Solution
March 6, 2025
Open-Source Tool ‘Rayhunter’ Helps Users Detect Stingray Attacks Full Text
Abstract
The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays.Bleeping Computer
February 18, 2025
Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls Full Text
Abstract
The new in-call anti-scammer protections include preventing Android users from turning on settings to install apps from unknown sources and granting access to the Accessibility Services.The Hacker News
February 6, 2025
BadDNS: Open-source tool checks for subdomain takeovers Full Text
Abstract
BadDNS is an open-source Python tool used to check domain and subdomain takeovers. By examining client-side resources and security headers, it can uncover risks that could lead to malicious code being injected if a trusted domain is compromised.HelpNet Security
November 13, 2024
Apple’s 45-Day Certificate Proposal: A Call to Action Full Text
Abstract
Apple has proposed a significant change to shorten the lifespan of TLS certificates from 398 days to just 45 days by 2027, with plans to put this proposal to a vote among Certification Authority Browser Forum (CA/B Forum) members soon.Help Net Security
November 7, 2024
Osmedeus: Open-Source Workflow Engine for Offensive Security Full Text
Abstract
Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists.Help Net Security
October 8, 2024
Google Pixel 9 Supports New Security Features To Mitigate Baseband Attacks Full Text
Abstract
The Pixel 9 series now includes defenses like Bounds Sanitizer, Integer Overflow Sanitizer, Stack Canaries, Control Flow Integrity (CFI), and Auto-Initialize Stack Variables to enhance security.Security Affairs
October 8, 2024
MaLDAPtive: Open-Source Framework for LDAP SearchFilter Parsing, Obfuscation, and More Full Text
Abstract
MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. The project features a custom C# LDAP parser for tokenization and syntax tree parsing.Help Net Security
September 23, 2024
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging Full Text
Abstract
The GSM Association is working on implementing end-to-end encryption for Rich Communications Services (RCS) messaging between Android and iOS. This important step aims to enhance user protection and secure messages across platforms.The Hacker News
September 19, 2024
Snowflake Moves to MFA, 14-Character Passwords Full Text
Abstract
Snowflake, a cloud-based data warehousing platform, has implemented default multifactor authentication and a minimum 14-character password requirement following cyberattacks in June affecting multiple customers.Bank Infosecurity
September 12, 2024
DockerSpy: Search for Images on Docker Hub, Extract Sensitive Information Full Text
Abstract
Created to combat data leaks within publicly available Docker images, DockerSpy automates the process of scanning for secrets to enhance security and compliance. Its scanning engine can identify various secret types and provides detailed analysis.Help Net Security
September 12, 2024
Kali Linux 2024.3 Released: 11 New Tools, Qualcomm Snapdragon SDM845 SoC Support Full Text
Abstract
Kali Linux 2024. 3 has been released with 11 new tools and added support for Qualcomm Snapdragon SDM845 SoC devices. This release emphasizes behind-the-scenes updates and optimization.Help Net Security
September 2, 2024
Sinon: Open-Source Automatic Generative Burn-in for Windows Deception Hosts Full Text
Abstract
Sinon is an open-source tool designed to automate the burn-in process of Windows-based deception hosts. It simplifies the orchestration of deception hosts at scale by incorporating generative capabilities to introduce diversity and randomness.Help Net Security
August 13, 2024
Scout Suite: Open-Source Cloud Security Auditing Tool Full Text
Abstract
Scout Suite is an open-source cloud security auditing tool that assesses security in multi-cloud environments. By using cloud vendors' APIs, it gathers configuration data to identify risks efficiently.Help Net Security
August 2, 2024
Google Chrome Adds App-Bound Encryption to Block Infostealer Malware Full Text
Abstract
Google Chrome has implemented app-bound encryption to enhance cookie protection on Windows and defend against infostealer malware. This new feature encrypts data tied to app identity, similar to macOS's Keychain, to prevent unauthorized access.Bleeping Computer
August 1, 2024
Innovative Approach Promises Faster Bug Fixes Full Text
Abstract
Birgit Hofer and Thomas Hirsch from TU Graz have developed a new approach to speed up software bug fixes. By identifying bottlenecks in fault localization, they created a scalable solution using NLP and metrics to analyze code for faults.Help Net Security
July 17, 2024
Firmware Update Hides Bluetooth Fingerprints Full Text
Abstract
A team of researchers from the University of California San Diego has developed a firmware update to hide a smartphone's unique Bluetooth fingerprint, which can be used to track the user.Help Net Security
July 16, 2024
Realm: Open-Source Adversary Emulation Framework Full Text
Abstract
Realm is an open-source adversary emulation framework focused on scalability, reliability, and automation. It features a custom interpreter in Rust, enabling the creation of complex TTPs as code.Cyware
July 11, 2024
BunkerWeb: Open-Source Web Application Firewall (WAF) Full Text
Abstract
The genesis of BunkerWeb came from the need to apply security practices manually every time a web application was put online. The solution meets global needs with a modular architecture allowing for extensions.Help Net Security
July 10, 2024 – Phishing
Regional Transport Office Themed Phishing Campaign Targets Android Users In India Full Text
Abstract
Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named "VAHAN PARIVAHAN.apk".Cyble As CISOs Grapple with the C-Suite, Job Satisfaction Takes a Hit Full Text
Abstract
Research shows that 75% of CISOs are considering a job change due to various challenges and pressures. CISOs often face accountability for cyber incidents and compliance failures, leading to discontent.Cybersecurity Dive
July 9, 2024
Update: Network Segmentation Hobbled Midnight Blizzard’s Attack on TeamViewer Full Text
Abstract
The company revealed that their corporate IT network, production environment, and TeamViewer connectivity platform are segmented to prevent unauthorized access. Immediate remediation measures were effective in blocking suspicious activity.Help Net Security
July 3, 2024
Secator: Open-Source Pentesting Swiss Army Knife Full Text
Abstract
Secator is an open-source task and workflow runner designed for security assessments to streamline the use of various security tools for pen testers and security researchers.Help Net Security
June 26, 2024
Zeek: Open-Source Network Traffic Analysis, Security Monitoring Full Text
Abstract
Zeek is an open-source network analysis framework. Unlike an active security device such as a firewall, Zeek operates on a versatile ‘sensor’ that can be a hardware, software, virtual, or cloud platform.Help Net Security
June 24, 2024
Google’s Zero-Day Hunters Test AI for Security Research Full Text
Abstract
Google's Project Zero team of zero-day hunters believes that artificial intelligence (AI) can enhance automated threat identification and analysis by detecting vulnerabilities that are often missed by current tools.Bank Info Security
June 21, 2024
Cilium: Open-source eBPF-based networking, security, observability Full Text
Abstract
Cilium has features like distributed load balancing, advanced ingress and egress gateways, bandwidth management, and comprehensive network and security monitoring. It is available for free on GitHub.Help Net Security
June 19, 2024
SELKS: Open-Source Suricata IDS/IPS, Network Security Monitoring, Threat Hunting Full Text
Abstract
SELKS is an open-source solution for network security monitoring, threat hunting, and intrusion detection and protection. SELKS utilizes the Suricata engine to generate all its data, making it a preferred choice for network security practitioners.Help Net Security
June 17, 2024
Ghidra: Open-Source Software Reverse Engineering Framework Full Text
Abstract
The Ghidra software reverse engineering (SRE) framework features high-end software analysis tools, enabling users to analyze compiled code across various platforms, including Windows, macOS, and Linux.Help Net Security
June 15, 2024
AWS Adds Passkeys Support, Warns Root Users Must Enable MFA Full Text
Abstract
Amazon Web Services (AWS) has introduced FIDO2 passkeys for multi-factor authentication (MFA) to improve security and usability. These passkeys can be physical or software-based and use public key cryptography for authentication.Bleeping Computer
June 11, 2024
Radare: Open-Source Reverse Engineering Framework Full Text
Abstract
Radare started as a simple command-line hexadecimal editor but has evolved to become a versatile tool for various tasks such as debugging, disassembling, and exploring different architectures.Help Net Security
June 10, 2024
Windows Recall Will be Opt-in and the Data More Secure, Microsoft Says Full Text
Abstract
Microsoft has now made the feature optional, meaning it will be off by default unless users choose to enable it. Additionally, the search index database, which holds the content from the screenshots, will be encrypted.Help Net Security
May 30, 2024
RansomLord: Open-Source Anti-Ransomware Exploit Tool Full Text
Abstract
RansomLord is an open-source tool designed to create PE files that exploit ransomware pre-encryption vulnerabilities. Developed by hyp3rlinx, the tool leverages DLL hijacking tactics and deploys exploits to defend against ransomware.Help Net Security
May 27, 2024 – Government
EU Wants Universities to Work with Intelligence Agencies to Protect Their Research Full Text
Abstract
Europe’s leading research universities should work more closely with the continent’s intelligence agencies to help secure their research from being stolen by hostile states, EU member states recommended this week.The Record
May 27, 2024
Fail2Ban: Ban hosts that cause multiple authentication errors Full Text
Abstract
Fail2Ban is an open-source tool that monitors log files and blocks IP addresses that exhibit repeated failed login attempts. It does this by updating firewall rules to reject new connections from those IP addresses for a configurable amount of time.Help Net Security
May 22, 2024
Authelia: Open-Source Authentication and Authorization Server Full Text
Abstract
Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests.Help Net Security
May 17, 2024
OWASP Dep-Scan: Open-Source Security and Risk Audit Tool Full Text
Abstract
OWASP dep-scan is an open-source security and risk assessment tool that analyzes project dependencies to identify vulnerabilities, licensing issues, and potential risks like dependency confusion attacks.Help Net Security
May 16, 2024
Android to Add New Anti-Theft and Data Protection Features Full Text
Abstract
Google is adding new anti-theft and data protection features for Android, including AI-powered screen locks, remote locking, and improved factory reset protection to secure users' data if devices are lost or stolen.Bleeping Computer
May 16, 2024
Apple and Google Join Forces to Stop Unwanted Tracking Full Text
Abstract
Apple and Google have joined forces to develop an industry specification that will allow users across iOS and Android to be alerted if a Bluetooth tracking device is being used to unknowingly track their location.MalwareBytes
May 13, 2024
Nmap 7.95 Released With New OS and Service Detection Signatures Full Text
Abstract
Nmap 7.95 introduces a substantial update with 336 new signatures, expanding the total to 6,036. Notable additions include support for the latest iOS versions 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2.Help Net Security
May 9, 2024
Security Tools Fail to Translate Risks for Executives Full Text
Abstract
CISOs stress the importance of DevSecOps automation to mitigate risks associated with AI and emphasize the need for modernized security tools to combat evolving cyber threats and comply with regulations.Help Net Security
May 3, 2024
reNgine: Open-Source Automated Reconnaissance Framework for Web Applications Full Text
Abstract
Developed to address limitations in existing tools, reNgine is beneficial for bug bounty hunters, penetration testers, and corporate security teams by automating and enhancing their information collection processes.Help Net Security
April 30, 2024
Microsoft Releases New-Open Source Tool for OT Security Full Text
Abstract
Microsoft has released a new open-source security tool to close gaps in threat analysis for industrial control systems and help address increased nation-state attacks on critical infrastructure.Bank Info Security
April 29, 2024
LSA Whisperer: Open-source tools for interacting with authentication packages Full Text
Abstract
The tool allows users to directly recover multiple types of credentials from the LSASS without accessing its memory. This includes recovering Kerberos tickets, SSO cookies, DPAPI credential keys, and NTLMv1 responses.Help Net Security
April 25, 2024
Google Meet opens client-side encrypted calls to non Google users Full Text
Abstract
Google announced it is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls.Bleeping Computer
April 18, 2024
US Government and OpenSSF Partner on New SBOM Management Tool Full Text
Abstract
Protobom, the new open source software tool, will help all organizations read and generate SBOMs and file data, as well as translate this data across standard industry SBOM formats.Infosecurity Magazine
April 16, 2024
Microsoft will Limit Exchange Online Bulk Emails to Fight Spam Full Text
Abstract
"Exchange Online enforces a Recipient Rate limit of 10,000 recipients. The 2,000 ERR limit will become a sub-limit within this 10,000 Recipient Rate limit," the Exchange Team said on Monday.Bleeping Computer
April 12, 2024
Apple Boosts Spyware Alerts For Mercenary Attacks Full Text
Abstract
Apple has updated its documentation related to its warning system for mercenary spyware threats, now specifying that it alerts users when they may have been individually targeted by such attacks.Cyware
April 12, 2024
How Exposure Management Elevates Cyber Resilience Full Text
Abstract
Attackers are adept at identifying and exploiting the most cost-effective methods of compromise, highlighting the critical need for organizations to implement asset identification and understand assets’ security posture in relation to the network.Cyware
April 11, 2024
New Google Workspace Feature Prevents Sensitive Security Changes if Two Admins Don’t Approve Them Full Text
Abstract
If the feature is enabled, certain sensitive admin actions can be taken only if approved by an admin who did not initiate them and thus, in theory, preventing accidental or unauthorized changes made by either malicious insiders or outsidersHelp Net Security
March 20, 2024
Lynis: Open-Source Security Auditing Tool Full Text
Abstract
Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Its main objective is to evaluate security measures and recommend enhancing system hardening.Help Net Security
March 15, 2024
MobSF: Open-Source Security Research Platform for Mobile Apps Full Text
Abstract
The Mobile Security Framework (MobSF) offers both static analysis for mobile app binaries and dynamic analysis for Android and iOS applications, streamlining security assessments.Help Net Security
March 14, 2024
BSAM: Open-Source Methodology for Bluetooth Security Assessment Full Text
Abstract
To aid manufacturers, researchers, developers, and cybersecurity professionals, the methodology includes resources for assessing the security of Bluetooth communications and will publish proofs of concept and scripts on GitHub.Help Net Security
March 8, 2024
Tazama: Open-Source Real-Time Fraud Management Full Text
Abstract
Tazama is an open-source platform that offers scalable and cost-effective solutions for fraud management in digital payment systems, aiming to democratize access to advanced financial monitoring tools.Cyware
March 7, 2024
RiskInDroid Performs Open-Source Risk Analysis of Android Apps Full Text
Abstract
RiskInDroid is an open-source tool for analyzing the risk level of Android applications using machine learning. Unlike other tools, RiskInDroid conducts reverse engineering on apps to extract permissions and assess their usage in the bytecode.Cyware
February 26, 2024
Microsoft Releases PyRIT - A Red Teaming Tool for Generative AI Full Text
Abstract
The tool can be used to assess the robustness of large language model (LLM) endpoints against various harm categories, such as fabrication, misuse, prohibited content, security harms, and privacy harms.Cyware
February 20, 2024
Google Open Sources Magika: AI-Powered File Identification Tool Full Text
Abstract
Magika outperforms conventional methods and is used to enhance user safety in Gmail, Drive, and Safe Browsing. Google emphasizes the use of AI to strengthen digital security and shift the balance in favor of defenders in cybersecurity.Cyware
February 19, 2024
New Google Chrome Feature Blocks Attacks Against Home Networks Full Text
Abstract
Google is testing a new feature called "Private Network Access protections" in Chrome 123 to prevent malicious websites from attacking devices and services on a user's private network.Cyware
February 19, 2024
Gmail & Yahoo DMARC Rollout: When Cyber Compliance Gives a Competitive Edge Full Text
Abstract
DMARC compliance offers businesses a competitive advantage through improved email deliverability and enhanced security posture, leading to better engagement rates and revenue growth.Cyware
February 14, 2024
Financial Institutions Embrace Cyber Fusion Centers for Unified Approach to Evolving Risks Full Text
Abstract
Cyber Fusion Centers (CFCs) enable threat intelligence operationalization, information sharing, and automation of threat response, providing a unified and efficient approach to cybersecurity in the financial sector.Cyware
February 14, 2024
Global Malicious Activity Targeting Elections is Skyrocketing Full Text
Abstract
According to Resecurity, malicious cyber-activity has increased by 100% between 2023 and early 2024, with threat actors aiming to acquire and exploit voter data for potential propaganda campaigns and electoral interference.Cyware
February 13, 2024
SiCat: Open-Source Exploit Finder Full Text
Abstract
The tool has key features such as an easy-to-understand code structure, reporting/output system in HTML and JSON formats, and the ability to run via Nmap scan results in XML format.Cyware
February 13, 2024
Protecting Against AI-Enhanced Email Threats Full Text
Abstract
Combining traditional email security measures with AI-based solutions and empowering cybersecurity personnel with AI skills is crucial for organizations to defend against evolving cyber threats.Cyware
February 09, 2024
Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA Full Text
Abstract
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security work without clear prioritization - and miss a significant portion of the attack surface altogether. The primary issue arises from the detection and prioritization methods used by traditional Static Code Analysis (SCA) tools for vulnerabilities. These methods lack the organizational-specific context needed to make an informed scoring decision: the score, even if critical, might not actually be critical for an organization because its infrastructure works in a unique way - affecting the actual impact the vulnerability might have. In other words, since these tools depend on a relatively naive methodolThe Hacker News
February 08, 2024
Unified Identity – look for the meaning behind the hype! Full Text
Abstract
If you've listened to software vendors in the identity space lately, you will have noticed that "unified" has quickly become the buzzword that everyone is adopting to describe their portfolio. And this is great! Unified identity has some amazing benefits! However (there is always a however, right?) not every "unified" "identity" "security" "platform" is made equal. Some vendors call the combination of workforce IDaaS and customer IDaaS a unified identity solution, while others offer a glorified 2FA service – unified only in the mind of their marketers. Your landscape matters! So forget for a moment what the vendors claim, and think back to your organization and your identity security landscape. Consider this new definition: "unified" is what has the ability to consolidate your identity challenges with a complete identity solution. Here's an example: you're responsible for the identity infrastructure of a large hospital. Frontline workers, administrative employees, aThe Hacker News
February 7, 2024
Google Open Sources AI-Boosted Fuzzing Framework Full Text
Abstract
The framework has successfully identified vulnerabilities in C/C++ projects, including two in cJSON and libplist, which might have remained undiscovered without the use of large language models.Cyware
February 05, 2024
Combined Security Practices Changing the Game for Risk Management Full Text
Abstract
A significant challenge within cyber security at present is that there are a lot of risk management platforms available in the market, but only some deal with cyber risks in a very good way. The majority will shout alerts at the customer as and when they become apparent and cause great stress in the process. The issue being that by using a reactive, rather than proactive approach, many risks just sit there, dormant, until an emergency happens. 'Dealing with SOC Operations for more than a decade, I have seen nearly 60 percent of SOC Incidents are repeat findings that keep re-surfacing due to underlying unmitigated Risks. Here the actors may be different, however the risk is mostly the same. This is causing significant alert fatigue.' – Deodatta Wandhekar, Head of Global SOC, SecurityHQ. Combining Frameworks and Best Practices These risks can be prevented. A platform that combines the best practices of multiple frameworks is the solution to tackle this issue. What is NIST?The Hacker News
February 05, 2024
Hands-On Review: SASE-based XDR from Cato Networks Full Text
Abstract
