featured Archives - Page 26 of 75 - Cyber Security Minute

Zero Trust VPN Company Tailscale Raises $100 Million

Issued by: Security Week

The investment round was led by CRV and Insight Partners, with participation from existing investors Accel, Heavybit, Uncork Capital, and angel investors. Founded in 2019, the Toronto-based company offers a WireGuard-based private network connectivity solution with zero-config and end-to-end encryption, which integrates with services such as Google Workspace, Microsoft 365, Okta, Caddy Server, Syncthing, and…

Software Security

New attack surface management product takes full-stack aim at sofware supply chain threats

Issued by: CSO

Software supply chains have become a tasty target for adversaries fueled by successful, high-profile attacks on companies like Solarwinds and Kaseya and open-source offerings like Log4j. Now a software applications security company seeks to address the problem with what it’s saying is the first attack surface management (ASM) product to address threats across the application…

Malware & Threats

‘Hack DHS’ Participants Awarded $125,000 for Over 100 Vulnerabilities

Issued by: Security Week

The Hack DHS program was announced in December 2021 and it was launched several years after lawmakers passed a bill to create such a program. In the first phase of Hack DHS, vetted cybersecurity researchers were invited to find vulnerabilities in specific DHS systems. According to the DHS, more than 450 white hat hackers took…

Malware & Threats

New threat groups and malware families emerging

Issued by: Help Net Security

Mandiant announced the findings of an annual report that provides timely data and insights based on frontline investigations and remediations of high-impact cyber attacks worldwide. The 2022 report––which tracks investigation metrics between October 1, 2020 and December 31, 2021—reveals that while significant progress has been made in threat detection and response, adversaries are still innovating…

Malware & Threats

Website Defacement: Petty Cyber Attack…Big Consequences

Issued by: CIO Security

“Prepare for the worst.” The surprising nature of a website defacement attack is what makes it so powerful and scary. A message that might be detected and removed in a few minutes, sometimes hours, can have enormous political cost, and result in reputational damage and a loss of trust that takes time to recover. Of…

Network Security

RBI and the Importance of Integrated Threat Protection

Issued by: CIO Security

It sounds like a nearly perfect cybersecurity solution: Intercept incoming data before it reaches the user’s web browser; isolate it in a secure sandbox; and send only the screen images—or pixels—to the browser. The ephemeral server is fully isolated from the organization’s IT assets and data, and its browser sessions are destroyed when the user…

Malware & Threats

New ‘Enemybot’ DDoS Botnet Targets Routers, Web Servers

Issued by: Security Week

Dubbed Enemybot, the botnet appears to be the work of Keksec, an established cybercrime group that specializes in DDoS attacks and cryptocurrency mining. The malware was built using the source code of the Gafgyt (Bashlite) botnet – which leaked in 2015 – with some modules borrowed from the infamous Mirai botnet, including the scanner module…

Malware & Threats

Shopping with Fraud Protection and Adaptive Artificial Intelligence

Issued by: CIO Security

With the worldwide pandemic, consumer behavior has shifted significantly. There has been substantially less travel — employees haven’t been driving to the office, flying on planes, or taking cruises. Many have gone out less, stopped going to movies, and don’t hang out on Friday night after work. This has caused a major disruption in the…

Vulnerabilities

Vendors Assessing Impact of Spring4Shell Vulnerability

Issued by: Security Week

The developers of Spring, which is owned by VMware and said to be the world’s most popular Java application development framework, announced patches for three vulnerabilities last week. One of them is tracked as CVE-2022-22965, Spring4Shell and SpringShell, and it has been described as a critical remote code execution vulnerability in Spring Framework that can…

Software Security

What can March Madness and 538 teach us about cybersecurity risk?

Issued by: CSO

I love this time of year, with March Madness excitement in the air and my Notre Dame Fighting Irish still in the tournament (as of the writing of this column)! More importantly – yes, more importantly – I love monitoring the 538 March Madness prediction website to see how the chances of winning change through…