October 26, 2022

CoinMiner Being Installed on Vulnerable Apache Tomcat Web Server

The ASEC analysis team has recently identified attacks targeting vulnerable Apache Tomcat web server. The Tomcat server that has not been updated to the latest version is one of the major attack vectors that exploit vulnerabilities. In the past, the ASEC blog has also covered attacks targeting Apache Tomcat servers with the vulnerable JBoss version …

CoinMiner Being Installed on Vulnerable Apache Tomcat Web Server Read More »

Federal Tally Reaches 5,000 Health Data Breaches Since 2009

Healthcare , HIPAA/HITECH , Industry Specific More People Affected by Breaches Than Total US Population Marianne Kolbasuk McGee (HealthInfoSec) • October 26, 2022     The federal tally of health data breaches reached a new milestone this week: The healthcare industry has reported more than 5,000 major data privacy and security incidents to the Department …

Federal Tally Reaches 5,000 Health Data Breaches Since 2009 Read More »

Splunk and ExtraHop integration helps SOC analysts streamline their workflow

ExtraHop has unveiled a new integration between Reveal(x), its network detection and response (NDR) platform, and Splunk SOAR. Using the Reveal(x) integration, Splunk SOAR users now have expanded visibility with packet-level insights from IoT to the cloud including unmanaged devices, legacy systems, and all network assets. Users can correlate logs with network intelligence to gain …

Splunk and ExtraHop integration helps SOC analysts streamline their workflow Read More »

InterVision partners with Arctic Wolf to defend organizations against cyberattacks

InterVision has teamed with Arctic Wolf to help proactively protect organizations against today’s cyberattacks. The Arctic Wolf Security Operations Cloud pairs the power, speed, and scale of a cloud-native platform with world-class security operations expertise that provides organizations with comprehensive coverage across the entire security operations framework. InterVision offers comprehensive cybersecurity protection, backed by SLAs. …

InterVision partners with Arctic Wolf to defend organizations against cyberattacks Read More »

5 Methods of Protecting Your Business: Physically and Online

You’ve worked hard to create a profitable business you’re proud of—but are you doing everything you can to protect it? This often overlooked part of running a business could mean the difference between success and failure for many business owners. Think about it, your business is doing well, performing better than expected, but a tornado …

5 Methods of Protecting Your Business: Physically and Online Read More »

Feds accuse Ukrainian of renting out PC-raiding Raccoon malware to fiends

Mark Sokolovsky, 26, a Ukrainian national, is being held in the Netherlands while he awaits extradition to America on cybercrime charges, the US Justice Department said on Tuesday. Sokolovsky, said to have used the online names Photix, Raccoon Stealer, and black21jack77777, was indicted on November 2, 2021 by a federal grand jury for his alleged …

Feds accuse Ukrainian of renting out PC-raiding Raccoon malware to fiends Read More »

Valence Security raises $25 million to help organizations prioritize and respond to SaaS mesh risks

Valence Security is announcing its $25 million Series A round led by Microsoft’s M12 venture fund with participation from seed investor YL Ventures and additional investors including Porsche Ventures, Akamai Technologies, Alumni Ventures and Michael Fey, CEO of Island and former president of Symantec. This new investment round brings Valence’s total funding to $32 million. …

Valence Security raises $25 million to help organizations prioritize and respond to SaaS mesh risks Read More »

Arnica raises $7 million to protect software supply chains without harming developer velocity

Arnica has unveiled the general availability of its product and $7 Million in seed funding. The round was led by Joule Ventures and First Rays Venture Partners, with angel investment from industry leaders including Avi Shua, co-founder & CEO of Orca Security, Dror Davidoff, co-founder & CEO of Aqua Security and Baruch Sadogursky, Head of …

Arnica raises $7 million to protect software supply chains without harming developer velocity Read More »

OpenSSL to fix the second critical flaw ever

The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project …

OpenSSL to fix the second critical flaw ever Read More »

Perygee raises $4.75 million to secure most vulnerable IoT and OT devices

Perygee has closed a $4.75 million seed investment led by Ballistic Ventures. The round also includes investment from cybersecurity angels Ray Rothrock, John Donovan, Ohad Finkelstein, Corey Thomas, and Bryson Bort, as well as BBG Ventures, which backs early-stage startups with female founders. To date, Perygee has raised $6.35 million in funding. Internet of Things …

Perygee raises $4.75 million to secure most vulnerable IoT and OT devices Read More »

Vulnerability in Atlassian Jira Align allows threat actor to access whatever the SaaS client has in their Jira deployment or simply take the entire thing down

Jira Align is a software-as-a-service (SaaS) platform that enables businesses to grow their cloud installations of the wildly popular bug tracking and project management tool Atlassian Jira. A high severity (CVSS 8.8) authorization controls issue was discovered by a Bishop Fox security researcher. It enables users with the ‘people’ permission to raise their privilege, or …