Companies are engaged in a seemingly endless cat-and-mouse game when it comes to cybersecurity and cyber threats. As organizations put up one defensive block after another, malicious actors kick their game up a notch to get around those blocks. Part of the challenge is to coordinate the defensive abilities of disparate security tools, even as organizations have limited resources and a dearth of skilled cybersecurity experts. XDR, or Extended Detection and Response, addresses this challenge. XDR platforms correlate indicators from across security domains to detect threats and then provide the tools to remediate incidents. While XDR has many benefits, legacy approaches have been hampered by the lack of good-quality data. You might end up having a very good view of a threat from events generated by your EPP/EDR system but lack events about the network perspective (or vice versa). XDR products will import data from third-party sensors, but data comes in different formats. The XDR platfThe Hacker News
February 1, 2024
Does CVSS 4.0 Solve the Exploitability Problem? Full Text
Abstract
The new system introduces changes such as splitting attack complexity into two parameters and categorizing user interaction into three levels, offering a more nuanced and comprehensive assessment of vulnerabilities.Cyware
January 26, 2024
Perfecting the Defense-in-Depth Strategy with Automation Full Text
Abstract
Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and active security controls. However, the evolving cyber threat landscape can challenge even the most fortified defenses. Despite the widespread adoption of the Defense-in-Depth strategy, cyber threats persist. Fortunately, the Defense-in-Depth strategy can be augmented using Breach and Attack Simulation (BAS), an automated tool that assesses and improves every security control in each layer. Defense-in-Depth: False Sense of Security with Layers Also known as multi-layered defense, the defense-in-depth strategy has been widely adopted by organizations since the early 2000s. It's based on the assumption that aThe Hacker News
January 25, 2024
Apple Debuts New Feature to Frustrate iPhone Thieves Full Text
Abstract
A new iOS 17 update brings Stolen Device Protection feature to prevent unauthorized access and actions on stolen iPhones. Thieves will have limited access to sensitive information and actions, requiring additional authentication for critical changes.Cyware
January 24, 2024
What is Nudge Security and How Does it Work? Full Text
Abstract
In today's highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world's first and only solution to address SaaS security and governance at scale by working with employees—not against them. Unlike legacy solutions that attempt to block employees' access to unsanctioned SaaS applications, Nudge Security helps IT and security leaders adapt and align to the needs of the business. The platform orchestrates SaaS administration without sacrificing visibility, centralized governance, or control over the organization's cloud and SaaS security posture. How Nudge Security works Nudge Security discovers all SaaS accounts ever created by anyone in your organization within minutes of starting a freeThe Hacker News
January 23, 2024
New Method To Safeguard Against Mobile Account Takeovers Full Text
Abstract
The method involves modeling how account access changes as devices, SIM cards, or apps are disconnected from the account ecosystem, providing insights into complex hacking attacks.Cyware
January 17, 2024
Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation Full Text
Abstract
Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage. SaaS applications seem to be multiplying by the day, and so does their integration of AI capabilities. According to Wing Security, a SaaS security company that researched over 320 companies, a staggering 83.2% use GenAI applications. While this statistic might not come as a surprise, the research showed that 99.7% of organizations use SaaS applications that leverage AI capabilities to deliver their services. This usage of GenAI in SaaS applications that are not 'pure' AI often goes unnoticed by security teams and users alike. 70% of the most popular GenAI applications may use your data to train their models, and in many cases it's completely up to you to configure it differentlyThe Hacker News
January 17, 2024
Adalanche: Open-Source Active Directory ACL Visualizer, Explorer Full Text
Abstract
The tool offers a visual attack graph representation of Active Directory in the browser, along with the ability to collect data from Windows machines and perform in-depth analysis.Cyware
January 16, 2024
Tsurugi Linux Tailors User Experience for Digital Forensics and OSINT Investigations Full Text
Abstract
Tsurugi Linux offers a user-friendly interface with a logical sequence of forensic analysis tools, including support for live forensics, post-mortem analysis, digital evidence acquisition, malware analysis, OSINT, and computer vision activities.Cyware
January 13, 2024
Purple Teaming and the Role of Threat Categorization Full Text
Abstract
Purple team assessments, where red and blue teams collaborate, can provide a more comprehensive approach to security assessments, but they need to evolve to account for the multitude of attack technique variants.Cyware
January 12, 2024
Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO Full Text
Abstract
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a necessity. In this context, Mike Tyson's famous adage, "Everyone has a plan until they get punched in the face," lends itself to our arena - cyber defenses must be battle-tested to stand a chance. Tyson's words capture the paradox of readiness in cybersecurity: too often, untested cyber defenses can create a false sense of security, leading to dire consequences when real threats land a blow. This is where Breach and Attack Simulation (BAS), a proactive tool in any organization's cybersecurity arsenal, comes into play. When Cybersecurity Meets the Punch - The Assumption Problem Assumptions are the hidden icebergs in cybersecurity's vast ocean. Although we might believThe Hacker News
January 03, 2024
5 Ways to Reduce SaaS Security Risks Full Text
Abstract
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised identities, including cloud and SaaS credentials. Given this reality, IT security leaders need practical and effective SaaS security solutions designed to discover and manage their expanding SaaS footprint. Here are 5 key ways Nudge Security can help. Close the visibility gap Knowing the full scope of SaaS apps in use is the foundation of a modern IT governance program. Without an understanding of your entire SaaS footprint, you cannot say with confidence where your corporate IP is stored (Did someone sync their desktop to Dropbox?), you cannot make assumptions about your customer data (Did sThe Hacker News
January 02, 2024
The Definitive Enterprise Browser Buyer’s Guide Full Text
Abstract
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore, more and more security teams are now turning to the emerging category of purpose-built enterprise browsers as the answer to the browser's security challenges. However, as this security solution category is still relatively new, there is not yet an established set of browser security best practices, nor common evaluation criteria. LayerX, the User-First Enterprise Browser Extension, is addressing security teams' need with the downable Enterprise Browser Buyer's Guide , which guides its readers through the essentials of choosing the best solution and provides them with an actionableThe Hacker News
December 21, 2023
Subdominator: Open-Source Tool for Detecting Subdomain Takeovers Full Text
Abstract
Subdominator is a highly accurate and fast open-source tool for identifying subdomain takeovers, offering significant improvements over existing tools in terms of fingerprint accuracy and count, nested DNS support, and alternate DNS record matching.Cyware
December 20, 2023
Product Explained: Memcyco’s Real-Time Defense Against Website Spoofing Full Text
Abstract
Hands-On Review: Memcyco's Threat Intelligence Solution Website impersonation, also known as brandjacking or website spoofing, has emerged as a significant threat to online businesses. Malicious actors clone legitimate websites to trick customers, leading to financial scams and data theft causing reputation damage and financial losses for both organizations and customers. The Growing Threat of Website Impersonation and Brandjacking Research shows a new phishing site is created every 11 seconds in 2023. Typically, even though the company is a victim of spoofing, the customer holds them responsible for the data breach. Current market solutions rely on threat intelligence tools that search for fake sites and attempt takedowns. However, takedown processes can be time-consuming, leaving fake sites active and the scope of attacks remains unknown during the critical window of exposure, the time between when the fake site is up and until it is down. Bad actor researches a business to tThe Hacker News
December 14, 2023
ThreatNG Open-Source Datasets Aim to Improve Cybersecurity Practices Full Text
Abstract
The ThreatNG Governance and Compliance Dataset is an open-source initiative that aims to provide access to critical cybersecurity data, promoting transparency and collaboration.Cyware
December 13, 2023
Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities Full Text
Abstract
Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer ( UBSan ), a tool designed to catch various kinds of undefined behavior during program execution. "They are architecture agnostic, suitable for bare-metal deployment, and should be enabled in existing C/C++ code bases to mitigate unknown vulnerabilities," Ivan Lozano and Roger Piqueras Jover said in a Tuesday post. The development comes months after the tech giant said it's working with ecosystem partners to increase the security of firmware that interacts with Android, thereby making it difficult for threat actors to achieve remote code execution within the Wi-Fi SoC or the cellular baseband. IntSan and BoundSan are two of the compiThe Hacker News
December 13, 2023
How to Analyze Malware’s Network Traffic in A Sandbox Full Text
Abstract
Malware analysis encompasses a broad range of activities, including examining the malware's network traffic. To be effective at it, it's crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you'll need to address them. Decrypting HTTPS traffic Hypertext Transfer Protocol Secure (HTTPS), the protocol for secure online communication, has become a tool for malware to conceal their malicious activities. By cloaking data exchange between infected devices and command-and-control (C&C) servers, malware can operate undetected, exfiltrating sensitive data, installing additional payloads, and receiving instructions from the operators. Yet, with the right tool, decrypting HTTPS traffic is an easy task. For this purpose, we can use a man-in-the-middle (MITM) proxy. The MITM proxy works as an intermediary between the client and the server, intercepting their communication. The MITM proxy aids analyThe Hacker News
November 30, 2023
Google Unveils RETVec - Gmail’s New Defense Against Spam and Malicious Emails Full Text
Abstract
Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in Gmail. "RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more," according to the project's description on GitHub. "The RETVec model is trained on top of a novel character encoder which can encode all UTF-8 characters and words efficiently." While huge platforms like Gmail and YouTube rely on text classification models to spot phishing attacks, inappropriate comments, and scams, threat actors are known to devise counter-strategies to bypass these defense measures. They have been observed resorting to adversarial text manipulations, which range from the use of homoglyphs to keyword stuffing to invisible characters. RETVec , which works on over 100 languages oThe Hacker News
November 30, 2023
This Free Solution Provides Essential Third-Party Risk Management for SaaS Full Text
Abstract
Wing Security recently announced that basic third-party risk assessment is now available as a free product . But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and what companies should do to ensure a proper SaaS-TPRM process is in place. In this article we will share 5 tips to manage the third-party risks associated with SaaS, but first... What exactly is Third-Party Risk Management in SaaS? SaaS is rapidly growing, offering businesses convenience, swift implementations, and valuable opportunities. However, this growth introduces a security challenge where risks arise from the interconnected nature of SaaS supply chains. It is clear that before onboarding a new contractor or vendor, we need due diligence, security checks, and referrals. However, we now understand that in the SaaS domain, applications are, in fact, the go-to vendor of choice. Let's explain: Any employee can very easily connect SaaS vendors to company data, granting them peThe Hacker News
November 29, 2023
Discover Why Proactive Web Security Outsmarts Traditional Antivirus Solutions Full Text
Abstract
In a rapidly evolving digital landscape, it's crucial to reevaluate how we secure web environments. Traditional antivirus-approach solutions have their merits, but they're reactive. A new report delves into the reasons for embracing proactive web security solutions, ensuring you stay ahead of emerging threats. To learn more, download the full report here . The New Paradigm If you've been relying on the old-style antivirus-based approach to website security up to now, then we could summarize why you need to update to the more proactive approach simply by saying — prevention is always preferable to cure. That's the overarching rationale for adopting a proactive web security solution, but let's break it down into a few more detailed reasons for updating to the newer and more effective proactive approach. To be clear, we're not denying that an antivirus-approach solution is ideal for detecting and responding to threats, but there's no escaping the fact that it's limitedThe Hacker News
November 28, 2023
Transform Your Data Security Posture – Learn from SoFi’s DSPM Success Full Text
Abstract
As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches. Sentra's DSPM (Data Security Posture Management) emerges as a comprehensive solution, offering continuous discovery and accurate classification of sensitive data in the cloud. This informative webinar, " Securing Sensitive Data Starts with Discovery and Classification: SoFi's DSPM Story " unveils the success story of SoFi, a pioneering cloud-native financial services provider, and its journey with Sentra's DSPM. It explores the challenges and triumphs in securing cloud data and a roadmap to implementing effective DSPM strategies in your organization. Expert Panel: Aviv Zisso: As Director of Customer Success at Sentra, Aviv brings deep insights into data security needs and solutions. Pritam H Mungse: SoFi's Director of Product Security, PrThe Hacker News
November 20, 2023
Product Walkthrough: Silverfort’s Unified Identity Protection Platform Full Text
Abstract
In this article, we will provide a brief overview of Silverfort's platform, the first (and currently only) unified identity protection platform on the market. Silverfort's patented technology aims to protect organizations from identity-based attacks by integrating with existing identity and access management solutions, such as AD (Active Directory) and cloud-based services, and extending secure access controls like Risk-Based Authentication and MFA (Multi-Factor Authentication) to all their resources. This includes on-prem and cloud resources, legacy systems, command-line tools and service accounts. A recent report by Silverfort and Osterman Research revealed that 83% of organizations worldwide have experienced data breaches due to compromised credentials . Many organizations admit that they are underprotected against identity-based attacks, such as lateral movement and ransomware. Resources like command-line access tools and legacy systems, which are widely used, are particularThe Hacker News
November 14, 2023
CI/CD Risks: Protecting Your Software Development Pipelines Full Text
Abstract
Have you heard about Dependabot? If not, just ask any developer around you, and they'll likely rave about how it has revolutionized the tedious task of checking and updating outdated dependencies in software projects. Dependabot not only takes care of the checks for you, but also provides suggestions for modifications that can be approved with just a single click. Although Dependabot is limited to GitHub-hosted projects, it has set a new standard for continuous providers to offer similar capabilities. This automation of "administrative" tasks has become a norm, enabling developers to integrate and deploy their work faster than ever before. Continuous integration and deployment workflows have become the cornerstone of software engineering, propelling the DevOps movement to the forefront of the industry. But a recent advisory by security firm Checkmarx sheds light on a concerning incident. Malicious actors have recently attempted to exploit the trust associated with DThe Hacker News
November 09, 2023
When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules Full Text
Abstract
While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution that solves for auto-email forwarding as well. While Wing's shadow IT solution is offered as a free tool that can be onboarded and used as a self-service, users willing to upgrade will be able to enjoy the company's new Gmail and Outlook integrations, which broaden the company's discovery capabilities and extend their data security features. The risks of email auto-forwarding rules Auto-forwarding emails is a great way to save time on repetitive tasks and are therefore very popular among employees who regularly collaborate and share information with external business partners.The Hacker News
November 04, 2023
Google Play Store Introduces ‘Independent Security Review’ Badge for Apps Full Text
Abstract
Google is rolling out an "Independent security review" badge in the Play Store's Data safety section for Android apps that have undergone a Mobile Application Security Assessment ( MASA ) audit. "We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle," Nataliya Stanetsky of the Android Security and Privacy Team said . MASA allows developers to have their apps independently validated against a global security standard such as the Mobile Application Security Verification Standard ( MASVS ), thereby providing more transparency and enabling users to make informed choices prior to downloading them. The efforts are part of Google's broader push to make the Data safety section a one-stop shop that presents a "unified view of app safety," offering details about the kind of data that's being collected, for what purpose, and if it's being shared with third-parties.The Hacker News
November 02, 2023
SaaS Security is Now Accessible and Affordable to All Full Text
Abstract
This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique "freemium" model Securing employees' SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches and technologies, leading to unnecessary confusion and complexity. Enter Wing Security's new " Essential SSPM " (SaaS Security Posture Management) tool, which aims to simplify the process of securing SaaS usage across the organization. Its business approach is simple: self-onboard, try the product, and if impressed, upgrade to unlock more vital security capabilities. What's essential SaaS security? According to Wing, three basic yet fundamental capabilities are necessary for organizations aiming to secure their SaaS: discovery, assessment, and control. These align with regulatory security standards such as ISO 27001 and SOC, which emphasize vendoThe Hacker News
November 01, 2023
Hands on Review: LayerX’s Enterprise Browser Security Extension Full Text
Abstract
The browser has become the main work interface in modern enterprises. It's where employees create and interact with data, and how they access organizational and external SaaS and web apps. As a result, the browser is extensively targeted by adversaries. They seek to steal the data it stores and use it for malicious access to organizational SaaS apps or the hosting machine. Additionally, unintentional data leakage via the browser has become a critical concern for organizations as well. However, traditional endpoint, network, and data protection solutions fail to protect this critical resource against advanced web-borne attacks that continuously rise in sophistication and volume. This gap leaves organizations exposed to phishing attacks, malicious browser extensions, data exposure, and data loss. This is the challenge LayerX is attempting to solve. LayerX has developed a secure enterprise browser extension that can be mounted on any browser. The LayerX extension delivers comprehenThe Hacker News
October 31, 2023
PentestPad: Platform for Pentest Teams Full Text
Abstract
In the ever-evolving cybersecurity landscape, the game-changers are those who adapt and innovate swiftly. Pen test solutions not only supercharge productivity but also provide a crucial layer of objectivity, ensuring efficiency and exceptional accuracy. The synergy between a skilled penetration tester and the precision of pen testing solutions are crucial for staying on top of today's high demand of security audits and daily rise of vulnerabilities and exploits. How PentestPad Helps Pentest Teams PentestPad is revolutionizing the way pentest teams operate, offering a comprehensive platform that enhances collaboration, and speeds up the process. From automated report generation to real-time collaboration and integrations with leading tools, PentestPad empowers teams to work efficiently, deliver high-quality results, and exceed client expectations. With customizable templates and a user-friendly interface, it's the ultimate solution for pentest teams looking to elevate their pThe Hacker News
