Flash Is Dead—But Not Gone

WIRED Threat Level

Security Security / Security NewsZombie versions of Adobe’s troubled software can still cause problems in systems around the world.

NEW TECH: Will ‘Secure Access Service Edge’ — SASE — Be the Answer to Secure Connectivity?

The Last Watchdog

Company networks have evolved rather spectacularly in just 20 years along a couple of distinct tracks: connectivity and security. Related: The shared burden of securing the Internet of Things. Security, meanwhile, has morphed into a glut of point solutions that mostly serve to highlight the myriad gaps in an ever-expanding attack surface. It’s called Secure Access Service Edge, or SASE , as coined by research firm Gartner.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hackers Hide Software Skimmer in Social Media Sharing Icons

Security Affairs

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages.

SUPERNOVA, a Backdoor Found While Investigating SolarWinds Hack

Security Affairs

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The post SUPERNOVA, a backdoor found while investigating SolarWinds hack appeared first on Security Affairs.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

A $150 Million Plan to Secure Open-Source Software

Data Breach Today

Areas of Proposed Investments Include SBOMs, Software Supply Chains The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S.

The State of Email Security

Data Breach Today

Thom Bailey of Mimecast on Ransomware, Resilience and Emerging Tech Mimecast has released its latest State of Email Security Report, and it finds that 75% of companies were hurt by ransomware attacks in 2021 - up from 60% in 2020.

The 2022 State of API Security

Data Breach Today

Noname Security's Karl Mattson on Growth of API Usage - and Exploits Noname Security is out with its new API Security Trends Report, and - no surprise - API usage has grown exponentially. Karl Mattson of Noname discusses the report and some new ways of approaching API security

‘Trojan Source’ Bug Threatens the Security of All Code

Krebs on Security

The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. “Such code copying is a significant source of real-world security exploits.”

The Top 5 Security Orchestration Myths

Data Breach Today

Claudio Benavente Discusses the Misconceptions Around SOAR Security orchestration, or SOAR - Security Orchestration, Automation and Response, as it is known to some - is still an area in development, so there are misconceptions about its scope of use and effectiveness for a SOC team.

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Cloud Security: With Challenges Come Solutions

Data Breach Today

With security tools, it’s essential to provide full coverage and full security visibility for the environment. Avi Shua discusses Orca Security's solution to those challenges and how it identifies risk-sensitive data and speeds up the process

Cloud 207

Mosyle Raises $196M to Strengthen Apple Security Platform

Data Breach Today

Mosyle Wants to Expand Beyond MDM and Provide a Holistic Apple Security Platform Mosyle closed a $196 million funding round to expand beyond mobile device management and provide a holistic security platform for Apple devices.

MDM 228

Material Security Raises $100M to Protect Sensitive Content

Data Breach Today

Company Will Extend Its Protection of Sensitive Data at Rest Beyond Email Material Security has closed a $100 million funding round on a $1.1 billion valuation to extend its protection of sensitive content at rest beyond email.

Kaseya Update: Security Measures Implemented

Data Breach Today

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

Gain a Competitive Advantage with Third-Party Security

Data Breach Today

Solving the Specific Problem of Secure Third-Party Access Third parties need to equip themselves with the technology that is mindful of the current third-party risk landscape

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks.

Purpose Built: Securing vSphere Workloads

Data Breach Today

Protecting Servers Is Foundational For Modern Data Center Security. View this OnDemand webinar to learn how VMware Carbon Black is delivering unified workload protection that’s purpose-built for vSphere

Check Point Pursues More Business Outside Network Security

Data Breach Today

New 'Rockets' Aim to Grow the Cloud Security, Email Security and MDR Businesses Check Point is aggressively expanding its salesforce and standing up "rockets" focused on emerging technology areas to land more customer deals outside network security.

Shift Left Security? Development Does Not Want to Own It.

Speaker: Shlomo Bielak, CTO, Benchmark Corp

Shifting security left to the earliest part of development is currently in the spotlight in the developer world. What teams are now discovering is, this approach results in misdirected ownership for developers and a frustrated security team. In the current climate, we cannot afford to let security implementations falter. It's time to manage your team's energies to maximize DevOps efficiency, all the while maintaining top security standards. Join Shlomo Bielak, and learn how to keep your DevSecOps team focused and connected without creating silos.