Vulnerability in Atlassian Jira Align allows threat actor to access whatever the SaaS client has in their Jira deployment or simply take the entire thing down Read More »

Texas Justices Probe Defamation, Hyperbole In Abortion Row

By Hannah Albarazi (October 26, 2022, 10:27 PM EDT) — The Texas Supreme Court on Wednesday considered whether to revive a defamation suit against an anti-abortion activist who publicly called abortion-rights groups “criminal organizations,” with one justice expressing concern that not resuscitating the suit could “negate defamation as a tool to address the problem of …

Texas Justices Probe Defamation, Hyperbole In Abortion Row Read More »

DOJ Updates Policy To Limit Obtaining Journalist Records

By Hailey Konnath (October 26, 2022, 10:13 PM EDT) — The U.S. Department of Justice on Wednesday unveiled new guidelines prohibiting prosecutors from using subpoenas, search warrants or court orders to obtain information or records from journalists, except in limited circumstances, according to a memorandum…. Read more

2 important vulnerabilities (XXE & RCE) in VMware Cloud Foundation. Patch immediately

The serious XML External Entity (XXE) and remote code execution (RCE) vulnerabilities in Cloud Foundation have been patched, according to VMware. The first of the issues is a remote code execution vulnerability affecting Cloud Foundation version 3.11 with a CVSS score of 9.8 and classified as CVE-2021-39144. The open-source XStream library has a vulnerability that …

2 important vulnerabilities (XXE & RCE) in VMware Cloud Foundation. Patch immediately Read More »

Oxeye announces Cloud Native Application Security solution at KubeCon

Oxeye will demonstrate its Cloud Native Application Security solution at KubeCon 2022 in Detroit, Michigan, October 24-28. Located at booth SU74, Oxeye will show how the company’s platform combines static analysis with agentless runtime flow tracing and infrastructure analysis to identify exploitable security issues and determine their severity level. With this information, developers and application …

Oxeye announces Cloud Native Application Security solution at KubeCon Read More »

SaaS Risk Report Reveals Exposed Cloud Data is a $28M Risk for Typical Company

Originally published by Varonis. Written by Rachel Hunt, Varonis. Some people love taking risks — swimming with great white sharks, climbing El Capitan without a rope, camping in grizzly bear territory with an open jar of peanut butter, and scariest of all, assuming your SaaS data is secure and protected in the cloud. Did that …

SaaS Risk Report Reveals Exposed Cloud Data is a $28M Risk for Typical Company Read More »

One Step Forward, Two Steps Back: FDA’s Final Guidance on Clinical Decision Software Raises More Questions Than Answers

Recently, the U.S. Food and Drug Administration (FDA) published a suite of guidance documents relating to software, automation, and artificial intelligence. One guidance document in particular, addressing clinical decision support (CDS) software, may signal a tightening in FDA’s oversight on software tools with artificial intelligence and machine learning (AI/ML) that could introduce confusion and frustrate …

One Step Forward, Two Steps Back: FDA’s Final Guidance on Clinical Decision Software Raises More Questions Than Answers Read More »

Shut the front door: Preventing phishing attacks

Security incidents have been at record high levels throughout 2022, with the top threats including data breaches and ransomware, driving financial fraud, and losses from ransom payments.    The numbers are ever rising for known malware attacks. A recent report by UK-based IT Governance identified 112 publicly disclosed security incidents in August 2022 across the United …

Shut the front door: Preventing phishing attacks Read More »

NotPetya Came From State Actor, Not Vandalism, Jury Hears

By Lauraann Wood (October 26, 2022, 9:41 PM EDT) — The 2017 NotPetya malware attack that affected Mondelez International and several other businesses operating in Ukraine was not a simple act of cyber vandalism but instead a “destructive operation” likely carried out by Russia, an Illinois jury heard Wednesday…. Read more

What Lawyers Need to Do to Defend Their Clients and Themselves from Cyber Risk

Originally published by Ericom. Written by Nick Kael, CTO, Ericom. Absolute trust is the essential basis of the relationship between law firms and their clients. Lawyers steer clients through complex and often sensitive personal and business situations, helping them navigate difficult issues to gain and retain the upper hand in disputes. Law firms must zealously …

What Lawyers Need to Do to Defend Their Clients and Themselves from Cyber Risk Read More »

Cybereason Lays Off Another 200 Workers Amid Report of Sale

Endpoint Security Cybereason’s Latest Layoffs Come Less Than 5 Months After Company Cut Staff by 10% Michael Novinson (MichaelNovinson) • October 26, 2022     Cybereason has carried out another round of layoffs, axing 200 workers just days after a report that the endpoint security vendor is pursuing a sale. See Also: Live Webinar | …

Cybereason Lays Off Another 200 Workers Amid Report of Sale Read More »