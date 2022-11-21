Read full article on original website
itsecuritywire.com
Top Strategies to Overcome Cybersecurity Challenges
As businesses worldwide successfully embrace remote and hybrid work models, they are met with a new challenge – their networks are exposed to new vulnerabilities and cybersecurity threats. Regulatory bodies like General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and others are evolving their regulations to protect...
itsecuritywire.com
Challenges of Implementing Zero-Trust Architecture
Businesses and cybersecurity industry veterans are exploring opportunities to develop and enforce a zero-trust architecture to ingrain resilience in their security posture and keep unauthorized users away from sensitive data and critical business assets. A recent report by IBM titled “Cost of a data breach 2022” found that the average...
itsecuritywire.com
Malwarebytes and Stellar Cyber Collaborate to Investigate and Mitigate Cyber Threats
Malwarebytes, a global leader in real-time cyber protection, today announced a new partnership with Stellar Cyber, an industry-leading Open XDR platform that delivers comprehensive, unified security without complexity. The partnership helps resource-constrained teams produce consistent security outcomes across all environments; on-premises, cloud and anything in between. The partnership comes at...
itsecuritywire.com
Funding boost will help protect more companies from cybercrime
Next-generation vulnerability management specialist, Holm Security, has received an investment of €4 million, which will enable them to protect more businesses from a rapidly increasing number of cyberattacks. Despite the difficult current conditions in the investment market, specialist B2B software venture capital firm Subvenio Invest has led the funding...
itsecuritywire.com
Strengthening Enterprise Cybersecurity to Combat Rising Cyber Attacks
Businesses must take a more protective approach to their cybersecurity, with cybercriminals becoming increasingly innovative and sophisticated and state-sponsored cybercrimes rising in number. IT security teams must implement stronger protection measures to secure their organizations as threat actors become more sophisticated. They must establish security-first culture that prioritize blocking threats...
itsecuritywire.com
Cross-Tenant AWS Vulnerability Revealed Account Resources
A cross-tenant vulnerability in Amazon Web Services (AWS) could have allowed attackers to abuse AWS AppSync to gain access to resources in an organization’s account. According to cloud security firm Datadog Security Labs, an attacker could use the AWS AppSync service to take on identity and access management (IAM) roles in other AWS accounts and access the resources in those accounts. With the help of the AppSync service, programmers can build GraphQL and Pub/Sub APIs, each of which has a corresponding data source, as well as directly call AWS APIs to integrate their applications with AWS services. This requires the creation of roles with IAM permissions.
itsecuritywire.com
BMC Firmware Flaws Make OT and IoT Devices Vulnerable to Remote Attacks
Researchers at the industrial cybersecurity company Nozomi Networks have identified more than a dozen vulnerabilities in the baseboard management controller (BMC) firmware. Using a specialized processor called a BMC, administrators can remotely manage and watch over a device without having access to its operating system or installed applications. A device can be rebooted, an operating system installed, the firmware updated, system parameters monitored, and logs analyzed using the BMC vulnerability.
itsecuritywire.com
Adopting Best Practices and Technologies to Effectively Secure Private Keys
Businesses put their faith in core technologies like blockchain, encryption, multi-party or distributed strategies, zero trust access, and more, and with good reason. But, at the same time, businesses are hiding the keys under a figurative doormat, and this could compromise all of these safeguards. When an insider or attacker...
itsecuritywire.com
CISA Upgrades Infrastructure Resilience Planning Framework
This week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that the Infrastructure Resilience Planning Framework now includes new tools and guidelines (IRPF). The IRPF (PDF), which was first published in 2021, is designed for state, local, tribal, and territorial (SLTT) organizations that want to incorporate critical infrastructure security...
itsecuritywire.com
Virtual Private Network (VPN) Pitfalls to Consider While Securing Business Networks
VPN is one of the most effective tools that enterprises can leverage in their cybersecurity strategy to enable seamless access for authorized users outside the network premises. However, it exposes businesses to various threats like malware, DDoS attacks, and spooking attacks. VPN is one of the most effective ways to...
