Mon.Oct 11, 2021

Introducing Prioritized Security Alerts and Collaboration

Jamf

We released a new Jamf Protect agent today that overhauls the Jamf Protect Alert UI to better match your workflows and help you prioritize your security response efforts

Democratic Lawmakers Urge Agencies to Act on Ransomware

Data Breach Today

Letter to 4 Departments Asserts that Cryptocurrency Is Enabling These Attacks A congressional letter sent to the heads of four federal agencies expressed an urgent need for the Biden administration to continue combating ransomware.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: How SPDX helps reconcile interdependencies of open, proprietary software

The Last Watchdog

Software today is built on a combination of open source and proprietary software packages. Developers can reuse and build on the packages created by others, which results in the rapid creation of new capabilities and technologies. Related: How SBOM factors into DevSecOps. This reuse creates dependencies, all of which don’t necessarily stay updated at the same pace.

FIN12 Ransomware Attacks Aggressively Targeting Healthcare

Data Breach Today

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

Security Affairs

The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack.

More Trending

The European Parliament Voted to Ban Remote Biometric Surveillance

Schneier on Security

It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance.

IT 100

Apple released emergency update to fix zero-day actively exploited

Security Affairs

Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild.

IT 98

Overly Complex IT Infrastructures Pose Security Risk

Dark Reading

Cybersecurity budgets are set to increase in 2022, but companies worry that complex IT networks and data infrastructure are wasting money, new PwC survey finds

Risk 94

How to Permanently Delete Your Facebook Account

WIRED Threat Level

If you've finally hit your breaking point, here's how to say goodbye to Mark Zuckerberg's empire. Security Security / Security Advice

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Handling Threat Intelligence Across Billions of Data Points

Dark Reading

Graph databases can play a role in threat intelligence and unraveling sprawling data

76

Google Sending Security Keys to 10,000 Users at High Risk of Attack

eSecurity Planet

Google is giving out 10,000 free security keys to high-risks users, an announcement that came a day after the company warned 14,000 of its high-profile users that they could be targeted by the notorious Russia-based APT28 hacking group.

Iran-linked DEV-0343 APT target US and Israeli defense technology firms

Security Affairs

DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks.

Applying Behavioral Psychology to Strengthen Your Incident Response Team

Dark Reading

A deep-dive study on the inner workings of incident response teams leads to a framework to apply behavioral psychology principles to CSIRTs

72

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing

Security Affairs

LibreOffice and OpenOffice released security updates to address a vulnerability that can be exploited by an attacker to spoof signed documents.

7 Smart Ways a Security Team Can Win Stakeholder Trust

Dark Reading

By demonstrating the following behaviors, security teams can more effectively move their initiatives forward

Security Service of Ukraine arrested a man operating a huge DDoS botnet

Security Affairs

Ukrainian police arrested a cybercriminal who controlled a botnet composed of 100,000 devices that was available for rent to launch DDoS attacks. Security Service of Ukraine (SSU) has arrested a hacker who controlled a DDoS botnet composed of 100,000 devices that was available for rent.

The 5 Phases of Zero-Trust Adoption

Dark Reading

Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data

64

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Machine learning in cybersecurity

OpenText Information Management

Today’s networked world makes every system an easy target for cyberattacks. Automated tools make it easier for attackers to execute successful attacks and a new threat emerges almost every second. In this environment, it’s hard for cybersecurity to keep up.

Forcepoint to Acquire Bitglass

Dark Reading

Deal will merge Bitglass's security service edge technology with Forcepoint’s SASE architecture

Donot Team targets a Togo prominent activist with Indian-made spyware

Security Affairs

A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs.

ARMA Now Offers Online Testing For IGP Exam!

IG Guru

Bolster your career and build your future path by attaining your IGP Certification.

Risk 57

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Tips for Choosing a Cloud Service

Record Nations

Choosing the right cloud service provider can be a difficult task. There are many factors to consider before moving your businesses data to the cloud. Things like security, cost, and sensitivity of the data can all play a part in making that decision.

Cloud 52

Cyber threats: the hits keep coming

DXC

It’s October and that means it’s Cyber Security Awareness Month once again. Cyber threats continue to evolve and proliferate at increasing speed.

Building a World of Crypto Trust

Thales Cloud Protection & Licensing

Building a World of Crypto Trust. divya. Tue, 10/12/2021 - 06:05. Cryptocurrencies have exploded, drawing businesses and private individuals into an investment frenzy.

Wiz Reaches $6B Valuation

Dark Reading

Startup created by former leaders of Microsoft Cloud Security Group experiencing rapid growth

Cloud 46

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Incident Response: 5 Principles to Boost the Infosec/Legal Relationship

Threatpost

Effective cyber-incident response means working well with legal. Matt Dunn, associate managing director for cyber-risk at Kroll, lays out how to do it. Breach Hacks InfoSec Insider Privacy

Risk 62

IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities

Dark Reading

Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls

Demystifying SOC 2 Type 2 and ISO 27001/ISO 27018 Compliance

HID Global

Demystifying SOC 2 Type 2 and ISO 27001/ISO 27018 Compliance. pjones. Mon, 10/11/2021 - 11:20