October 31, 2023
Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws Full Text
Abstract
Meta on Monday announced plans to offer an ad-free option to access Facebook and Instagram for users in the European Union (EU), European Economic Area (EEA), and Switzerland to comply with "evolving" data protection regulations in the region. The ad-free subscription, which costs €9.99/month on the web or €12.99/month on iOS and Android, is expected to be officially available starting next month. The company's proposal for a subscription version of its service was first reported by The Wall Street Journal earlier this month. "In November, we will be offering people who use Facebook or Instagram and reside in these regions the choice to continue using these personalized services for free with ads, or subscribe to stop seeing ads," the company said . "While people are subscribed, their information will not be used for ads." While the fee covers all linked accounts for a user, beginning March 1, 2024, the company plans to levy an additional feeThe Hacker News
October 19, 2023
Google Play Protect Introduces Real-Time Code-Level Scanning for Android Malware Full Text
Abstract
Google has announced an update to its Play Protect with support for real-time scanning at the code level to tackle novel malicious apps prior to downloading and installing them on Android devices. "Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats," the tech giant said . Google Play Protect is a built-in, free threat detection service that scans Android devices for any potentially harmful apps downloaded from the Play Store as well as other external sources. In extreme cases, an app may be blocked from being installed. The check expands on previous existing protections that alerted users when it identified an app known to be malicious from existing scanning intelligence or was identified as suspicious from heuristics gathered via on-device machine learning. With the latest safeguards, important signals from the app are extracted and sent to the Play Protect backend infrThe Hacker News
October 14, 2023
Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication Full Text
Abstract
Microsoft has announced that it plans to eliminate NT LAN Manager ( NTLM ) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center ( KDC ) for Kerberos." IAKerb enables clients to authenticate with Kerberos across a diverse range of network topologies. The second feature, a local Key Distribution Center (KDC) for Kerberos, extends Kerberos support to local accounts. First introduced in the 1990s, NTLM is a suite of security protocols intended to provide authentication, integrity, and confidentiality to users. It is a single sign-on (SSO) tool that relies on a challenge-response protocol that provesThe Hacker News
October 06, 2023
New OS Tool Tells You Who Has Access to What Data Full Text
Abstract
Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential to safeguard an organization's assets, maintain customer trust, and meet regulatory requirements. A comprehensive Data Security Platform is essential for full visibility and control of sensitive data. One example is Satori's Universal Data Permissions Scanner (UDPS), an open-source authorization analysis tool. UDPS , available on GitHub, enables universal visibility into data access permissions across various data stores. With this tool, it's easier to identify who has the potential to access sensitive data, which can help organizations take a proactive approach to enhancing their security posture, streamline compliance, and ensure well-governed data access. Understanding the Need for UThe Hacker News
October 06, 2023
GitHub’s Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack Full Text
Abstract
GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by secret scanning are active, thereby allowing for effective remediation measures. It was first enabled for GitHub tokens. The cloud-based code hosting and version control service said it intends to support more tokens in the future. To toggle the setting, enterprise or organization owners and repository administrators can head to Settings > Code security and analysis > Secret scanning and check the option "Automatically verify if a secret is valid by sending it to the relevant partner." Earlier this year, GitHub also expanded secret scanning alerts for all public repositories and announced the availability of push protection to help developers and maintainers prThe Hacker News
October 04, 2023
Wing Disrupts the Market by Introducing Affordable SaaS Security Full Text
Abstract
Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be launched for $1,500 a year . If the name Wing Security (Wing) rings a bell, it is probably because earlier this year, they made waves by offering SaaS shadow IT discovery completely for free . Today, Wing is once again aiming to disrupt the SaaS security market by offering a new tier that the company claims to be 'The essential SaaS security level that every company should achieve.' The new product tier focuses on SaaS shadow IT discovery, automated vendor risk assessments, and the ability to easily perform user access reviews on dozens of critical business applications. Wing also provides the ability to generate compliance-ready access reports that customers can then send to their auditor. The cThe Hacker News
October 03, 2023
Protecting your IT infrastructure with Security Configuration Assessment (SCA) Full Text
Abstract
Security Configuration Assessment (SCA) is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain unauthorized access to systems and data. Regular security configuration assessments are essential in maintaining a secure and compliant environment, as this minimizes the risk of cyber attacks. The assessment provides insight into your current security posture by performing configuration baseline checks on services and applications running on critical systems. How SCA works SCA is performed by checking the configurations of your IT assets against known benchmarks such as the Center for Internet Security (CIS) benchmark and compliance standards such as NIST, GDPR, and HIPPA. Regulatory standards provide a global benchmark for best practices to help organizations enhance their IT hygiene and improve customer trust. The CIS benchmark provides a guideline for best practices for security cThe Hacker News
September 26, 2023
Microsoft is Rolling out Support for Passkeys in Windows 11 Full Text
Abstract
Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step. Based on FIDO standards , Passkeys were first announced in May 2022 as a replacement for passwords in a manner that's both strong and phishing-resistant. It has since been adopted by Apple , Google , and a number of other services in recent months. While the tech giant added passkey management in the Windows Insider program back in June 2023, the development marks the feature's general availability. "Passkeys are the cross-platform future of secure sign-in management," David Weston, vice president of enterprise and OS Security, said . "A passkey creates a unique, unguessable cryptographic credential that is securely storedThe Hacker News
September 21, 2023
The Rise of the Malicious App Full Text
Abstract
Security teams are familiar with threats emanating from third-party applications that employees add to improve their productivity. These apps are inherently designed to deliver functionality to users by connecting to a "hub" app, such as Salesforce, Google Workspace, or Microsoft 365. Security concerns center on the permission scopes that are granted to the third party apps, and the potential for a threat actor to take over the core apps and abuse those permissions. There's no real concern that the app, on its own, will start deleting files or sharing data. As such, SaaS Security Posture Management (SSPM) solutions are able to identify integrated third party applications and present their permission scopes. The security team then makes a risk assessment, balancing the benefits the app offers with its permission scopes before deciding whether to keep or decouple the applications. However, threat actors have changed the playing field with the introduction of malicious apps. These applThe Hacker News
September 15, 2023
The Interdependence between Automated Threat Intelligence Collection and Humans Full Text
Abstract
The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018 . Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017 . In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023. The MOVEit attack has claimed over 600 victims so far and that number is still rising. To people working in cybersecurity today, the value of automated threat intelligence is probably pretty obvious. The rising numbers specified above, combined with the lack of cybersecurity professionals availabl e, mean automation is a clear solution. When threat intelligence operations can be automated, threats can be identified and responded to, and with less effort on the part of engineers. However, a mistake that organizations sometimes make is assuming that once they've automated threat intelligence workflows, humans are out of the picture. They conflate automationThe Hacker News
September 13, 2023
Webinar: Identity Threat Detection & Response (ITDR) – Rips in Your Identity Fabric Full Text
Abstract
In today's digital age, SaaS applications have become the backbone of modern businesses. They streamline operations, enhance productivity, and foster innovation. But with great power comes great responsibility. As organizations integrate more SaaS applications into their workflows, they inadvertently open the door to a new era of security threats. The stakes? Your invaluable data and the trust of your stakeholders. Historically, SaaS security was about managing misconfigurations. But the landscape has evolved. Now, it's not just about securing the software; it's about safeguarding the very essence of digital identity. Identity is the new endpoint . If you're not focusing on securing user identity, you're leaving a gaping hole in your security strategy. Traditional threat detection and identity management methods? They're just the tip of the iceberg. To truly fortify your SaaS ecosystem, you need to delve deeper. Enter Maor Bin, the visionary CEO of AdaptiveThe Hacker News
September 11, 2023
Google Chrome Rolls Out Support for ‘Privacy Sandbox’ to Bid Farewell to Tracking Cookies Full Text
Abstract
Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans . "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said . "Without viable privacy-preserving alternatives to third-party cookies, such as the Privacy Sandbox, we risk reducing access to information for all users, and incentivizing invasive tactics such as fingerprinting." To that end, the search giant is initially leaving nearly three percent of users unaffected by the change in order to conduct sufficient tests. General availability is expected to encompass all users in the coming months. Privacy Sandbox is Google's umbrella term for a set of technologies that aim to eliminate third-party tracking cookies on the web and replace themThe Hacker News
September 1, 2023 – Breach
Data Breach Could Affect More Than 100,000 in Pima County Full Text
Abstract
More than 100,000 Pima County residents could be affected by a nationwide data breach that affected the company that handled COVID-19 case investigations and contact tracing here, officials say.Cyware
August 30, 2023
GitHub Enterprise Server Gets New Security Capabilities Full Text
Abstract
Now, teams using GitHub Actions can also create their own custom deployment protection rules, to ensure that only “the deployments that pass all quality, security, and manual approval requirements make it to production,” GitHub explained.Cyware
August 28, 2023
Microsoft will enable Exchange Extended Protection by default this fall Full Text
Abstract
Microsoft announced today that Windows Extended Protection will be enabled by default on servers running Exchange Server 2019 starting this fall after installing the 2023 H2 Cumulative Update (CU14).BleepingComputer
August 23, 2023
Meta Set to Enable Default End-to-End Encryption on Messenger by Year End Full Text
Abstract
Meta has once again reaffirmed its plans to roll out support for end-to-end encryption ( E2EE ) by default for one-to-one friends and family chats on Messenger by the end of the year. As part of that effort, the social media giant said it's upgrading "millions more people's chats" effective August 22, 2023, exactly seven months after it started gradually expanding the feature to more users in January 2023. The changes are part of CEO Mark Zuckerberg's "privacy-focused vision for social networking" that was announced in 2019, although it has since encountered significant technical challenges, causing it to delay its plans by a year. "Like many messaging services, Messenger and Instagram DMs were originally designed to function via servers," Timothy Buck, product manager for Messenger, said . "Meta's servers act as the gateway between the message sender and receiver, what we call the clients." However, the addition of anThe Hacker News
August 21, 2023
How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes Full Text
Abstract
From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you're seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving away unintended access to corporate environments. In one of the highest-profile examples , Pawn Storm's attacks against the Democratic National Convention and others leveraged OAuth to target victims through social engineering. Security and IT teams would be wise to establish a practice of reviewing new and existing OAuth grants programmatically to catch risky activity or overly-permissive scopes. And, there are new solutions for SaaS security cropping up that can make this process easier. Let's take a look at some best practices for prioritizing and investigating your organization's grantsThe Hacker News
August 20, 2023
Cybersecurity: CASB vs SASE Full Text
Abstract
Understanding cybersecurity aspects addressed by Cloud Access Security Broker (CASB) and Secure Access Service Edge (SASE) In an increasingly digital world, where businesses rely on cloud services and remote access, cybersecurity has become paramount....Security Affairs
August 18, 2023
Google Chrome’s New Feature Alerts Users About Auto-Removal of Malicious Extensions Full Text
Abstract
Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked as malware. The tech giant said it intends to highlight such extensions under a "Safety check" category in the "Privacy and security" section of the browser settings page. "When a user clicks 'Review,' they will be taken to their extensions and given the choice to either remove the extension or hide the warning if they wish to keep the extension installed," Oliver Dunk, a developer relations engineer for Chrome extensions, said . "As in previous versions of Chrome, extensions marked as malware are automatically disabled." The development comes as the cThe Hacker News
August 16, 2023
Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security Full Text
Abstract
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network security solutions. According to a new guide , this is a hit and a miss. Network solutions, the guide claims, just don't cover all SaaS and browsing requirements. Meanwhile, Google offers a wide range of native security functionalities built-in to Chrome. These functionalities enable the organization to leverage the browser for consolidating security, simplifying operations and reducing costs. If you're wary about trusting Chrome with your security, then the guide is recommended to read. In great detail, it explains which security features Chrome offers users. These include: Forcing users to sign into Chrome, to ensure theThe Hacker News
August 09, 2023
Continuous Security Validation with Penetration Testing as a Service (PTaaS) Full Text
Abstract
Validate security continuously across your full stack with Pen Testing as a Service. In today's modern security operations center (SOC), it's a battle between the defenders and the cybercriminals. Both are using tools and expertise – however, the cybercriminals have the element of surprise on their side, and a host of tactics, techniques, and procedures (TTPs) that have evolved. These external threat actors have now been further emboldened in the era of AI with open-source tools like ChatGPT. With the potential of an attack leading to a breach within minutes, CISOs now are looking to prepare all systems and assets for cyber resilience and rapid response when needed. With tools and capabilities to validate security continuously – including penetration testing as a service – DevSecOps teams can remediate critical vulnerabilities fast due to the easy access to tactical support to the teams that need it the most. This gives the SOC and DevOps teams tools to that remove false poThe Hacker News
August 09, 2023
New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks Full Text
Abstract
Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks in their managed device fleet. The search giant said it's introducing a second user setting to turn off support, at the model level, for null-ciphered cellular connections . "The Android Security Model assumes that all networks are hostile to keep users safe from network packet injection, tampering, or eavesdropping on user traffic," Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle said . "Android does not rely on link-layer encryption to address this threat model. Instead, Android establishes that all network traffic should be end-to-end encrypted (E2EE)." 2G networks, in particular, employ weak encryption and lack mutual authentication, rendering them susceptible to over-the-air interception and traffic decryption attacks by impersonating a real 2G tower. The threat posed by rogue cellular base stations means thThe Hacker News
August 9, 2023
Android 14 Introduces First-Of-Its-Kind Cellular Connectivity Security Features Full Text
Abstract
Android 14 introduces new security measures to mitigate the risks associated with 2G networks, allowing users and enterprises to disable 2G connectivity and protect against potential attacks.Cyware
August 07, 2023
Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM Full Text
Abstract
In today's interconnected world, evolving security solutions to meet growing demand is more critical than ever. Collaboration across multiple solutions for intelligence gathering and information sharing is indispensable. The idea of multiple-source intelligence gathering stems from the concept that threats are rarely isolated. Hence, their detection and prevention require a comprehensive understanding of the broader landscape. A comprehensive and robust security framework should be established by aggregating resources, knowledge, and expertise from various sources. This collaborative effort allows for the analysis of diverse data sets, the identification of emerging patterns, and the timely dissemination of crucial information. In this article, we discuss a versatile security platform that can operate in two distinct roles within a security ecosystem. This platform can function as a subscriber, actively collecting and aggregating security data from various endpoints and other soThe Hacker News
August 7, 2023
Multi-Modal Data Protection With AI’s Help Full Text
Abstract
Multi-modal monitoring through AI enables the identification of both data and conversation types, enhancing the ability to detect and prevent data leakage or any unauthorized activities.Cyware
August 05, 2023
MDR: Empowering Organizations with Enhanced Security Full Text
Abstract
Managed Detection and Response (MDR) has emerged as a crucial solution for organizations looking to bolster their security measures. MDR allows businesses to outsource the management of Endpoint Detection and Response (EDR) products deployed across their network domain. With real-time threat-hunting capabilities, MDR services detect and mitigate malicious activities on individual endpoints while promptly alerting the service provider's Security Operations Center (SOC) for further investigation. By leveraging the expertise of security specialists, MDR services relieve organizations of the complexities and criticality associated with security operations. Types of MDR Solutions: MDR services come in various forms, tailored to an organization's technology environment and risk requirements. These include: Bring-Your-Own Security Stack / Hybrid Solution: MDR solutions that integrate with existing security products deployed within an environment. Full Vendor-Supplied MDR StaThe Hacker News
August 03, 2023
A Penetration Testing Buyer’s Guide for IT Security Teams Full Text
Abstract
The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result in severe financial and reputational damage. According to Cybersecurity Ventures , the cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025. There is also increasing public and regulatory scrutiny over data protection. Compliance regulations (such as PCI DSS and ISO 27001), as well as the need for a better understanding of your cybersecurity risks, are driving the need to conduct regular penetration tests. Pen testing helps to identify security flaws in your IT infrastructure before threat actors can detect and exploit them. This gives you visibility into the risks posed by potential attacks and enables you to take swift corrective action to address them. Here, we outline key factors to consider before, during, and post the penetration testing process. Pre-PenetratiThe Hacker News
July 31, 2023
Ztna can be More Than a VPN Replacement for Application Access Full Text
Abstract
Zero Trust Network Access (ZTNA) should leverage contextual information, implement continuous authentication mechanisms, and be application-aware to make access decisions and reduce the risk of unauthorized access.Cyware
July 29, 2023
RFP Template for Browser Security Full Text
Abstract
Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop "The Definitive Browser Security RFP Template . " This resource helps streamline the process of evaluating and procuring browser security platforms. It provides organizations with a standardized approach to enhance their security posture by protecting the key employee workspace - the browser. The Importance of a Standardized RFP Template The RFP (Request for Proposal) template offers numerous advantages for organizations seeking robust browser security solutions. By promoting standardization, the RFP template ensures a consistent structure and format for proposals, saving time and effort for both the procurement team and vendors. Moreover, it facilitates clear and specific instructions to vendors, resulting in higher-qualitThe Hacker News
July 29, 2023
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse Full Text
Abstract
Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. "This will help ensure that apps only use these APIs for their intended purpose," the company said in a statement. "As part of this process, you'll need to select one or more approved reasons that accurately reflect how your app uses the API, and your app can only use the API for the reasons you've selected." The APIs that require reasons for use relate to the following - File timestamp APIs System boot time APIs Disk space APIs Active keyboard APIs, and User defaults APIs The iPhone maker said it's making the move to ensure that such APIs are not abused by app developers to collect device signals to carry out fingerprinting , which could be employed to uniquely identify users across different aThe Hacker News
July 24, 2023
Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol Full Text
Abstract
Google has announced that it intends to add support for Message Layer Security ( MLS ) to its Messages service for Android and open source implementation of the specification. "Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform," Giles Hogben, privacy engineering director at Google, said . "This is why Google is strongly supportive of regulatory efforts that require interoperability for large end-to-end messaging platforms." The development comes as the Internet Engineering Task Force (IETF) released the core specification of the Messaging Layer Security (MLS) protocol as a Request for Comments ( RFC 9420 ). Some of the other major companies that have thrown their weight behind the protocol are Amazon Web Services (AWS) Wickr, Cisco, Cloudflare, The Matrix.org Foundation, Mozilla, Phoenix R&D, and Wire. Notably missing fromThe Hacker News
July 20, 2023
Microsoft Set to Expand Access to Detailed Logs in the Wake of Chinese Hacking Operation Full Text
Abstract
Microsoft said in a blog post on Wednesday that it will include “access to wider cloud security logs for our worldwide customers at no additional cost” starting in September and that it would increase default log retention from 90 to 180 days.Cyware
July 17, 2023
These 6 Questions Will Help You Choose the Best Attack Surface Management Platform Full Text
Abstract
The hype around different security categories can make it difficult to discern features and capabilities from bias when researching new platforms. You want to advance your security measures, but what steps actually make sense for your business? For anyone ready to find an attack surface management (ASM) vendor , review these six questions before getting started to understand the key features to look for in an ASM platform and the qualities of the vendor who supports it. Refer to these as your quick guide for interviewing vendors to walk away with the most suitable ASM platform for your needs. Checklist: 6 Questions to Ask Attack Surface Management Vendors Does your platform have the capability to discover the unknown? How do you prevent alert fatigue, prioritize alerts and remove false positives? Can you track attack surface changes over time? How do you plan to evolve the platform going forward? What services related to ASM do you offer? Can we demo or test run the plThe Hacker News
July 10, 2023
New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security Full Text
Abstract
Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains . "We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns," the company said in its Release Notes for Firefox 115.0 released last week. The company said the openness afforded by the add-on ecosystem could be exploited by malicious actors to their advantage. "This feature allows us to prevent attacks by malicious actors targeting specific domains when we have reason to believe there may be malicious add-ons we have not yet discovered," Mozilla said in a separate support document. Users are expected to have more control over the setting for each add-on, starting with Firefox version 116. That said, it can be disabled by loading "about:config" in the address bar and setting "extensions.quarantineThe Hacker News
July 10, 2023
Honeywell Boosting OT Cybersecurity Offering With Acquisition of SCADAfence Full Text
Abstract
Honeywell has agreed to acquire SCADAfence for an undisclosed amount and plans on integrating its solutions into the company’s Forge Cybersecurity+ suite. The deal is expected to close in the second half of the year.Cyware
July 10, 2023
Streamlining security operations with automated incident response Full Text
Abstract
Automated incident response solutions help reduce the mean time to respond to incidents, address known security threats, and also minimize alert fatigue. Learn more about these solutions from Wazuh, the open source XDR/SIEM platform.BleepingComputer
July 07, 2023
Close Security Gaps with Continuous Threat Exposure Management Full Text
Abstract
CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and networks. They are hindered by a lack of open-source intelligence and powerful technology required for proactive, continuous, and effective discovery and protection of their systems, data, and assets. As advanced threat actors constantly search for easily exploitable vulnerabilities around the clock, CISOs are in pursuit of improved methods to reduce threat exposures and safeguard their assets, users, and data from relentless cyber-attacks and the severe consequences of breaches. In response to this need, an emerging solution addressing the most critical priorities at the initial stage of the attack chain has provided security leaders with a new tool to manage their most pressing threat exposures at their origin. Leading analyst firm Gartner Research describes the solution: "By 2026, organizations prioritizing their security investments basedThe Hacker News
July 03, 2023
Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam Full Text
Abstract
Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and reviews. You likely understand how this can damage your website's reputation, affect search results, overload your web server, and divert your focus from website development. Website owners and webmasters need a solution to this problem. When selecting an anti-spam solution, the following requirements should be taken into account: The solution must operate automatically, eliminating the need for manual spam checks. It should provide a quick and efficient method of accuracy control. It must be universal, protecting all website forms simultaneously. It should be easy and straightforward to install and set up. It should not require any extra steps from your visitors, ensuring they doThe Hacker News
June 30, 2023
WhatsApp Upgrades Proxy Feature Against Internet Shutdowns Full Text
Abstract
Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were first reported by BBC Persian. Some of the other improvements include streamlined steps to simplify the setup process as well as the introduction of shareable links to "share functioning/valid proxy addresses to their contacts for easy and automatic installation." Support for proxy servers was officially launched by the messaging service earlier this January , thereby helping users circumvent government-imposed censorship and internet shutdowns and obtain indirect access to WhatsApp. The company has also made available a reference implementation for setting up a proxy server with ports 80, 443 or 5222 available and domain name that points to the server's IP address. &The Hacker News
June 29, 2023
The Right Way to Enhance CTI with AI (Hint: It’s the Data) Full Text
Abstract
Cyber threat intelligence is an effective weapon in the ongoing battle to protect digital assets and infrastructure - especially when combined with AI. But AI is only as good as the data feeding it. Access to unique, underground sources is key. Threat Intelligence offers tremendous value to people and companies. At the same time, its ability to address organizations' cybersecurity needs and the benefits it offers vary by company, industry, and other factors. A common challenge with cyber threat intelligence (CTI) is that the data it produces can be vast and overwhelming, creating confusion and inefficiencies among security teams' threat exposure management efforts. Additionally, organizations have different levels of security maturity, which can make access to and understanding of CTI data difficult. Enter generative AI. Many cybersecurity companies – and more specifically, threat intelligence companies – are bringing generative AI to market to simplify threat intelligence aThe Hacker News
June 28, 2023
Microsoft Sysmon now detects when executables files are created Full Text
Abstract
Microsoft has released Sysmon 15, converting it into a protected process and adding the new 'FileExecutableDetected' option to log when executable files are created.BleepingComputer
June 28, 2023
Brave Browser boosts privacy with new local resources restrictions Full Text
Abstract
The Brave team has announced that the privacy-centric browser will soon introduce new restriction controls allowing users to specify how long sites can access local network resources.BleepingComputer
June 27, 2023
Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation Full Text
Abstract
As the business environment becomes increasingly connected, organizations' attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan coverage, among others. Given attack surface sprawl and evolving threats, many organizations are embracing attack surface management (ASM) tools to discover and address critical exposures. Asset discovery is an important capability to have, and one that's helping to drive the adoption of attack surface management tools and services. That said, asset discovery is only one aspect of effective attack surface management. Making the attack surface as impenetrable as possible takes offensive security that goes far beyond the discovery phase. Why Asset Discovery Isn't Enough Given the complexity and ever-expanding scale of the digital infrastructure at most companies, cataloging all the knownThe Hacker News
June 23, 2023
A New Kill Chain Approach to Disrupting Online Threats Full Text
Abstract
The defender community has learned a great deal since the 2016 U.S. election, but it still needs to find a common language.Lawfare
June 20, 2023
SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish Full Text
Abstract
The Quick Serve Restaurant (QSR) industry is built on consistency and shared resources. National chains like McDonald's and regional ones like Cracker Barrel grow faster by reusing the same business model, decor, and menu, with little change from one location to the next. QSR technology stacks mirror the consistency of the front end of each store. Despite each franchise being independently owned and operated, they share subscriptions to SaaS applications, or use multiple tenants of the same application. Each app is typically segmented by store. Corporate IT and Security has access to the entire database, while each franchise has visibility into its own data. These SaaS apps cover everything from CRMs to supply chains to marketing and HR. The data within is used to understand consumer habits, improve marketing campaigns, and manage employees. Like every other industry, QSR SaaS apps contain a wealth of data that needs to be secured. At the same time, we're seeing food chaThe Hacker News
June 20, 2023
Tackling Data Sovereignty with DDR Full Text
Abstract
Data-centric distributed resilience (DDR) offers a compelling approach to addressing data sovereignty in cybersecurity. As much of our modern life relies upon the cloud, the question of data protection is front of mind for many organizations. Those...Security Affairs
June 19, 2023
Introducing AI-guided Remediation for IaC Security / KICS Full Text
Abstract
While the use of Infrastructure as Code (IaC) has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to define and manage their infrastructure using machine-readable configuration files, which are typically version-controlled and treated as code. IaC misconfigurations are mistakes, or oversights, in the configuration of infrastructure resources and environments that happen when using IaC tools and frameworks. Discover the power of a comprehensive AppSec platform. Download this new whitepaper to discover how to effortlessly integrate application security into every stage of the software development life cycle. Learn about the role of integration and automation, the 7 requirements for choosing an AppSec platform, and how Checkmarx One™ simplifies security. Misconfigurations in IaC caThe Hacker News
June 01, 2023
How Wazuh Improves IT Hygiene for Cyber Security Resilience Full Text
Abstract
IT hygiene is a security best practice that ensures that digital assets in an organization's environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility into the activities occurring in an environment. As technology advances and the tools used by cybercriminals and cybersecurity professionals evolve, the strategies used to carry out cyber attacks differ based on their complexity and uniqueness. Threat actors continuously target organizations practicing poor IT hygiene to exploit known security weaknesses and human error. Security administrators can defend against cyberattacks by implementing good IT hygiene practices like whitelisting programs, keeping systems up to date, and more. Gaining complete visibility into the IT assets is fundamental to developing an effective security strategy. The emergence of shadow IT, like rogue assets, sThe Hacker News
May 30, 2023
PyPI enforces 2FA authentication to prevent maintainers’ account takeover Full Text
Abstract
PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers...Security Affairs
May 29, 2023
PyPI Implements Mandatory Two-Factor Authentication for Project Owners Full Text
Abstract
The Python Package Index (PyPI) announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication ( 2FA ) by the end of the year. "Between now and the end of the year, PyPI will begin gating access to certain site functionality based on 2FA usage," PyPI administrator Donald Stufft said. "In addition, we may begin selecting certain users or projects for early enforcement." The enforcement also includes organization maintainers , but does not extend to every single user of the service. The goal is to neutralize the threats posed by account takeover attacks, which an attacker can leverage to distribute trojanized versions of popular packages to poison the software supply chain and deploy malware on a large scale. PyPI, like other open source repositories such as npm, has witnessed innumerable instances of malware and package impersonation. Earlier this month, FThe Hacker News
May 25, 2023
Cynet Protects Hospital From Lethal Infection Full Text
Abstract
A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported by Windows XP and Windows 7 machines. Cynet protections were in place on most of the Windows XP and Windows 7 machines during the upgrade process, ensuring that legacy operating systems would not cause vulnerabilities or delay the activation of an incident response plan . The hospital's I.T. security team appreciated this coverage after their previous provider abandoned support for Windows XP and Windows 7. "One of the many reasons we chose Cynet was their support of legacy Windows machines. It's expensive, difficult and time consuming to upgrade our imaging system software, but we needed protections as we slowly migrated to more current Windows environments. Cynet was one of the few providers that continue to protect these older Windows environments." The Attack AloThe Hacker News
May 24, 2023
What to Look for When Selecting a Static Application Security Testing (SAST) Solution Full Text
Abstract
If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical applications. SAST scans code early during development, so your AppSec team won't be scrambling to fix unexpected vulnerabilities right before that big launch is planned. You'll avoid surprises and launch delays without inadvertently releasing risky software to customers — or into production. But if you consider SAST as a part of a larger AppSec platform, crucial for those who wish to shift security everywhere possible in the software development life cycle (SDLC), some SAST solutions outshine others. Knowing what to focus on With a plethora of players in the market, sometimesThe Hacker News
May 22, 2023
An AI-based Chrome Extension Against Phishing, Malware, and Ransomware Full Text
Abstract
Criminal IP's Chrome extension offers real-time scanning of websites worldwide, using AI-based detection to identify recently created phishing sites.BleepingComputer
May 22, 2023
DarkBERT could help automate dark web mining for cyber threat intelligence Full Text
Abstract
Researchers have developed DarkBERT, a language model pre-trained on dark web data, to help cybersecurity pros extract cyber threat intelligence (CTI) from the Internet’s virtual underbelly.Cyware
May 17, 2023
Identifying a Patch Management Solution: Overview of Key Criteria Full Text
Abstract
Software is rarely a one-and-done proposition. In fact, any application available today will likely need to be updated – or patched – to fix bugs, address vulnerabilities , and update key features at multiple points in the future. With the typical enterprise relying on a multitude of applications, servers, and end-point devices in their day-to-day operations, the acquisition of a robust patch management platform to identify, test, deploy, install, and document all appropriate patches are critical for ensuring systems remain stable and secure. As with most tech tools, not all patch management solutions are created equal, and what's seen as robust by one organization may prove inadequate for another. However, an evaluation that begins with a focus on specific key criteria – essential attributes and functionality likely to be offered by many vendors but not all – will allow IT teams to narrow down their options as they work to identify the best solution for their organization&The Hacker News
May 16, 2023
Cyolo Product Overview: Secure Remote Access to All Environments Full Text
Abstract
Operational technology (OT) cybersecurity is a challenging but critical aspect of protecting organizations' essential systems and resources. Cybercriminals no longer break into systems, but instead log in – making access security more complex and also more important to manage and control than ever before. In an effort to solve the access-related challenges facing OT and critical infrastructure operators, the team at Cyolo built a zero-trust access platform designed to meet the unique safety, security, and uptime requirements of OT and industrial control systems (ICS) environments. Let's look under the hood: The Cyolo solution is a high-powered combination of Zero Trust Network Access (ZTNA), Identity Provider (IdP), and Privileged Access Management (PAM). What makes this approach stand out from the pack is that other ZTNA solutions do not offer IdP or PAM capabilities, while Identity and Access Management tools (IdPs and PAMs) do not extend connectivity. And unlike other plThe Hacker News
May 11, 2023
How Attack Surface Management Supports Continuous Threat Exposure Management Full Text
Abstract
According to Forrester, External Attack Surface Management (EASM) emerged as a market category in 2021 and gained popularity in 2022. In a different report, Gartner concluded that vulnerability management vendors are expanding their offerings to include Attack Surface Management (ASM) for a suite of comprehensive offensive security solutions. Recognition from global analysts has officially put ASM on the map, evolving the way security leaders approach their cybersecurity. Why Now is the Right Time for Attack Surface Management Businesses today rely more on digital assets than ever before. Shifts over time include more use of the cloud, an increase in remote workforces, and greater expansion of digital assets in part because of mergers and acquisitions. This resulted in an expansion of both known and unknown attack surfaces that businesses manage, presenting a greater number of pathways for malicious actors to gain entry to an environment. Consider this analogy for example: IThe Hacker News
May 11, 2023
Google will provide dark web monitoring to all US Gmail users and more Full Text
Abstract
Google announced the opening of the dark web monitoring report security feature to all Gmail users in the United States. Google is going to offer dark web monitoring to all U.S. Gmail users, the feature allows them to search for their email addresses...Security Affairs
May 11, 2023
Twitter now supports Encrypted Direct Messages, with some limitations Full Text
Abstract
Twitter is rolling out support for encrypted direct messages (DMs), the security feature will be initially available for the verified users. Twitter is rolling out support for encrypted direct messages (DMs), the feature is initially limited to verified users...Security Affairs
May 10, 2023
Google Announces New Privacy, Safety, and Security Features Across Its Services Full Text
Abstract
