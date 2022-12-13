Read full article on original website
moneytalksnews.com
Don’t Click on Emails With These Subject Lines
A scammer’s best friend is a sense of urgency. If they can get you to do something before rousing suspicion, whether you eventually uncover the scam doesn’t really matter — it’s already too late to stop it. The danger can be in something as simple as...
itsecuritywire.com
FireTail, an API Security Company, Raises USD 5 Million
This week, API security startup FireTail announced that it had raised USD 5 million in an early-stage financing round, which was headed by Paladin Capital Group and included General Advance, Secure Octane, Zscaler, and angel investors. The Mclean, Virginia-based company, which was established in 2021, suggests a novel strategy for...
itsecuritywire.com
Interpres Security Strenghtens Executive Team With Leaders From Devo Technology, the NSA and Mandiant
Interpres Security (Interpres), a company dedicated to helping companies optimize their security performance with a comprehensive new approach to managing the defense surface, today announced the appointment of three top executive hires. The expanded team will help Interpres pursue its mission of helping companies optimize the effectiveness of their current security stack.
itsecuritywire.com
Core Aspects of Digital Immune Systems
Many cybersecurity experts are exploring opportunities to strengthen their cybersecurity posture by ingraining digital immunity into their business operations. Businesses-critical operations are becoming increasingly dependent on technology. This is especially true in hybrid work environments where success is dependent on providing seamless digital experiences across every device, no matter where employees are based. Irrespective of the immense benefits of hybrid work models and large-scale adoption of the cloud, it has also exposed businesses to various threats and risks. There is a tremendous amount of data generated in the cybersecurity field today. Previously enterprises used to operate on very few insights from their data. Enterprises that want to develop a resilient business network need to have a data-driven defense strategy that acts as a digital immune system that enables them to stay secure from various sophisticated threats.
itsecuritywire.com
Implementing the Right Risk Assessment Methodology for the Organization
It is crucial to view risk assessment as a positive exercise that advances the goals of the organization and to translate the level of risk into its implications for reputation, operations, or finances. Adequate information security is built upon the risk assessment methodology, and there are many risk methodologies available...
itsecuritywire.com
New Python-Based Backdoor Intended to Target VMware ESXi Servers
Researchers at the Threat Labs of Juniper Networks have discovered a new Python-based backdoor that targets VMware ESXi virtualization servers. Although the targeted servers were affected by well-known security flaws (like CVE-2019-5544 and CVE-2020-3992) that were probably used for the initial compromise, the researchers were more interested in the backdoor’s ease of use, persistence, and capabilities. To ensure the persistent execution of a Python script at startup, the threat actor modified a total of four files on the target, which the system backs up and restores after a reboot.
itsecuritywire.com
Security Companies Alert Microsoft about Signed Drivers Applied to Kill EDR, AV Processes
Several cybersecurity firms have warned Microsoft that cybercriminals have been utilizing signed malicious drivers to terminate antivirus (AV) and endpoint detection and response (EDR) processes. Microsoft released an advisory to inform users about drivers approved by its Windows Hardware Developer Program being used by threat actors in post-exploitation activity, such...
itsecuritywire.com
Addressing the Security Risks Associated with Cloud Data
Since cloud storage and computing have made it feasible for every company to transform into an AI-backed, intelligent digital company, businesses will never return to their former data and security postures. Businesses need to modify how they use and store critical data in the cloud in a sensible way. Technology...
itsecuritywire.com
Wiz Introduces Free Cloud Framework to Drive Community-Backed Security
Wiz, the leading cloud security platform that rapidly enables customers to find and remove critical cloud risks, today announced its newest project, The PEACH framework, a tenant isolation framework for cloud applications. This framework will enable industry-wide collaboration and provide cloud customers and cloud application developers with the necessary guidance to build cloud services securely and prevent critical risks in the implementation process.
itsecuritywire.com
HackerOne’s Paid Bug Bounties Surpass USD 230 Million
Bug bounty platform HackerOne says that in 2022, ethical hackers found and reported more than 65,000 software flaws. The well-known hacker-powered platform has awarded USD 230 million in bug bounties since its inception. It hosts bug bounty programs for both public and private organizations, including government agencies. Over USD 1...
itsecuritywire.com
NSA Exposes Chinese Hackers Exploiting Zero-Day Citrix Flaw
Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that a Chinese hacking group has already been caught exploiting the vulnerability. Citrix alerted users to CVE-2022-27518, a pre-auth remote code execution bug affecting the Citrix ADC...
itsecuritywire.com
Lacework appoints Niels Provos as Head of Security Efficacy
Lacework®, the data-driven cloud security company, today announced the appointment of Niels Provos as the company’s first Head of Security Efficacy. Provos brings nearly two decades of industry experience in creating healthy engineering teams that build security infrastructure and systems that solve cloud security problems at scale. He puts a particular emphasis on treating security as an engineering problem.
itsecuritywire.com
Critical Challenges of Security Operations Centers (SOCs)
The first layer of protection for the firm is the Security Operations Centers (SOCs) analysts. To protect their company from cyber-attacks, enterprises must properly train their employees and give them the right tools. Cyberattacks is also constantly getting more sophisticated; and the modern CISO is now accepting this reality and...
itsecuritywire.com
CyberData Pros collaborates with Mastercard’s RiskRecon to launch global cybersecurity protection for businesses around the world
Cybersecurity experts, CyberData Pros, collaborate with RiskRecon, a Mastercard Company, to provide threat prevention services for clients worldwide. Specializing in data security, compliance, consulting and due diligence, CDP analysts provide solution-oriented awareness and implementation routes to improve and eliminate security risks for clients. RiskRecon is a SaaS platform that analyzes...
itsecuritywire.com
Google Launches Vulnerability Scanner for Open Source Developers
This week, Google unveiled OSV-Scanner, a free scanner that open-source programmers can use to get information on vulnerabilities that are pertinent to their projects. Software projects are more susceptible to supply chain attacks and the exploitation of undiscovered vulnerabilities due to their numerous dependencies. Google last year launched an open source vulnerability database and is now offering a front-end for that database in the form of the OSV-Scanner in an effort to increase the ecosystem’s security by assisting the community in classifying vulnerabilities in open source software.
itsecuritywire.com
Siemens Fixes 80 OpenSSL and OpenSSH Switch Flaws in ICS Patch Tuesday
With their December 2022 Patch Tuesday updates, industrial behemoths Siemens and Schneider Electric have fixed more than 140 vulnerabilities. Significantly more advisories and vulnerabilities were patched by Siemens. The business specifically published 20 new advisories that addressed about 140 security holes. Although Microsoft stated on Tuesday that it is taking...