Experian’s Credit Freeze Security is Still a Joke

Krebs on Security

Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

AWS Log4Shell Patch Has 'Severe Security Issues:' Unit 42

Data Breach Today

Containers Could Exploit the AWS Hot Patch to Take Over Its Underlying Host AWS has fixed "severe security issues" in hot patches it released in December to address the Log4Shell vulnerability in Java applications and containers.

Regulator Announces Border Gateway Protocol Security Review

Data Breach Today

Move Follows Alleged Russian BGP Hijacking to Target Ukrainian Bank Before Invasion Could a fundamental but poorly secured protocol that helps power the internet finally get needed improvements?

Changing Data Quantification in Security Insurance

Data Breach Today

Lynn Peachey, the director of business development at Arete Incident Response, says that insurance companies have made "a pretty quick turnaround in terms of trying to respond to the ransomware epidemic." She discusses the changes they are making, which include leveraging data quantification

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

Mitigating Insider Security Threats in Healthcare

Data Breach Today

HHS HC3 Urges Sector to Assess, Address Insider Cyber Risks While major hacking incidents regularly grab headlines, insider threats - including malicious individuals, careless workers and third-party contractors - continue to pose significant and sometimes underestimated risk to healthcare sector entities, federal authorities warn.

Work from Everywhere, Securely

Data Breach Today

CyberEdBoard Executive Member, Charmaine Valmonte, guest speaks at ISMG Virtual Cybersecurity Summit Asia: Financial Services Volmonte is VP, IT security and IT infrastructure, Aboitiz Group of Companies.

Happy 10th Birthday, Security Affairs

Security Affairs

I launched Security Affairs for passion in 2011 and millions of readers walked with me. Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection.

Synopsys to Buy WhiteHat Security for $330M to Protect Apps

Data Breach Today

WhiteHat Security Excels at Defending Web Applications in Production Environments Synopsys has agreed to buy WhiteHat Security from NTT Security for $330 million to defend web applications in production environments in an automated, scalable fashion.

Your Team's Pragmatic Guide to Security

Speaker: Naresh Soni, CTO, Tsunami XR

The pandemic has led to new data vulnerabilities, and therefore new cybersecurity threats. As technology leaders, it's time to rethink some of your product security strategies. Whether you need to rework your security architecture, improve performance, and/or deal with new threats, this webinar has you covered.

Abnormal Security Raises $210M to Push Beyond Email Defense

Data Breach Today

Abnormal Wants to Apply Its Account Takeover Prevention Technology to New Areas Abnormal Security has closed a $210 million funding round on a $4 billion valuation to apply its account takeover prevention technology to areas other than email.

Securing Your Smartphone

Schneier on Security

This is part 3 of Sean Gallagher’s advice for “securing your digital life.” ” Uncategorized cybersecurity phishing risk assessment security analysis smartphones threat models

OIG: HHS' Info Security Program Still Rated 'Not Effective'

Data Breach Today

Latest FISMA Compliance Audit Finds a Variety of Issues Auditors have once again rated the Department of Health and Human Services' information security program as "not effective," citing several areas of weaknesses, including issues related to risk management, information security continuous monitoring and contingency planning.

Security Affairs newsletter Round 347

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 347 appeared first on Security Affairs.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

The threat actor systematically utilized software distributed by security vendors to sideload ShadowPad and PlugX variants.” The attackers focused on the hijacking of programs belonging to security vendors, including Symantec, TrendMicro, BitDefender, McAfee and Kaspersky.

Security Affairs newsletter Round 350

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 350 appeared first on Security Affairs.

Using an 'Intrinsic Security' Approach

Data Breach Today

Organizations need to build security into their cloud environments to help thwart cyberthreats, says Tom Com of VMware, who describes this "intrinsic security" approach

Cloud 229

Evolution of Endpoint Security

Data Breach Today

This is reality for most enterprises today, and it’s changed the role of endpoint security solutions. Cisco’s Elias Levy on the Leap From EDR to XDR and What It Means Exponentially more devices on the network mean proportionately less visibility.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.