Google unveiled a slew of new privacy, safety, and security features today at its annual developer conference, Google I/O. The tech giant's latest initiatives are aimed at protecting its users from cyber threats, including phishing attacks and malicious websites, while providing more control and transparency over their personal data. Here is a short list of the newly introduced features - Improved data control and transparency Gmail Dark Web Scan Report Effortlessly Delete Maps Search History AI-Powered Safe Browsing Content Safety API Expansion About this Image Spam View in Google Drive Among the newly introduced features, the first on the list is improved data control and transparency. Google has unveiled an update for its Android operating system that allows users to better control location sharing through apps installed on their devices. "Starting with location data, you will be informed in permission requests when an app shares your information with third-parThe Hacker News
May 03, 2023
Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts Full Text
Abstract
Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. Passkeys , backed by the FIDO Alliance, are a more secure way to sign in to apps and websites without having to use a traditional password. This, in turn, can be achieved by simply unlocking their computer or mobile device with their biometrics (e.g., fingerprint or facial recognition) or a local PIN. "And, unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes," Google noted . Passkeys, once created, are locally stored on the device, and are not shared with any other party. This also obviates the need for setting up two-factor authentication, as it proves that "you have access to your device and are able to unlock it." Users also have the choice of creating passkeys for every device they use toThe Hacker News
May 2, 2023
Data-driven insights help prevent decisions based on fear Full Text
Abstract
Organizations have strengthened security measures and become more resilient, but threat actors are still finding ways through, according to BakerHostetler. A reduction in ransomware matters in 2022 reversed course by the end of the year.Cyware
April 27, 2023
Google adds new risk assessment tool for Chrome extensions Full Text
Abstract
Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: Spin.AI App Risk Assessment.Cyware
April 25, 2023
Modernizing Vulnerability Management: The Move Toward Exposure Management Full Text
Abstract
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of attackers' opportunities. Vulnerabilities only represent a small part of the attack surface that attackers can leverage. Initially, organizations used manual methods to address known security weaknesses, but as technology and cyber threats evolved, a more automated and comprehensive approach became necessary. However, legacy vulnerability management tools were designed primarily for compliance and modern tools still face challenges in prioritization and limited resources, especially in dynamic and agile cloud environments. Modern vulnerability management integrates security tools such as scanneThe Hacker News
April 25, 2023
Google Authenticator App now supports Google Account synchronization Full Text
Abstract
Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization. Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely...Security Affairs
April 13, 2023
Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management Full Text
Abstract
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. "While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they're known and fixed, which is the real story," the company said in an announcement. "Those risks span everything from lag time in OEM adoption, patch testing pain points, end user update issues and more." Security threats also stem from incomplete patches applied by vendors, with a chunk of the zero-days exploited in the wild turning out to be variants of previously patched vulnerabilities. Mitigating such risks requires addressing the root cause of the vulnerabilities and prioritizing modern secure software development practices to eliminate entire classes of threats and block potential attack avenues. Taking these factors into consideration, Google said it's forming a HackingThe Hacker News
April 13, 2023
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks Full Text
Abstract
Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account. "Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages," the Meta-owned company said in an announcement. Called Device Verification , the security measure is designed to help prevent account takeover (ATO) attacks by blocking the threat actor's connection and allowing targets of the malware infection to use the app without any interruption. In other words, the goal is to deter attackers' use of malware to steal WhatsApp authentication keys and hijack victim accounts, and subsequently impersonate them to distribute spam and phishing links to other contacts. This, in turn, is achieved by introducing a security-token thThe Hacker News
April 12, 2023
Announcing the deps.dev API: critical dependency data for secure supply chains Full Text
Abstract
As part of Google’s ongoing efforts to improve open-source security, the Open Source Insights team has built a reliable view of software metadata across five packaging ecosystems.Cyware
April 10, 2023
Protecting your business with Wazuh: The open source security platform Full Text
Abstract
Today, businesses face a variety of security challenges like cyber attacks, compliance requirements, and endpoint security administration. The threat landscape constantly evolves, and it can be overwhelming for businesses to keep up with the latest security trends. Security teams use processes and security solutions to curb these challenges. These solutions include firewalls, antiviruses, data loss prevention services, and XDRs (Extended Detection and Response). Wazuh is a free and open source security platform that unifies XDR and SIEM (System Information and Event Management) capabilities. It comprises a universal security agent for event data collection from various sources and the central components for event analysis, correlation, and alerting. The central components include the Wazuh server, dashboard, and indexer. Wazuh offers a suite of modules capable of providing extended threat detection and response for on-premises and cloud workloads. In this article, we emphasize theThe Hacker News
April 04, 2023
Microsoft Tightens OneNote Security by Auto-Blocking 120 Risky File Extensions Full Text
Abstract
Microsoft has announced plans to automatically block embedded files with "dangerous extensions" in OneNote following reports that the note-taking service is being increasingly abused for malware delivery. Up until now, users were shown a dialog warning them that opening such attachments could harm their computer and data, but it was possible to dismiss the prompt and open the files. That's going to change going forward. Microsoft said it intends to prevent users from directly opening an embedded file with a dangerous extension and display the message: "Your administrator has blocked your ability to open this file type in OneNote." The update is expected to start rolling out with Version 2304 later this month and only impacts OneNote for Microsoft 365 on devices running Windows. It does not affect other platforms, including macOS, Android, and iOS, as well as OneNote versions available on the web and for Windows 10. "By default, OneNote blocks the saThe Hacker News
April 3, 2023
Microsoft OneNote Starts Blocking Dangerous File Extensions Full Text
Abstract
Just like other Office applications, OneNote has been abused for malware delivery, especially since OneNote documents allow attackers to attach files that would be executed with few warnings to the user.Cyware
March 30, 2023
Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration Full Text
Abstract
Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. "Multi-cloud by design," and its companion the supercloud, is an ecosystem in which several cloud systems work together to provide many organizational benefits, including increased scale and overall resiliency. And now, even security teams who have long been the holdout on wide-scale cloud adoption, may find a reason to rejoice. Born out of the multi-cloud approach, cyberstorage enables companies to not only enjoy the benefits that multi-cloud brings but also eliminate the risk of data exposure at the same time, marking the beginning of the multi-cloud maturity era. What Is The Supercloud? While many organizations ended up with multiple cloud services as a byproduct of interdepartmental needs, today organizations are intentionally building multi-cloud environments. And rather than manage the various cloud services individually, many are implementinThe Hacker News
March 29, 2023
Microsoft Security Copilot is a new GPT-4 AI assistant for cybersecurity Full Text
Abstract
Powered by OpenAI’s GPT-4 generative AI and Microsoft’s security-specific model, Security Copilot looks like a simple prompt box like any other chatbot. You can ask “what are all the security incidents in my enterprise?”Cyware
March 28, 2023
Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders Full Text
Abstract
Microsoft on Tuesday unveiled Security Copilot in preview, marking its continued push to embed AI-oriented features in an attempt to offer "end-to-end defense at machine speed and scale." Powered by OpenAI's GPT-4 generative AI and its own security-specific model, it's billed as a security analysis tool that enables cybersecurity analysts to quickly respond to threats, process signals, and assess risk exposure. To that end, it collates insights and data from various products like Microsoft Sentinel, Defender, and Intune to help security teams better understand their environment; determine if they are susceptible to known vulnerabilities and exploits; identify ongoing attacks their scale, and receive remediation instructions; and summarize incidents. Users, for instance, can ask Security Copilot about suspicious user logins over a specific time period, or even employ it to create a PowerPoint presentation outlining an incident and its attack chain. It can alThe Hacker News
March 28, 2023
Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo Full Text
Abstract
Malicious actors are constantly adapting their tactics, techniques, and procedures (TTPs) to adapt to political, technological, and regulatory changes quickly. A few emerging threats that organizations of all sizes should be aware of include the following: Increased use of Artificial Intelligence and Machine Learning : Malicious actors are increasingly leveraging AI and machine learning to automate their attacks, allowing them to scale their operations faster than ever before. The exploitation of cloud-based technologies: Cloud-based services are increasingly being targeted by malicious actors due to the lack of visibility and control over these platforms. Increased use of ransomware: Ransomware is becoming a more popular method of attack, allowing malicious actors to monetize their operations quickly. According to CompTIA , ransomware attacks grew by 41% in 2022, while identification and remediation for a breach took 49 days longer than average. Phishing attacks also increasThe Hacker News
March 17, 2023
THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter Full Text
Abstract
Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. "I'm in!" he shouts in triumph. Clearly, there are many problems with this scenario – and it's not just the hoodie. What's even more inaccurate is that most cyber attackers today do not rely on unsophisticated methods like brute force. Instead, they target users directly through social engineering, spearphishing and business email compromise (BEC). In light of this, it can be said that cybercriminals no longer break into corporate systems; instead, they log in with valid user credentials. In this landscape of highly targeted cyberattacks, the identity perimeter has emerged as a crucial battlefield. Unfortunately, too many businesses continue to rely on outdated security strategies and tools that leave their users and sensitive systems unprotected. SThe Hacker News
March 17, 2023
Meta Develops New Kill Chain Thesis Full Text
Abstract
The Meta approach starts from the assumption that despite the asynchronous nature of attacks, there are still meaningful commonalities, especially where those commonalities can be abstracted from the platform or hardware being attacked.Cyware
March 15, 2023
Kali Linux 2023.1 released – and so is Kali Purple! Full Text
Abstract
OffSec (formerly Offensive Security) released Kali Linux 2023.1, the latest version of its popular penetration testing and digital forensics platform, accompanied by a technical preview of Kali Purple, a “one-stop shop for blue and purple teams.”Cyware
March 08, 2023
Syxsense Platform: Unified Security and Endpoint Management Full Text
Abstract
As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise's ability to identify devices that are accessing the network and in ensuring that those devices are compliant with security policies. These gaps are often seen in outdated spreadsheets that are used to track and manage asset inventory, configurations, vulnerabilities, and more. Ultimately, this increases organizational risk while stifling efficiency and productivity. That's why unified security and endpoint management has gained ground, as noted in Gartner's Hype Cycle for Endpoint Security, 2022 . As part of the market's need to gain a clearer, real-time picture of their devices and security posture, Syxsense launched its Enterprise platform last year to address the three key elements of endpoint management and security: vulnerabilities, patch, and compliance. AcThe Hacker News
March 01, 2023
Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy Full Text
Abstract
Google has announced the general availability of client-side encryption (CSE) for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "even more organizations to become arbiters of their own data and the sole party deciding who has access to it," Google's Ganesh Chilakapati and Andy Wen said . To that end, users can send and receive emails or create meeting events within their organizations or to other external parties in a manner that's encrypted "before it reaches Google servers." The company is also making available a decrypter tool in beta for Windows to decrypt client-side encrypted files and emails exported via its Data Export tool or Google Vault. macOS and Linux versions of the decrypter are expected to be released in the future. The development follows the rollout of CSE to other products such as Google Drive, Docs, Slides, Sheets, and Meet. The solution, the tech behemoth said, is aimedThe Hacker News
March 1, 2023
Google Gmail client-side encryption is available globally Full Text
Abstract
Gmail client-side encryption (CSE) is now available for Workspace Enterprise Plus, Education Plus, and Education Standard customers. Google announced that Gmail client-side encryption (CSE) is now available for all Google Workspace Enterprise Plus,...Security Affairs
February 20, 2023
Samsung announces Message Guard feature to neutralize zero-click attacks Full Text
Abstract
Samsung introduces a new protection feature called Message Guard to protect users from zero-click malware attacks. Samsung announced the implementation of a new security feature called Message Guard that aims at protecting users from malicious...Security Affairs
February 20, 2023
Samsung Introduces New Feature to Protect Users from Zero-Click Malware Attacks Full Text
Abstract
Samsung has announced a new feature called Message Guard that comes with safeguards to protect users from malware and spyware via what's referred to as zero-click attacks . The South Korean chaebol said the solution "preemptively" secures users' devices by "limiting exposure to invisible threats disguised as image attachments." The security feature, available on Samsung Messages and Google Messages, is currently limited to the Samsung Galaxy S23 series, with plans to expand it to other Galaxy smartphones and tablets later this year that are running on One UI 5.1 or higher. Zero-click attacks are highly-targeted and sophisticated attacks that exploit previously unknown flaws (i.e., zero-days) in software to trigger execution of malicious code without requiring any user interaction. Unlike traditional methods of remotely exploiting a device wherein threat actors rely on phishing tactics to trick a user into clicking on a malicious link or opening an rogThe Hacker News
February 17, 2023
ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally Full Text
Abstract
A number of experiments suggest ChatGPT could be useful to help defenders triage potential security incidents and find security vulnerabilities in code, even though it was not specifically trained for such activities, according to recent studies.Cyware
February 15, 2023
Google Rolling Out Privacy Sandbox Beta on Android 13 Devices Full Text
Abstract
Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13. "The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and advertising giant said . "Apps that choose to participate in the Beta can use these APIs to show you relevant ads and measure their effectiveness." Devices that have been selected for the Beta test will have a Privacy Sandbox section within Settings so as to allow users to control their participation as well as view and manage their top interests as determined by the Topics API to serve relevant ads. The initial Topics taxonomy is set to include somewhere between a few hundred and a few thousand topics, according to Google , and will be human-curated to exclude sensitive topics. The Beta test is expected to start off withThe Hacker News
January 28,2023
Eliminating SaaS Shadow IT is Now Available via a Self-Service Product, Free of Charge Full Text
Abstract
The use of software as a service (SaaS) is experiencing rapid growth and shows no signs of slowing down. Its decentralized and easy-to-use nature is beneficial for increasing employee productivity, but it also poses many security and IT challenges. Keeping track of all the SaaS applications that have been granted access to an organization's data is a difficult task. Understanding the risks that SaaS applications pose is just as important, but it can be challenging to secure what cannot be seen. Many organizations have implemented access management solutions, but these are limited in visibility to only pre-approved applications. The average medium-sized organization has hundreds, and sometimes thousands, of SaaS applications that have been adopted by employees who needed a quick and easy solution or found a free version, completely bypassing IT and security. This leads to a significant risk as many of these applications do not have the necessary security and/or compliance standardThe Hacker News
January 24, 2023
Meta Platforms expands features for EE2E on Messenger App Full Text
Abstract
Meta Platforms announced the implementation of more features into its end-to-end encrypted Messanger App. Meta Platforms started gradually expanding testing default end-to-end encryption for Messenger. The company announced that over the next few months,...Security Affairs
January 16,2023
A Secure User Authentication Method – Planning is More Important than Ever Full Text
Abstract
When considering authentication providers, many organizations consider the ease of configuration, ubiquity of usage, and technical stability. Organizations cannot always be judged on those metrics alone. There is an increasing need to evaluate company ownership, policies and the stability, or instability, that it brings. How Leadership Change Affects Stability In recent months, a salient example is that of Twitter. The Twitter platform has been around since 2006 and is used by millions worldwide. With many users and a seemingly robust authentication system, organizations used Twitter as a primary or secondary authentication service. Inconsistent leadership and policies mean the stability of a platform is subject to change, which is especially true with Twitter as of late. The ownership change to Elon Musk precipitated widespread changes to staffing and policies. Due to those changes, a large portion of staff was let go , but this included many individuals responsible for the technThe Hacker News
January 9, 2023
inSicurezzaDigitale launches the Dashboard Ransomware Monitor Full Text
Abstract
The cybersecurity blog inSicurezzaDigitale has launched the Italian Dashboard Ransomware Monitor to analyze the principal RaaSs' activities. Here it comes, inSicurezzaDigitale announced the Dashboard Ransomware Monitor, it is the second project after...Security Affairs
January 06,2023
WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship Full Text
Abstract
Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns. "Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely," the Meta-owned company said . Proxies act as an intermediary between end users and the service provider by routing requests originating from a client to the server and forwarding the response back to the device. Users can access the option by navigating to Settings > Storage and Data > Proxy > Use Proxy and entering a trusted proxy server address. WhatsApp, which is used by more than two billion users across the world, has also made available a reference implementation that can be used to set up a proxy server to help others connect to the service. The company emphasized thatThe Hacker News
January 05,2023
Mitigate the LastPass Attack Surface in Your Environment with this Free Tool Full Text
Abstract
The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there are very few organizations in which these practices are truly enforced. This puts security teams in the worst position, where exposure to compromise is almost certain, but pinpointing the users who created this exposure is almost impossible. To assist them throughout this challenging time, Browser Security solution LayerX has launched a free offering of its platform, enabling security teams to gain visibility into all browsers on which the LastPass extension is installed and mitigate the potential impacts of the LastPass breach on their environments by informing vulnerable users and require tThe Hacker News