itsecuritywire.com
Proofpoint Warns of Abuse of the Nighthawk Hacking Tool
Proofpoint security researchers are alerting the public to the discovery of a commercial red-teaming tool known as Nighthawk, warning that the command-and-control framework is likely to be exploited by threat actors. A recent report from Proofpoint claims that MDSec, a European company that sells adversary simulation and penetration testing tools...
itsecuritywire.com
ExpressVPN announces security of its desktop apps with three new independent audits
Leading consumer privacy and security company ExpressVPN has validated the security posture of all its desktop apps through three new independent audits by respected cybersecurity firms, Cure53 and F-Secure. The three new audits come just weeks after KPMG’s audit of ExpressVPN’s no-logs policy, underlining ExpressVPN’s dedication to third-party privacy and security verifications.
itsecuritywire.com
Public Safety Software Industry Veteran Enters CivicEye
CivicEye, the end-to-end provider of cloud software for law enforcement, prosecutors, judges, and clerks, has named Joshua South as the new Head of Operations. Former Director of Professional Services at Tyler Technologies, Joshua brings over a decade of extensive experience and knowledge in public safety software to CivicEye, where he will drive project management, solution engineering, and support.
itsecuritywire.com
Top Machine Identity Management (MIM) Challenges Businesses Face
Businesses that do not devote time and money to safeguard Machine Identity Management put themselves in serious danger, especially in light of the recent increase in attacks involving machine identities. As business PKI grows and the team is responsible for managing a growing number of keys and certificates, enterprises are...
itsecuritywire.com
Software Improvement Group signs OEM agreement with Siemens Digital Industry Software to deliver fast track to cybersecurity compliance
Software Improvement Group (SIG) today announced it has collaborated with Siemens Digital Industries Software on a new, strategic OEM agreement to address cybersecurity compliance needs. The new OEM agreement allows organizations using the Siemens Xcelerator portfolio of software to manage their cybersecurity compliance through Siemens’ Polarion ALM™ software for application lifecycle management (ALM) and SIG’s software assurance guiding platform, Sigrid® for full portfolio landscape assessment with deep dive insights into security and code quality.
itsecuritywire.com
Pentagon releases zero trust strategy to guide DoD cybersecurity priorities
The Defense Department has officially unveiled a zero trust strategy and roadmap outlining how DoD components should focus their cybersecurity efforts and investments in the years to come in order to reach a “target” level of zero trust maturity over the following five years. The federal zero trust...
itsecuritywire.com
Leaked Algolia API Keys Exposed Millions of Users’ Information
CloudSEK, a threat detection company, has identified thousands of applications that leak Algolia API keys and tens of applications with hardcoded admin secrets, which could allow attackers to steal the data of millions of users. The Algolia API enables businesses to add features like search, discovery, and recommendations to their...
itsecuritywire.com
Microsoft Warns of Boa Web Server Risks After Hackers Target It in Power Grid Attacks
Microsoft is alerting businesses to the dangers posed by the defunct Boa web server following reports that threat actors used the software’s vulnerabilities in an attack on the energy industry. An Indian power grid’s operational assets were being targeted by a Chinese threat group in 2021, according to threat...
itsecuritywire.com
Adversarial AI Attacks Highlight Fundamental Security Issues
Researchers from the Massachusetts Institute of Technology (MIT), the University of California at Berkeley, and FAR AI discovered that a professional-level Go AI could be easily defeated with moves that tricked the machine into believing the game was over. While a professional or novice Go player could be defeated by...
itsecuritywire.com
Hornetsecurity Strengthens APAC and EMEA Growth Through New Distribution Agreements Covering 10+ Countries
Global email security and backup provider, Hornetsecurity, has today announced a major push into several different regions across the world, with the signing of new distributors and partnerships. This further expands Hornetsecurity’s established presence in Europe, the US and LATAM. In the Philippines and Saudi Arabia, the signing of...
