Day: November 12, 2021

CWS partners with Fugue to close security gaps with end-to-end policy as code enforcement

CWS has partnered with Fugue to deliver developer-first cloud security for time-sensitive and mission-critical cloud deployments. Using the same policies for infrastructure as code checks and the cloud runtime environment, Fugue’s SaaS platform secures cloud infrastructure at every stage of the software development life cycle. Together, CWS and Fugue are focused on the rapid delivery …

CWS partners with Fugue to close security gaps with end-to-end policy as code enforcement Read More »

Retail giant Costco discloses data breach, payment card data exposed

Costco Wholesale Corporation discloses a data breach, threat actors had access to customers’ payment card information. Retail giant Costco Wholesale Corporation notified its customers of a data breach that might have exposed their payment card information. Data was allegedly exposed while customers were shopping at one of its stores. Costco discovered the security breach after …

Retail giant Costco discloses data breach, payment card data exposed Read More »

Socure raises $450M to strengthen its online identity verification solutions

Socure announced its significantly oversubscribed $450M round at a $4.5B valuation from a number of the world’s best growth equity and public market investors. The company achieved a $4.5B valuation just seven months after its $1.3B Series D, on the back of 500% year-over-year bookings growth and nearly $1B of investment demand, earning Socure the …

Socure raises $450M to strengthen its online identity verification solutions Read More »

Vulnerabilities in Apple Pay, Samsung Pay and Google Pay allow easy unauthorized purchases

During the first day of BlackHat Europe, Positive Technologies researcher Timur Yunusov described a number of vulnerabilities residing in payment services such as Apple Pay, Samsung Pay and Google Pay. According to the expert, the successful exploitation of these flaws would allow threat actors to make unrestricted purchases using the affected accounts. The researcher began …

Vulnerabilities in Apple Pay, Samsung Pay and Google Pay allow easy unauthorized purchases Read More »

Paul Mountford joins Protegrity as CEO

Protegrity announced the appointment of Paul Mountford as the company’s new CEO. Mountford joins Protegrity following a successful 30-year career in the technology industry, having held senior executive positions at companies such as Cisco Systems, where Mountford ran Cisco’s $34 billion Enterprise business, and Riverbed Technology where Mountford was CEO. Most recently, Mountford served as …

Paul Mountford joins Protegrity as CEO Read More »

A multi-stage PowerShell based attack targets Kazakhstan

This blog post was authored by Hossein Jazi. On November 10 we identified a multi-stage PowerShell attack using a document lure impersonating the Kazakh Ministry of Health Care, leading us to believe it targets Kazakhstan. A threat actor under the user name of DangerSklif (perhaps in reference to Moscow’s emergency hospital) created a GitHub account and …

A multi-stage PowerShell based attack targets Kazakhstan Read More »

BT to Deploy ‘Epidemiological AI’ Based on the Spread of Viruses in Humans to Combat Cyberattacks

BT today announced that it has developed an epidemiology-based cybersecurity prototype, “Inflame”, which uses deep reinforcement learning to enable enterprises to automatically detect and respond to cyber-attacks before they compromise a network. Using the spread of viruses in human populations as a model to inform its AI, Inflame is a key component in BT’s recently-announced …

BT to Deploy ‘Epidemiological AI’ Based on the Spread of Viruses in Humans to Combat Cyberattacks Read More »

New Knowledge Pack Released (KP-2021-008-M)

Each Knowledge Pack contains the latest updates from the Dragos Threat Intelligence team, automating the detection of potential malicious activity on an industrial network. They provide regular updates related to protocols, threat intelligence analytics, ICS/OT device data, and investigation playbooks to equip our customers with comprehensive visibility into their environments. Knowledge Pack KP-2021-008-M is an …

New Knowledge Pack Released (KP-2021-008-M) Read More »

Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day

There has been considerable debate within the cybersecurity community about Randori, a security firm that waited one year before disclosing a critical buffer overflow bug it discovered in Palo Alto Networks’ GlobalProtect VPN. The zero-day — which has a severity rating of 9.8 and was first reported by ZDNet — allows for unauthenticated, remote code …

Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day Read More »

HTML Smuggling technique used in phishing and malspam campaigns

Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats. Attackers increasingly use HTML smuggling in phishing and other email campaigns to stealthily deliver threats, but Microsoft Defender Office 365’s detonation technology provides durable …

HTML Smuggling technique used in phishing and malspam campaigns Read More »