December 22, 2022
Brave launches FrodoPIR, a privacy-focused database query system Full Text
Abstract
Brave Software developers have created a new privacy-centric database query system called FrodoPIR that retrieves data from servers without disclosing the content of user queries.BleepingComputer
December 20, 2022
VirusTotal cheat sheet makes it easy to search for specific results Full Text
Abstract
VirusTotal has published a cheat sheet to help researchers create queries leading to more specific results from the malware intelligence platform.BleepingComputer
December 19, 2022
UID smuggling: A new technique for tracking users online Full Text
Abstract
A group of researchers at UC San Diego have for the first time sought to quantify the frequency of UID smuggling in the wild, by developing a measurement tool called CrumbCruncher.Cyware
December 18, 2022
Google announced end-to-end encryption for Gmail web Full Text
Abstract
Google introduces end-to-end encryption for Gmail web to its Workspace and education customers to protect emails sent using the web client. Google announced end-to-end encryption for Gmail (E2EE), with Gmail client-side encryption beta, users can send...Security Affairs
December 17, 2022
Google introduces end-to-end encryption for Gmail on the web Full Text
Abstract
Google announced on Friday that it's adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within their domain and outside their domain.BleepingComputer
December 15, 2022
GitHub rolls out free secret scanning for all public repositories Full Text
Abstract
GitHub is rolling out support for the free scanning of exposed secrets (such as credentials and auth tokens) to all public repositories on its code hosting platform.BleepingComputer
December 14, 2022
Passkeys Now Fully Supported in Google Chrome Full Text
Abstract
Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication, eliminating the risks associated with phishing or the use of poor passwords.Cyware
December 12, 2022
Cloudflare’s Zero Trust suite now available for free to at-risk groups Full Text
Abstract
Cloudflare has made its 'Cloudflare One Zero Trust' security suite free to public interest groups, election sites, and state organizations that are currently part of Project Galileo and the Athenian Project.BleepingComputer
December 08, 2022
Tor Browser 12.0 brings Apple Silicon support, Android enhancements Full Text
Abstract
The Tor Project team has announced the release of Tor Browser 12.0, a major version release introducing support for Apple Silicon chips and several enhancements for the Android version.BleepingComputer
December 08, 2022
Google: How Android’s Private Compute Core protects your data Full Text
Abstract
Google has disclosed more technical details about how Private Compute Core (PCC) on Android works and keeps sensitive user data processed locally on protected devices.BleepingComputer
December 06, 2022
Kali Linux 2022.4 adds 6 new tools, Azure images, and desktop updates Full Text
Abstract
Offensive Security has released Kali Linux 2022.4, the fourth and final version of 2022, with new Azure and QEMU images, six new tools, and improved desktop experiences.BleepingComputer
December 02, 2022
How Windows 11’s Enhanced Phishing Protection guards your password Full Text
Abstract
One of the easier ways to steal a user's credentials is through a convincing fake login page or application. To help combat the constant risk of password theft, Microsoft added enhanced phishing protection in Windows 11 Version 22H2.BleepingComputer
November 29, 2022
Ransomware detection with Wazuh SIEM and XDR platform Full Text
Abstract
Wazuh is a free, open source SIEM/XDR solution with more than 10 million annual downloads. Learn more about how Wazuh can help protect your organization against the ever-evolving tactics of ransomware.BleepingComputer
November 29, 2022
Microsoft Defender boosts default protection for all enterprise users Full Text
Abstract
Microsoft announced that built-in protection is generally available for all devices onboarded to Defender for Endpoint, the company's endpoint security platform.BleepingComputer
November 21, 2022
Google releases 165 YARA rules to detect Cobalt Strike attacks Full Text
Abstract
The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise (IOCs) to help defenders detect Cobalt Strike components in their networks.BleepingComputer
November 17, 2022
ESET rolls out new consumer offerings to improve home security Full Text
Abstract
ESET's newest consumer product release has taken a comprehensive approach to security to guard against a full range of threats. While cyberthreats and hackers continue to evolve, ESET is always a step ahead. Here is a look at the new product updates:BleepingComputer
November 16, 2022
Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023 Full Text
Abstract
Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said . To that end, developers will need to complete an enrollment process in order to utilize the ads-related APIs, including Topics , FLEDGE , and Attribution Reporting . Topics, which replaced Federated Learning of Cohorts (FLoC) earlier this year, aims to categorize user interests under different "topics" based on their device web browsing history. These inferred interests are then shared with marketers to serve targeted ads. FLEDGE and Attribution reporting, on the other hand, enable custom audience targeting and help measure ad conversions without relying on cross-party user identifiers, respectively. Organizations can also request acceThe Hacker News
November 16, 2022
DuckDuckGo now lets all Android users block trackers in their apps Full Text
Abstract
DuckDuckGo for Android's 'App Tracking Protection' feature has reached open beta, allowing all Android users to block third-party trackers across all their installed apps.BleepingComputer
November 15, 2022
Google to roll out Privacy Sandbox on Android 13 starting early 2023 Full Text
Abstract
Google announced today that they will begin rolling out the Privacy Sandbox system on a limited number of Android 13 devices starting in early 2023.BleepingComputer
November 12, 2022
GitHub Introduces Private Vulnerability Reporting for Public Repositories Full Text
Abstract
Microsoft-owned code hosting platform GitHub has announced the introduction of a direct channel for security researchers to report vulnerabilities in public repositories that allow it.Security Week
November 11, 2022
Microsoft Defender network protection generally available on iOS, Android Full Text
Abstract
Microsoft announced that the Mobile Network Protection feature is generally available to help organizations detect network weaknesses affecting Android and iOS devices running Microsoft's Defender for Endpoint (MDE) enterprise endpoint security platform.BleepingComputer
October 29, 2022
New open-source tool scans public AWS S3 buckets for secrets Full Text
Abstract
A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets.BleepingComputer
October 26, 2022
LinkedIn’s new security features combat fake profiles, threat actors Full Text
Abstract
LinkedIn has introduced three new features to fight fake profiles and malicious use of the platform, including a new method to confirm whether a profile is authentic by showing whether it has a verified work email or phone number.BleepingComputer
October 25, 2022
New Samsung Maintenance Mode protects your data during phone repairs Full Text
Abstract
After a successful pilot program in Korea, Samsung is now rolling out 'Maintenance Mode' to select Galaxy devices globally, to help users protect their sensitive data when they hand over their smartphones at service points.BleepingComputer
October 21, 2022
GUAC – A Google Open Source Project to secure software supply chain Full Text
Abstract
Google launched the Graph for the Understanding Artifact Composition (GUAC) project, to secure the software supply chain. Google this week launched a new project named Graph for Understanding Artifact Composition (GUAC) which aims at securing the software...Security Affairs
October 20, 2022
Google Launches GUAC Open Source Project to Secure Software Supply Chain Full Text
Abstract
Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition , also known as GUAC, as part of its ongoing efforts to beef up the software supply chain . "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," Brandon Lum, Mihai Maruseac, and Isaac Hepworth of Google said in a post shared with The Hacker News. "GUAC is meant to democratize the availability of this security information by making it freely accessible and useful for every organization, not just those with enterprise-scale security and IT funding." Software supply chain has emerged a lucrative attack vector for threat actors, wherein exploiting just one weakness -- as seen in the case of SolarWinds and Log4Shell -- opens a pathway long enough to traverse down the supply chain and steal sensitive data, plant malware, aThe Hacker News
October 19, 2022
Google Unveils KataOS ‘Verifiably-Secure’ Operating System for Embedded Devices Full Text
Abstract
The project is named Sparrow and it revolves around a new operating system named KataOS, for which Google has already open-sourced several components. The tech giant pointed out that KataOS is mostly developed in Rust, which makes it more secure.Security Week
October 19, 2022
Microsoft announces enterprise DDoS protection for SMBs Full Text
Abstract
Microsoft announced today the availability of Azure DDoS IP Protection in public preview, a new and fully managed DDoS Protection pay-per-protected IP model offering tailored to small and midsize businesses (SMBs).BleepingComputer
October 18, 2022
DuckDuckGo for Mac enters public beta, now available to everyone Full Text
Abstract
Mac users can now try the privacy features in the DuckDuckGo browser as the app has entered the beta stage of development.BleepingComputer
October 12, 2022
Microsoft adds new RSS feed for security update notifications Full Text
Abstract
Microsoft has now made it possible to receive notifications about new security updates through a new RSS feed for the Security Update Guide.BleepingComputer
October 12, 2022
Scribe Platform: End-to-end Software Supply Chain Security Full Text
Abstract
As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they anticipate the continued expansion of attack surfaces in the near future, they also list digital supply chain as a major rising attack surface and one of the top trends to follow in 2022. After all, any software is only as secure as the weakest link in its supply chain. One bad component, any malicious access to your development environment—or any vulnerability in your software's delivery life cycle—and you risk your code's integrity, your customers, and your reputation. Scribe Security recently launched a new platform that claims to address these urgent needs by enabling its users to build trust in their software across teams and organizations. According to Scribe Security, SBOM is a bThe Hacker News
October 12, 2022
Microsoft Defender adds command and control traffic detection Full Text
Abstract
Microsoft has added command-and-control (C2) traffic detection capabilities to its Microsoft Defender for Endpoint (MDE) enterprise endpoint security platform.BleepingComputer
October 12, 2022
Google Rolling Out Passkey Passwordless Login Support to Android and Chrome Full Text
Abstract
Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said . "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first announced in May 2022 as part of a broader push to support a common passwordless sign-in standard. Passkeys, established by the FIDO Alliance and also backed by Apple and Microsoft , aim to replace standard passwords with unique digital keys that are stored locally on the device. To that end, creating a passkey requires confirmation from the end-user about the account that will be used to log in to the online service, followed by using their biometric information or the device passcode . Signing in to a website on a mobile device is also a simple two-step process that eThe Hacker News
October 12, 2022
Google simplifies sign-ins with Chrome, Android passkey support Full Text
Abstract
Google announced today that it's introducing passkey support to both its Google Chrome web browser and the Android operating system to simplify sign-ins across apps, websites, and devices.BleepingComputer
October 11, 2022
All Windows versions can now block admin brute-force attacks Full Text
Abstract
Microsoft announced today that IT admins can now configure any Windows system still receiving security updates to automatically block brute force attacks targeting local administrator accounts via a group policy.BleepingComputer
October 01, 2022
Microsoft to let Office 365 users report Teams phishing messages Full Text
Abstract
Microsoft is working on updating Microsoft Defender for Office 365 to allow Microsoft Teams users to alert their organization's security team of any dodgy messages they receive.BleepingComputer
September 28, 2022
NUVOLA: the new Cloud Security tool Full Text
Abstract
Just like other forms of attacks, privilege escalation can go unnoticed, especially in a complex cloud environment where companies already have difficulty gaining visibility into their internal users, identities, and actions.Security Affairs
September 28, 2022
Improve your security posture with Wazuh, a free and open source XDR Full Text
Abstract
Organizations struggle to find ways to keep a good security posture. This is because it is difficult to create secure system policies and find the right tools that help achieve a good posture. In many cases, organizations work with tools that do not integrate with each other and are expensive to purchase and maintain. Security posture management is a term used to describe the process of identifying and mitigating security misconfigurations and compliance risks in an organization. To maintain a good security posture, organizations should at least do the following: Maintain inventory: Asset inventory is considered first because it provides a comprehensive list of all IT assets that should be protected. This includes the hardware devices, applications, and services that are being used. Perform vulnerability assessment: The next step is to perform a vulnerability assessment to identify weaknesses in applications and services. Knowledge of the vulnerabilities help to prioritize risksThe Hacker News
September 28, 2022
NUVOLA: the new Cloud Security tool Full Text
Abstract
nuvola is the new open-source cloud security tool to address the privilege escalation in cloud environments. nuvola is the new open source security tool made by the Italian cyber security researcher Edoardo Rosa (@_notdodo_), Security Engineer at Prima...Security Affairs
September 28, 2022
Wazuh - The free and open source XDR platform Full Text
Abstract
Wazuh is a free and open source security platform that provides unified SIEM and XDR protection. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. Wazuh is one of the fastest growing open source security solutions, with over 10 million downloads per year.BleepingComputer
September 24, 2022
Windows 11 now warns when typing your password in Notepad, websites Full Text
Abstract
Windows 11 22H2 was just released, and with it comes a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websites.BleepingComputer
September 23, 2022
Signal calls on users to run proxies for bypassing Iran blocks Full Text
Abstract
Signal is urging its global community to help people in Iran stay connected with each other and the rest of the world by volunteering proxies to bypass the aggressive restrictions imposed by the Iranian regime.BleepingComputer
September 23, 2022
This image shows its own MD5 checksum — and it’s kind of a big deal Full Text
Abstract
Generating checksums—cryptographic hashes such as MD5 or SHA-256 functions for files is hardly anything new and one of the most efficient means to ascertain the integrity of a file, or to check if two files are identical. But a researcher has generated an image that visibly contains its own MD5 hash.BleepingComputer
September 21, 2022
Windows 11 gets better protection against SMB brute-force attacks Full Text
Abstract
Microsoft announced that the Windows 11 SMB server is now better protected against brute-force attacks with the release of the Insider Preview Build 25206 to the Dev Channel.BleepingComputer
September 20, 2022
Windows 11 22H2 adds kernel exploit protection to security baseline Full Text
Abstract
Microsoft has released the final version of security configuration baseline settings for Windows 11, version 22H2, downloadable today using the Microsoft Security Compliance Toolkit.BleepingComputer
September 20, 2022
Microsoft Defender for Endpoint will turn on tamper protection by default Full Text
Abstract
Microsoft says tamper protection will soon be turned on by default for all enterprise customers in Microsoft Defender for Endpoint (MDE) for better defense against ransomware attacks.BleepingComputer
September 16, 2022
Bitdefender releases Universal LockerGoga ransomware decryptor Full Text
Abstract
Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover...Security Affairs
September 16, 2022
Open source CMS TYPO3 tackles XSS vulnerability Full Text
Abstract
The flaw has been patched in 7.6.58, 8.7.48, 9.5.37, 10.4.32, and 11.5.16 of typo3/cms-core. All prior versions on these release lines are affected. As user interaction is required, the bug is classified as moderate severity (CVSS score of 6.1).The Daily Swig
September 13, 2022
iOS 16 Has 2 New Security Features for Worst-Case Scenarios Full Text
Abstract
Safety Check and Lockdown Mode are very different tools, but Apple has built them both into its latest mobile operating system release as lifelines for digital worst-case scenarios.Wired
September 12, 2022
Apple released iOS 16 with Lockdown, Safety Check security features Full Text
Abstract
Apple released iOS 16 today with new features to boost iPhone users' security and privacy, including Lockdown Mode and Security Check.BleepingComputer
September 2, 2022
Apple overhauls built-in Mac anti-malware you probably don’t know about Full Text
Abstract
Called "XProtect," this system service downloads and installs new malware definitions in the background in between major macOS security updates, mostly to protect against the installation of known, in-the-wild malware.ARS Technica
August 30, 2022
Galois Open Sources Tools for Finding Vulnerabilities in C, C++ Code Full Text
Abstract
Now available under the BSD 3-clause license, MATE relies on code property graphs (CPGs) for static program analysis, and can identify application-specific bugs that depend on implementation details and high-level semantics.Security Week
August 30, 2022
Hands-on Review: Stellar Cyber Security Operations Platform for MSSPs Full Text
Abstract
As threat complexity increases and the boundaries of an organization have all but disappeared, security teams are more challenged than ever to deliver consistent security outcomes. One company aiming to help security teams meet this challenge is Stellar Cyber . Stellar Cyber claims to address the needs of MSSPs by providing capabilities typically found in NG-SIEM, NDR, and SOAR products in their Open XDR platform, managed with a single license. According to Stellar Cyber, this consolidation means faster security analyst ramp time and customer onboarding with far less manually intensive tasks required. Stellar Cyber currently counts 20+ of the top MSSP providers as customers, providing security for over 3 million assets. In addition, stellar Cyber claims after deployment, users see up to 20x faster mean time to respond (MTTR), a bold claim. We recently took a closer look at the Stellar Cyber Security Operations Platform. Before we begin Before digging into the platform, here areThe Hacker News
August 28, 2022
DuckDuckGo opens its privacy-focused email service to everyone Full Text
Abstract
DuckDuckGo has opened its 'Email Protection' service to anyone wishing to get their own '@duck.com' email address.BleepingComputer
August 19, 2022
New tool checks if a mobile app’s browser is a privacy risk Full Text
Abstract
A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.BleepingComputer
August 19, 2022
Spyware Hunters Are Expanding Their Toolset Full Text
Abstract
The researchers specifically announced new detection algorithms based on their findings for the open source memory forensics framework Volatility. Memory forensics was very different five or six years ago.Wired
August 16, 2022
Unified Threat Management: The All-in-One Cybersecurity Solution Full Text
Abstract
UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS (Intrusion Prevention System) and other security services. A universal gateway allows the user to manage network security with one comprehensive solution, which makes the task much easier. In addition, compared to a conventional firewall, such systems are capable of detecting and blocking more sophisticated attacks. SafeDNS has recently released such a solution, and this is what this article is going to be about. Who needs UTMs? Most of all, UTMs are valued by SMEs - the all-in-one solution makes it simple to manage all their cybersecurity solutions and services. This also cuts down a lot of communications between vendors, since UTMs are easily supported by one IT team. This leads to another upside of the system - it can be cost-effective, as there is no need to pay a bunch of vendors & extra for techThe Hacker News
August 12, 2022
GoTestWAF adds API attack testing via OpenAPI support Full Text
Abstract
Launched in April 2020, the security testing tool simulates OWASP and API exploits to test the detection capabilities of web application firewalls (WAFs), NGWAFs, RASPs, WAAPs, and, now, API security tools.The Daily Swig
August 12, 2022
Facebook Testing Default End-to-End Encryption and Encrypted Backups in Messenger Full Text
Abstract
Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the feature," Sara Su, product management director of Messenger Trust, said . The incremental development comes a year after it turned on E2EE for audio and video calls on the messaging service as well as for one-on-one chats in Instagram, and enabled encrypted chat backups for WhatsApp on Android and iOS. E2EE is a secure communication mechanism that scrambles data in transit and prevents third-parties from unauthorizedly accessing information sent from one endpoint to another, including Meta. "This is because with end-to-end encryption, your messages are secured with aThe Hacker News
August 12, 2022
Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered Full Text
Abstract
Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core technologies — things like packet switching and TCP/IP — gave much consideration to the need to secure the data passing through it. But by 1989, hackers like Robert Morris had already spotted the security weaknesses of the fledgling global network and started to exploit them. And that was just the beginning. Today, network administrators and individual internet users spend significant amounts of time and money trying to keep their data safe from prying eyes. The de-facto tool most people use for that purpose is a VPN. It's a software encryption solution that prevents anyone from accessing data traversing the public internet other than its intended recipient. And VPNs make up a data privacy markThe Hacker News
August 12, 2022
CISA Releases Cybersecurity Toolkit to Help Protect Upcoming Midterm Elections Full Text
Abstract
The CISA on Wednesday released an election security toolkit to help state and local election officials access a variety of free tools and resources to safeguard their voting systems ahead of the upcoming midterm elections.Nextgov
August 12, 2022
Intel Introduces Protection Against Physical Fault Injection Attacks Full Text
Abstract
According to Daniel Nemiroff, senior principal engineer at Intel, fault injection attacks allow attackers to execute malicious instructions and potentially leak data through clock pin, electromagnetic, and voltage glitches.Security Week
August 10, 2022
Microsoft Edge deepens defenses against malicious websites with enhanced security mode Full Text
Abstract
Microsoft said these changes provide “defense in depth” by making it harder for malicious sites to leverage unpatched vulnerabilities in order to write to executable code into memory.The Daily Swig
August 09, 2022
Kali Linux 2022.3 adds 5 new tools, updates Linux kernel, and more Full Text
Abstract
Offensive Security has released Kali Linux 2022.3, the third version of 2022, with virtual machine improvements, Linux Kernel 5.18.5, new tools to play with, and improved ARM support.BleepingComputer
August 06, 2022
Microsoft Edge gets better security defaults on less popular sites Full Text
Abstract
Microsoft is rolling out a new update to the Microsoft Edge Stable Channel over the coming days to improve the web browser's security defaults when visiting less popular websites.BleepingComputer
August 05, 2022
DuckDuckGo browser now blocks all Microsoft trackers, most of the time Full Text
Abstract
DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing to block them in the past.BleepingComputer
August 5, 2022
Sonatype shines a light on typosquatting in PyPI Full Text
Abstract
Miscreants making use of typosquatting are being spotted by researchers at Sonatype, emphasizing the need to check that the package is really the one you meant to download.The Register
August 03, 2022
Windows 11 Smart App Control blocks files used to push malware Full Text
Abstract
Smart App Control, a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several new file types threat actors have recently adopted to infect targets with malware in phishing attacks.BleepingComputer
August 02, 2022
Microsoft announces new external attack surface audit tool Full Text
Abstract
Microsoft has announced a new security product allowing security teams to spot Internet-exposed resources in their organization's environment that attackers could use to breach their networks.BleepingComputer
July 27, 2022
GitHub introduces 2FA and quality of life improvements for npm Full Text
Abstract
GitHub has announced the general availability of three significant improvements to npm (Node Package Manager), aiming to make using the software more secure and manageable.BleepingComputer
July 27, 2022
GitGuardian launches ggcanary project to help detect open-source software risks Full Text
Abstract
According to the firm, security teams can use GitGuardian Canary Tokens (ggcanary) to create and deploy canary tokens in the form of Amazon Web Services (AWS) secrets to trigger alerts as soon as they are tampered with by attackers.CSO Online
July 26, 2022
Using Account Lockout policies to block Windows Brute Force Attacks Full Text
Abstract
A strong account lockout policy is one of the most effective tools for stopping brute force authentication attempts on Windows domains. Learn how to add one to your organization's Windows Active Directory.BleepingComputer
July 25, 2022
Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11 Full Text
Abstract
Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 minutes after 10 invalid sign-in attempts. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors," David Weston, Microsoft's vice president for OS security and enterprise, said in a series of tweets last week. "This technique is very commonly used in Human Operated Ransomware and other attacks -- this control will make brute forcing much harder which is awesome!" It's worth pointing out that while this account lockout setting is already incorporated in Windows 10, it's not enabled by default. The fThe Hacker News
July 22, 2022
Account lockout policy in Windows 11 is enabled by default to block block brute force attacks Full Text
Abstract
Starting with Windows 11 Microsoft introduce by default an account lockout policy that can block brute force attacks. Starting with Windows 11 Insider Preview build 22528.1000 the OS supports an account lockout policy enabled by default to block brute...Security Affairs
July 21, 2022
Windows 11 now blocks RDP brute-force attacks by default Full Text
Abstract
Recent Windows 11 builds now come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts (including Administrator accounts) after 10 failed sign-in attempts for 10 minutes.BleepingComputer
July 21, 2022
Cynomi Automated Virtual CISO (vCISO) Platform for Service Providers Full Text
Abstract
Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual, humanCISO expertise. This makes these services costly and tough to scale – leaving MSPs, MSSPs and consulting firms unable to add vCISO service to their portfolio or scale their existing vCISO services to meet the growing demand. This is the challenge Cynomi's Automated vCISO platform is trying to solve. The company's AI-powered vCISO platform automatically generates everything vCISO service providers need to provide their clients, fully customized for each and every client: risk and compliance assessments, gap analysis, tailored security policies, strategic remediation plans wThe Hacker News
July 20, 2022
Google Adds Support for DNS-over-HTTP/3 in Android to Keep DNS Queries Private Full Text
Abstract
Google on Tuesday officially announced support for DNS-over-HTTP/3 (DoH3) for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS (DoT), which was incorporated into the mobile operating system with Android 9.0. DoH3 is also an alternative to DNS-over-HTTPS ( DoH ), a mechanism for carrying out remote Domain Name System (DNS) resolution through an encrypted connection, effectively preventing third parties from snooping on users' browsing activities. HTTP/3 , the first major upgrade to the hypertext transfer protocol since HTTP/2 was introduced in May 2015, is designed to use a new transport layer protocol called QUIC that's already supported by major browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. The low-latency protocol, developed by Google in 2012, relies on the User Datagram ProtocThe Hacker News
July 20, 2022
Google Calendar provides new way to block invitation phishing Full Text
Abstract
The Google Workspace team announced today that it started rolling out a new method to block Google Calendar invitation spam, available to all customers, including legacy G Suite Basic and Business users.BleepingComputer
July 18, 2022
Tor Browser 11.5 is optimized to automatically bypass censorship Full Text
Abstract
The Tor Project team has announced the release of Tor Browser 11.5, which introduces functionalities to automatically bypass censorship. The Tor Project team has announced the release of Tor Browser 11.5, the new version of the popular privacy-oriented...Security Affairs
July 12, 2022
Windows Autopatch goes live, add support for cloudy PCs Full Text
Abstract
"Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations," states Microsoft.The Register
July 12, 2022
Microsoft announced the general availability of Windows Autopatch feature Full Text
Abstract
Microsoft announced the general availability of a feature called Autopatch that automatically updates Windows and Office software. Microsoft announced the general availability of a service called Autopatch that automates the process of managing...Security Affairs
July 11, 2022
Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems Full Text
Abstract
Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses. It, however, doesn't support Windows Education (A3) or Windows Front Line Worker (F3) licenses. "Microsoft will continue to release updates on the second Tuesday of every month and now Autopatch helps streamline updating operations and create new opportunities for IT pros," Lior Bela said . Autopatch works by applying security updates first to devices in what's called the Test ring, which contains a minimum number of representative devices. After a validation period, the updates are pushed to the First (1% devices), Fast (9%), and Broad (90%) rings. The service was first teased by the tech giant in April 2022The Hacker News
July 10, 2022
PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects Full Text
Abstract
The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication (2FA) condition for projects deemed "critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index (PyPI) said in a tweet last week. "Any maintainer of a critical project (both 'Maintainers' and 'Owners') are included in the 2FA requirement," it added . Additionally, the developers of critical projects who have not previously turned on 2FA on PyPi are being offered free hardware security keys from the Google Open Source Security Team. PyPI, which is run by the Python Software Foundation, houses more than 350,000 projects, of which over 3,500 projects are said to be tagged with a "critical" designation. According to the repository maintainers, any project accounting for the top 1%The Hacker News
July 9, 2022
Apple Lockdown Mode will protect users against highly targeted cyberattacks Full Text
Abstract
Apple plans to introduce a security feature, called Lockdown Mode, to protect its users against "highly targeted cyberattacks." The recent wave of sophisticated attacks against Apple users (i.e. Pegasus, DevilsTongue, and Hermit) urged the tech...Security Affairs
July 08, 2022
Microsoft Quietly Rolls Back Plan to Block Office VBA Macros by Default Full Text
Abstract
Five months after announcing plans to disable Visual Basic for Applications (VBA) macros by default in the Office productivity suite, Microsoft appears to have rolled back its plans. "Based on feedback received, a rollback has started," Microsoft employee Angela Robertson said in a July 6 comment. "An update about the rollback is in progress. I apologize for any inconvenience of the rollback starting before the update about the change was made available." In February 2022, the tech giant said it was disabling macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to mitigate potential attacks that abuse the functionality for deploying malware. "Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access," MThe Hacker News
July 07, 2022
Microsoft rolls back decision to block Office macros by default Full Text
Abstract
While Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default, Redmond said on Thursday that it will roll back this change based on "feedback" until further notice.BleepingComputer
July 07, 2022
Apple’s New “Lockdown Mode” Protects iPhone, iPad, and Mac Against Spyware Full Text
Abstract
Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies developing state-sponsored surveillanceware such as Pegasus , DevilsTongue , Predator , and Hermit . Lockdown Mode, when enabled, "hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple said in a statement. This includes blocking most message attachment types other than images and disabling link previews in Messages; rendering inoperative just-in-time ( JIT ) JavaScript compilation; removing support for shared albums in Photos; aThe Hacker News
July 06, 2022
Apple’s new Lockdown Mode defends against government spyware Full Text
Abstract
Apple announced that a new security feature known as Lockdown Mode will roll out with iOS 16, iPadOS 16, and macOS Ventura to protect high-risk individuals like human rights defenders, journalists, and dissidents against targeted spyware attacks.BleepingComputer
July 05, 2022
Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web Full Text
Abstract
Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. "Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites," Cisco Talos researcher Paul Eubanks said . "They use VPS hop-points as a proxy to hide their true location when they connect to their ransomware web infrastructure for remote administration tasks." Also prominent are the use of the TOR network and DNS proxy registration services to provide an added layer of anonymity for their illegal operations. But by taking advantage of the threat actors' operational security missteps and other techniques, the cybersecurity firm disclosed last week that it was able to identify TOR hidden services hosted on public IP addresses, some of which are previously unknown inThe Hacker News
July 03, 2022
Microsoft Defender adds network protection for Android, iOS devices Full Text
Abstract
Microsoft has announced the introduction of a new Microsoft Defender for Endpoint (MDE) feature in public preview to help organizations detect weaknesses affecting Android and iOS devices in their enterprise networks.BleepingComputer
July 01, 2022
Google Improves Its Password Manager to Boost Security Across All Platforms Full Text
Abstract
Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager, said in a blog post. The updates are also expected to automatically group multiple passwords for the same sites as well as introduce an option to manually add passwords. Although Google appears to be not ready yet to make Password Manager as a standalone app, users on Android can now add a shortcut to it on the homescreen. In a related change on iOS, should users opt for Chrome as the default autofill provider , Password Manager now comes with the ability to generate unique, strong passwords. The built-in Password Checkup feature on Android is receiving an upgrade of its own too. Beyond checking for hacked credentials, it can further higThe Hacker News
July 01, 2022
Microsoft updates Azure AD with support for temporary passcodes Full Text
Abstract
Azure Active Directory (Azure AD) now allows admins to issue time-limited passcodes that can be used to register new passwordless authentication methods, during Windows onboarding, or to recover accounts easier when losing credentials or FIDO2 keys.BleepingComputer
July 01, 2022
Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree Full Text
Abstract
Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to touch. No one except for Debricked , it seems. Sure, there are lots of ways to do it manually, but can it be done automatically with minimal risk of breaking changes? The Debricked team decided to find out. A forest full of fragile trees So, where do you even start? Firstly, there needs to be a way to fix the vulnerability, which, for indirect dependencies, is no walk in the park. Secondly, it needs to be done in a safe way, or, without anything breaking. You see, indirect dependencies are introduced deep down the dependency tree and it's very tricky to get to the exact version you want. As Debricked's Head of R&D once put it, " You are turning the knobs by playing around with your direct dependencies and praying to Torvalds that the correct indirect packages are resolved. When Torvalds is in your favour, you have to sacrifice some cloudThe Hacker News
June 29, 2022
Google Workspace now alerts of critical changes to admin accounts Full Text
Abstract
Google Workspace (formerly G Suite) has been updated to notify admins of highly sensitive changes to configurations, including those made to single sign-on (SSO) profiles and admin accounts.BleepingComputer
June 28, 2022
New Firefox privacy feature strips URLs of tracking parameters Full Text
Abstract
Mozilla Firefox 102 was released today with a new privacy feature that strips parameters from URLs that are used to track you around the web.BleepingComputer
June 21, 2022
7-zip now supports Windows ‘Mark-of-the-Web’ security feature Full Text
Abstract
7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files.BleepingComputer
June 20, 2022
RubyGems trials 2FA-by-default in code repo’s latest security effort Full Text
Abstract
The package manager has started alerting the maintainers of gems with more than 165 million downloads via the RubyGems command-line tool and website, recommending that they enable MFA on their accounts.The Daily Swig
June 16, 2022
New cloud-based Microsoft Defender for home now generally available Full Text
Abstract
Microsoft has announced today the general availability of Microsoft Defender for individuals, the company's new security solution for personal phones and computers.BleepingComputer
June 16, 2022
Oblivious DNS-over-HTTPS offers privacy enhancements to secure lookup protocol Full Text
Abstract
A detailed technical outline of the experimental protocol, which its developers hope will attract wide-scale experimentation and interoperability, was published last week.The Daily Swig
June 14, 2022
Firefox now blocks cross-site tracking by default for all users Full Text
Abstract
Mozilla says that starting today, all Firefox users will now be protected by default against cross-site tracking while browsing the Internet.BleepingComputer
June 09, 2022
Microsoft Defender now isolates hacked, unmanaged Windows devices Full Text
Abstract
Microsoft has announced a new feature for Microsoft Defender for Endpoint (MDE) to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.BleepingComputer
June 06, 2022
Apple’s New Feature Will Install Security Updates Automatically Without Full OS Update Full Text
Abstract
Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a reboot," the company said in a statement on Monday. The feature, which also works on iOS , aims to separate regular software updates from critical security improvements and are applied automatically so that users are quickly protected against in-the-wild attacks and unexpected threats. It's worth noting that Apple tested an analogous option in iOS 14.5. Rapid Security Response, viewed in that light, mirrors a similar approach taken by Google through Play Services and Play Protect to secure Android devices from malware and other kinds of fraud. Another key security feaThe Hacker News
June 02, 2022
Threat Detection Software: A Deep Dive Full Text
Abstract
As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any organization. Threat detection is about an organization's ability to accurately identify threats, be it to the network, an endpoint, another asset or an application – including cloud infrastructure and assets. At scale, threat detection analyzes the entire security infrastructure to identify malicious activity that could compromise the ecosystem. Countless solutions support threat detection, but the key is to have as much data as possible available to bolster your security visibility. If you don't know what is happening on your systems, threat detection is impossible. Deploying the right security software is critical for protecting you from threats. What do we mean by threat detection software? In the early days of threat detection, software was deployed to protect against different forms of malware. However,The Hacker News
May 31, 2022
Microsoft is rolling out these security settings to protect millions of accounts Full Text
Abstract
Microsoft began rolling out security defaults to customers who created a new Azure AD tenant after October 2019, but didn't enable the defaults for customers that created Azure AD tenants prior to October 2019.ZDNet
May 31, 2022
Microsoft shares mitigation for Office zero-day exploited in attacks Full Text
Abstract
Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely.BleepingComputer
May 24, 2022
SIM-based Authentication Aims to Transform Device Binding Security to End Phishing Full Text
Abstract
Let's face it: we all use email, and we all use passwords. Passwords create inherent vulnerability in the system. The success rate of phishing attacks is skyrocketing , and opportunities for the attack have greatly multiplied as lives moved online. All it takes is one password to be compromised for all other users to become victims of a data breach. To deliver additional security, therefore, digital identities rely on verification plasters. MFA (multi-factor authentication) often falls back to knowledge factors such as password resets and OTP codes, but these are still vulnerable. As long as credentials can be shared or intercepted, they can be misused. What is needed is a paradigm shift – from knowledge-based credentials to strong possession-factor security that can't be compromised, alongside other verification security such as biometrics. A new possession-factor API now aims to do precisely that, replacing knowledge-based credentials, by using the SIM card for possessThe Hacker News
