out over HTTPS. Read More A Chilling Russian Cyber Aim in Ukraine: Digital Dossiers: Russia's relentless digital assaults on Ukraine may have caused less damage than many anticipated. But most of its hacking is focused on a different goal that gets less attention but has chilling potential consequences: data collection. Read More IETF Publishes RFC 9116 for 'security.txt' File: The Internet Engineering Task Force (IETF) has published RFC 9116 for the security.txt file, whose goal is to aid vulnerability disclosures. Read More Over 300,000 Internet-Exposed Databases Identified in 2021: In the first quarter of 2022, Group-IB security researchers identified over 91,000 publicly-facing databases. Read More Privacy Enhancing Tech Startup Enveil Bags $25 Million Investment: Enveil, an early-stage startup tackling the 'holy grail' of data encryption, has banked another $25 million in venture capital funding. Read More Watch: The Four Stages of Zero Trust Maturity: Join this webinar to learn the four stages of Zero Trust maturity and how to get fast wins while working toward fully adaptive, context- and risk-aware Zero Trust baked into your IT, security and business ecosystems. Read More Risk Intelligence Company Strider Raises $45 Million: Strider closes a $45 million Series B funding round led by Valor Equity Partners. Read More Internet Outages in French Cities After Cable 'Attacks': Operator: Internet and phone services were down or running slowly in several French cities on Wednesday after fibre optic cables were cut overnight in suspected attacks on the crucial data infrastructure, telecom operators said. Read More Can Elon Musk Spur Cybersecurity Innovation at Twitter?: News analysis: Elon Musk's stated mission to "authenticate all humans" and defeat the spam bots on Twitter could spur cybersecurity tech innovation around identity, multi-factor authentication and botnet detection. Read More Chinese Cyberspies Targeting Russian Military: State-sponsored cyberespionage group Mustang Panda starts targeting Russian military as Chinese interests shift towards the Russian-Ukraine war. Read More ARMO Raises $30 Million for Open Source Kubernetes Security Platform: Israel-based ARMO raises $30 million in a Series A funding round for its open source Kubernetes security platform. Read More Chrome 101 Patches 30 Vulnerabilities: Google releases Chrome 101 to the stable channel with 30 security fixes inside. Read More Coca-Cola Investigating Hack Claims Made by Pro-Russia Group: A pro-Russia hacker group claims to have stolen vast amounts of information after hacking Coca-Cola, but the cybercriminals' previous claims have been called into question. Read More Tenable Shells Out $45 Million to Acquire Bit Discovery: Tenable will spend $45 million to acquire Bit Discovery, an attack surface management software startup created by cybersecurity pioneers Jeremiah Grossman and Robert Hansen. Read More US Offers $10 Million Reward for Russian Intelligence Officers Behind NotPetya Cyberattacks: The United States is offering $10 million in rewards for help in prosecuting six Russian military intelligence officers blamed for the devastating NotPetya cyberattacks in 2017. Read More German Wind Turbine Firm Discloses 'Targeted, Professional Cyberattack': German wind turbine giant Deutsche Windtechnik discloses disruptive ransomware compromise. Read More Web Application Security Firm Source Defense Raises $27 Million: Springtide Ventures leads a new $27 million investment in a startup providing web application client-side protection. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2022 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Our Privacy Policy | Constant Contact Data Notice Sent by news@securityweek.com