Retailers' Cybersecurity Efforts Falling Short, Study Finds

By Allison Grande (November 12, 2021, 9:57 PM EST) — Retailers, restaurants and hospitality businesses have high confidence in the measures they’re taking to detect and prevent data breaches, but the enhanced attention and resources they’re putting into these efforts haven’t been enough to stave off a swell of cyberattacks, new research indicates. Nearly all …

Retailers' Cybersecurity Efforts Falling Short, Study Finds Read More »

Save an extra 15% off training in ethical hacking with this pre-Black Friday sale deal

Develop the necessary skills and use the tools to be an ethical hacker through this 120-hour comprehensive course bundle. Image: BeeBright/Shutterstock According to the 2021 Cybersecurity Impact Report from IronNet, the SolarWinds attack had organizations making an extra effort in improving their network defenses, but those that had taken serious cybersecurity hits had experienced attacks severe …

Save an extra 15% off training in ethical hacking with this pre-Black Friday sale deal Read More »

“King of Fraud” Gets Ten Years

“King of Fraud” Gets Ten Years A Russian cyber-criminal has been sent to prison in the United States for defrauding American companies out of millions of dollars. Aleksandr Zhukov ran a sophisticated digital advertising scam through purported advertising network Media Methane. In June, he was convicted of wire fraud conspiracy, wire fraud, money laundering conspiracy, and money …

“King of Fraud” Gets Ten Years Read More »

EFF to Supreme Court: Warrantless 24-Hour Video Surveillance Outside Homes Violates Fourth Amendment

Washington, D.C.—The Electronic Frontier Foundation (EFF) today urged the Supreme Court today to review and reverse a lower court decision in United States v. Tuggled finding that police didn’t need a warrant to secretly record all activity in front of someone’s home 24 hours a day, for a year and a half. The Fourth Amendment protects …

EFF to Supreme Court: Warrantless 24-Hour Video Surveillance Outside Homes Violates Fourth Amendment Read More »

Security researcher: Flaw in Apple Pay, Samsung Pay and Google Pay makes fraud easy for thieves

Positive Technologies expert describes vulnerability linked to apps used to pay for public transit tickets. Image: iStockphoto/ipopba The balance between hands-free payments and the security standards required to protect those transactions has tipped too far in the wrong direction, according to a security expert.  More about cybersecurity At a session at Black Hat Europe 2021 …

Security researcher: Flaw in Apple Pay, Samsung Pay and Google Pay makes fraud easy for thieves Read More »

Tension in Eastern Europe. A Hong Kong watering hole. US, EU join the Paris Call. Cybermercenaries. CISA’s plans for countering disinformation, and for forming a white-hat hacker advisory group.

Notes on rising international tension in Eastern Europe. A watering-hole campaign in Hong Kong. The US and the EU have joined the Paris Call. NSO Group’s prospective CEO resigns his position before formally assuming it. Void Balaur, a cybermercenary group, is active in the Russophone cyber underground. Johannes Ullrich on leaked vaccination cards and Covid …

Tension in Eastern Europe. A Hong Kong watering hole. US, EU join the Paris Call. Cybermercenaries. CISA’s plans for countering disinformation, and for forming a white-hat hacker advisory group. Read More »

High Court Urged To Review Feds' Surveillance Outside Home

By Christopher Cole (November 12, 2021, 9:15 PM EST) — Privacy groups pressed the U.S. Supreme Court on Friday to review law enforcement’s use of warrantless video surveillance outside a home, saying a Seventh Circuit ruling deepened a split among courts over the practice. The Electronic Frontier Foundation led an amicus group from several organizations …

High Court Urged To Review Feds' Surveillance Outside Home Read More »

GAO says confusion over responsibilities has left schools vulnerable to cyber attacks

Confusion over which government department or agency is responsible for protecting school networks against cyber attacks has left the nation’s K-12 institutions especially vulnerable to ransomware, according to a new report from the Government Accountability Office. After speaking with officials from schools across the country, the GAO said that they found officials were uniformly unclear …

GAO says confusion over responsibilities has left schools vulnerable to cyber attacks Read More »

Trust Part 1: Your Biggest Competitive Differentiator With Customers and Investors

This article recaps the first part of our VP Customer Success, Chief Diversity Officer Sydney Archer’s virtual workshop of the same name at SaaStr Annual 2021.  Business trust incidents are on the rise and increasingly visible to everyone making trust an inescapable issue for companies. TechJury notes that globally, 30,000 websites are hacked daily and …

Trust Part 1: Your Biggest Competitive Differentiator With Customers and Investors Read More »