May 17, 2022
Microsoft Defender for Endpoint gets new troubleshooting mode Full Text
Abstract
Microsoft says Defender for Endpoint now comes with a new 'troubleshooting mode' that will help Windows admins test Defender Antivirus performance and run compatibility scenarios without getting blocked by tamper protection.BleepingComputer
May 16, 2022
Kali Linux 2022.2 released with 10 new tools, WSL improvements, and more Full Text
Abstract
Offensive Security has released Kali Linux 2022.2, the second version in 2022, with desktop enhancements, a fun April Fools screensaver, WSL GUI improvements, terminal tweaks, and best of all, new tools to play with!BleepingComputer
May 13, 2022
Google Created ‘Open Source Maintenance Crew’ to Help Secure Critical Projects Full Text
Abstract
Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this information, developers can understand how their software is put together and the consequences to changes in their dependencies," the company said. The development comes as security and trust in the open source software ecosystem has been increasingly thrown into question in the aftermath of a string of supply chain attacks designed to compromise developer workflows. In December 2021, a critical flaw in the ubiquitous open source Log4j logging library left several companies scrambling to patch their systems against potential abuse. The announcement also comes less thanThe Hacker News
May 12, 2022
Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones Full Text
Abstract
Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. "When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number," Google's Jen Fitzpatrick said in a statement. The goal, the search giant, said to keep payment information safe and secure during online shopping and protect users from skimming attacks wherein threat actors inject malicious JavaScript code to plunder credit card numbers and sell them on the black market. The feature is expected to roll out in the U.S. for Visa, American Express, Mastercard, and Capital One cards starting this summer. Interestingly, while Apple offers an option to mask email addresses via Hide My Email , which enables users to create unique, random email addresses to use with appsThe Hacker News
May 11, 2022
Yahoo! JAPAN Enables Fingerprint and Face Login to Its Service Apps and Smartphone Browsers Full Text
Abstract
Yahoo Japan Corporation has completed the implementation of biometric authentication to the Android version of Yahoo! JAPAN service apps. With this, biometric authentication can now be used to log in to Yahoo! JAPAN’s various service apps.Yahoo Finance
May 10, 2022
GitHub announces enhanced 2FA experience for npm accounts Full Text
Abstract
Today, GitHub has launched a new public beta to notably improve the two-factor authentication (2FA) experience for all npm user accounts.BleepingComputer
May 10, 2022
UK govt releases free tool to check for email cybersecurity risks Full Text
Abstract
The United Kingdom's National Cyber Security Centre (NCSC) today released a new email security check service to help organizations easily identify vulnerabilities that could allow attackers to spoof emails or can lead to email privacy breaches.BleepingComputer
May 05, 2022
Google to Add Passwordless Authentication Support to Android and Chrome Full Text
Abstract
Google today announced plans to implement support for passwordless logins in Android and the Chrome web browser to allow users to seamlessly and securely sign in across different devices and websites irrespective of the platform. "This will simplify sign-ins across devices, websites, and applications no matter the platform — without the need for a single password," Google said . Apple and Microsoft are also expected to extend the support to iOS, macOS, and Windows operating systems as well as Safari and Edge browsers. The common Fast IDentity Online ( FIDO ) sign-in system does away with passwords entirely in favor of displaying a prompt asking a user to unlock the phone when signing into a website or an application. This is made possible by storing a cryptographically-secured FIDO credential called a passkey on the phone that's used to log in to the online account after unlocking the device. "Once you've done this, you won't need your phone again aThe Hacker News
May 05, 2022
Microsoft, Apple, and Google to support FIDO passwordless logins Full Text
Abstract
Microsoft, Apple, and Google announced today plans to support a common passwordless sign-in standard (known as passkeys) developed by the World Wide Web Consortium (W3C) and the FIDO Alliance.BleepingComputer
May 3, 2022
Package Analysis dynamic analyzes packages in open-source repositories Full Text
Abstract
The Open Source Security Foundation (OpenSSF) is working on a tool to conduct a dynamic analysis of packages uploaded to popular open-source repositories. The Open Source Security Foundation (OpenSSF) announced the release of the first version of a new tool,...Security Affairs
May 02, 2022
Microsoft Defender for Business stand-alone now generally available Full Text
Abstract
Microsoft says that its enterprise-grade endpoint security for small to medium-sized businesses is now generally available.BleepingComputer
May 01, 2022
Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages Full Text
Abstract
The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the security of the software supply chain and increasing trust in open-source software. "The Package Analysis project seeks to understand the behavior and capabilities of packages available on open source repositories: what files do they access, what addresses do they connect to, and what commands do they run?," the OpenSSF said . "The project also tracks changes in how packages behave over time, to identify when previously safe software begins acting suspiciously," the foundation's Caleb Brown and David A. Wheeler added. In a test run that lasted a month, the tool ideThe Hacker News
April 19, 2022
Real-time voice concealment algorithm blocks microphone spying Full Text
Abstract
Columbia University researchers have developed a novel algorithm that can block rogue audio eavesdropping via microphones in smartphones, voice assistants, and IoTs in general.BleepingComputer
April 11, 2022
Microsoft’s Autopatch feature improves the patch management process Full Text
Abstract
Microsoft announced a feature called Autopatch that will allow organizations to keep their systems up-to-date starting with Windows Enterprise E3 (July 2022). Microsoft recently announced the implementation of a new feature called Autopatch starting...Security Affairs
April 11, 2022
Dependency Review GitHub Action prevents adding known flaws in the code Full Text
Abstract
Dependency Review GitHub Action scans users' pull requests for dependency changes and will raise an error if any new dependencies have existing flaws. GitHub announced Dependency Review GitHub Action which scans users' pull requests for dependency...Security Affairs
April 11, 2022
OpenSSH now defaults to protecting against quantum computer attacks Full Text
Abstract
Post-quantum cryptography has arrived by default with the release of the new OpenSSH 9 version and the adoption of the hybrid Streamlined NTRU Prime + x25519 key exchange method.ZDNet
April 10, 2022
Microsoft’s New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date Full Text
Abstract
Microsoft last week announced that it intends to make generally available a feature called Autopatch as part of Windows Enterprise E3 in July 2022. "This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost," said Lior Bela, senior product marketing manager at Microsoft, in a post last week. "The second Tuesday of every month will be 'just another Tuesday.'" Windows Autopatch is intended to work with all supported versions of Windows 10, Windows 11, and Windows 365 for Enterprise. Windows Server OS and Windows 365 for Business, however, are not supported. The tech giant said the feature is aimed at tackling the complexity associated with software updates in enterprise IT environments as well as closing security gaps introduced as a result of not applying patches in a timely fashion, thereby opening the door to potential new threats. The managed service works by applying the updates acroThe Hacker News
April 08, 2022
GitHub can now alert of supply-chain bugs in new dependencies Full Text
Abstract
GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities.BleepingComputer
April 07, 2022
Google boosts Android security with new set of dev policy changes Full Text
Abstract
Google has announced several key policy changes for Android application developers that will increase the security of users, Google Play, and the apps offered by the service.BleepingComputer
April 05, 2022
Microsoft announces new Windows 11 security, encryption features Full Text
Abstract
Microsoft says that Windows 11 will get more security improvements in upcoming releases, which will add more protection against cybersecurity threats, offer better encryption, and block malicious apps and drivers.BleepingComputer
April 04, 2022
GitHub can now auto-block commits containing API keys, auth tokens Full Text
Abstract
GitHub announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to automatically block secret leaks.BleepingComputer
April 01, 2022
Microsoft now lets you enable the Windows App Installer again, here’s how Full Text
Abstract
Microsoft now allows enterprise admins to re-enable the MSIX ms-appinstaller protocol handler disabled after Emotet abused it to deliver malicious Windows App Installer packages.BleepingComputer
March 29, 2022
Consistency in password resets helps block credential theft Full Text
Abstract
As important as end user training and message filtering may be, there is a third method that tip the odds in their favor. Because phishing attacks often come disguised as password reset emails, it is important to handle password resets in a way that makes it obvious that email messages are not part of the password reset process.BleepingComputer
March 28, 2022
New Windows security feature blocks vulnerable drivers Full Text
Abstract
Microsoft will allow Windows users to block drivers with known vulnerabilities with the help of Windows Defender Application Control (WDAC) and a vulnerable driver blocklist.BleepingComputer
March 23, 2022
Use This Definitive RFP Template to Effectively Evaluate XDR solutions Full Text
Abstract
A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions. XDR has been referred to as the next step in the evolution of Endpoint Detection and Response (EDR) solutions. Because XDR represents a new solution category, there is no single accepted definition of what capabilities and features should (and shouldn't) be included. Each provider approaches XDR with different strengths and perspectives on how what an XDR solution should include. Therefore, selecting an XDR provider is quite challenging as organizations must organize and prioritize a wide range of capabilities that can differ significantly between providers. Cynet is now addressing this need with the Definitive RFP Template for XDR solutions ( download here ),The Hacker News
March 22, 2022
Wazuh Offers XDR Functionality at a Price Enterprises Will Love — Free! Full Text
Abstract
Back in 2018, Palo Alto Networks CTO and co-founder Nir Zuk coined a new term to describe the way that businesses needed to approach cybersecurity in the years to come. That term, of course, was extended detection and response (XDR). It described a unified cybersecurity infrastructure that brought endpoint threat detection, network analysis and visibility (NAV), access management, and more under a single roof to find and neutralize digital threats in real-time. And Zuk's vision of XDR proved prophetic. In the years since he coined the phrase, platforms leveraging the XDR model have emerged as the de-facto leaders of the business cybersecurity industry. But their scale and complexity put them in a product class that's just out of reach for some enterprises. Fortunately, the open-source community — as it often does — has filled the XDR void with an affordable product — because it's totally free. It's called Wazuh , and it provides enterprises the tools they need to buThe Hacker News
March 18, 2022
Microsoft releases open-source tool for checking MikroTik Routers compromise Full Text
Abstract
Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft has released an open-source tool, dubbed RouterOS Scanner, that can be used to secure MikroTik routers...Security Affairs
March 17, 2022
Microsoft creates tool to scan MikroTik routers for TrickBot infections Full Text
Abstract
The TrickBot trojan has just added one more trick up its sleeve, now using vulnerable IoT (internet of things) devices like modem routers as proxies for its C2 (command and control) server communication.BleepingComputer
March 14, 2022
Ukraine is using Clearview AI’s facial recognition during the conflict Full Text
Abstract
Ukraine's defense ministry began using Clearview AI’s facial recognition technology to uncover Russian assailants, combat misinformation and identify the dead. Ukraine's defense ministry announced it will use the AI’s facial recognition technology...Security Affairs
March 8, 2022
FIDO authentication standard could signal the passing of passwords Full Text
Abstract
The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies.Tech Target
March 01, 2022
Microsoft rolling out new endpoint security solution for SMBs Full Text
Abstract
Microsoft has started rolling out its new endpoint security solution for small and medium-sized businesses (SMBs) known as Microsoft Defender for Business to Microsoft 365 Business Premium customers worldwide starting today, March 1st.BleepingComputer
February 27, 2022
New Chip Can Prevent Hackers From Extracting Hidden Information From Smart Devices Full Text
Abstract
MIT researchers developed an application-specific integrated circuit (ASIC) chip that can be implemented on an Internet-of-Things (IOT) device to defend against power-based side-channel attacks.scitechdaily
February 26, 2022
Free Android app lets users detect Apple AirTag tracking Full Text
Abstract
A small team of researchers at the Darmstadt University in Germany have published a report illustrating how their AirGuard app for Android provides better protection from stealthy AirTag stalking than other apps.BleepingComputer
February 23, 2022
Microsoft Defender for Cloud can now protect Google Cloud resources Full Text
Abstract
Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform (GCP) environments, providing security recommendations and threat detection across clouds.BleepingComputer
February 22, 2022
Google Chrome to allow users to add notes to saved passwords Full Text
Abstract
Google is testing a new Chrome feature that allows users to add notes on passwords saved in the web browser.BleepingComputer
February 21, 2022
Cracking the Code - Researchers Decrypt Hive Ransomware Full Text
Abstract
Researchers identified a bug in the encryption algorithm of Hive ransomware, allowing white hat researchers to decrypt data without the need for any private key. Researchers could weaponize the flaw to recover 92–98% of the master key used during encryption. The method can now be effectively used t ... Read MoreCyware Alerts - Hacker News
February 21, 2022
A Free Solution to Protect Your Business from 6 Biggest Cyber Threats in 2022 Full Text
Abstract
For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses. And unfortunately — the bad guys have the upper hand at the moment. Part of the reason for that is the fallout from the rapid digitization made necessary by the COVID-19 pandemic. According to research on the subject, more than half of businesses have yet to mitigate the risks created by that digitization. And when you add a persistent shortage of cybersecurity workers to that fact, you have the makings of a scary situation. But businesses aren't helpless. There are plenty of things they can do to augment their defenses as they look to mitigate cyber risks. And best of all, some of those options won't cost them a thing. A great example of that is the open-source security platform Wazuh . It offers businesThe Hacker News
February 19, 2022
CISA compiled a list of free cybersecurity tools and services Full Text
Abstract
The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week that it has compiled a list of free...Security Affairs
February 17, 2022
New quantum key distribution network resistant to quantum attacks Full Text
Abstract
A QKD channel was multiplexed on the same fiber as ultra-high bandwidth 800 Gbps optical channels for the first time and used to provide keys for encryption of the data stream.CSO Online
February 17, 2022
This New Tool Can Retrieve Pixelated Text from Redacted Documents Full Text
Abstract
The practice of blurring out text using a method called pixelation may not be as secure as previously thought. While the most foolproof way of concealing sensitive textual information is to use opaque black bars, other redaction methods like pixelation can achieve the opposite effect, enabling the reversal of pixelized text back into its original form. Dan Petro, a lead researcher at offensive security firm Bishop Fox, has demonstrated a new open-source tool called Unredacter to reconstruct text from the pixelated images, effectively leaking the very information that was meant to be protected. The tool is also seen as an improvement over an existing utility named Depix , which works by looking up what permutations of pixels could have resulted in certain pixelated blocks to recover the text. The threat model works on the underlying hypothesis that given a piece of text containing both redacted and un-redacted information, the attacker uses the information about the font siThe Hacker News
February 15, 2022
SafeDNS: Cloud-based Internet Security and Web Filtering Solution for MSPs Full Text
Abstract
Remote workplace trend is getting the upper hand in 2022. A recent survey by IWG (the International Workplace Group) determined that 70% of the world's professionals work remotely at least one day a week, with 53% based outside their workplace at least half of the week. Taking this into consideration, organizations have started looking for reliable partners that can deliver services and support consistently, for example, to install new hybrid infrastructure solutions while trusting them with the everyday functioning of their IT. So far, MSPs have been meeting this demand by offering multiple solutions that help employees work remotely without any problems. What are the main cybersecurity solutions remote workers need? Multi-Factor Authentication Virtual Private Network DNS Filtering to secure DNS traffic Why is a web filtering important and what are the main features necessary for MSPs? Managed service providers have been struggling with finding the right web filteringThe Hacker News
February 14, 2022
Kali Linux 2022.1 released with 6 new tools, SSH wide compat, and more Full Text
Abstract
Offensive Security has released Kali Linux 2022.1, the first version of 2022, with improved accessibility features, a visual refresh, SSH wide compatibility, and of course, new toys to play with!BleepingComputer
February 14, 2022
Tool trio released to protect JavaScript applications from malicious NPM packages Full Text
Abstract
The tools – npm-secure-install, package-checker, and npm_issues_statistic – are designed to address some of the thorniest security problems of using open-source software packages.The Daily Swig
February 13, 2022
Microsoft Defender will soon block Windows password theft Full Text
Abstract
Microsoft is enabling an 'Attack Surface Reduction' security feature rule by default to block hackers' attempts to steal Windows credentials from the LSASS process.BleepingComputer
February 13, 2022
Microsoft is making it harder to steal Windows passwords from memory Full Text
Abstract
Microsoft is enabling an 'Attack Surface Reduction' security feature rule by default to block hackers' attempts to steal Windows credentials from the LSASS process.BleepingComputer
February 8, 2022
Microsoft Ups Office Protections With Improved Blocking of Macros Full Text
Abstract
For documents coming from unknown or untrusted sources, Microsoft blocks macros by default, but users have the option to enable them by clicking on a yellow warning at the top of the document.Security Week
February 7, 2022
Avast released a free decryptor for TargetCompany ransomware Full Text
Abstract
Cybersecurity firm Avast has released a decryption tool to allow victims of TargetCompany ransomware to recover their files for free. Czech cybersecurity software firm Avast has released a decryption tool that could allow victims of the TargetCompany ransomware...Security Affairs
February 07, 2022
Free decryptor released for TargetCompany ransomware victims Full Text
Abstract
Czech cybersecurity software firm Avast has released a decryption utility to help TargetCompany ransomware victims recover their files for free.BleepingComputer
February 03, 2022
How SSPM Simplifies Your SOC2 SaaS Security Posture Audit Full Text
Abstract
An accountant and a security expert walk into a bar… SOC2 is no joke. Whether you're a publicly held or private company, you are probably considering going through a Service Organization Controls (SOC) audit. For publicly held companies, these reports are required by the Securities and Exchange Commission (SEC) and executed by a Certified Public Accountant (CPA). However, customers often ask for SOC2 reports as part of their vendor due diligence process. Out of the three types of SOC reports, SOC2 is the standard to successfully pass regulatory requirements and signals high security and resilience within the organization — and is based on the American Institute of Certified Public Accountants (AICPA) attestation requirements. The purpose of this report is to evaluate an organization's information systems relevant to security, availability, processing integrity, confidentiality, and privacy — over a period of time (roughly six to twelve months). As part of a SOC2 audit, iThe Hacker News
February 02, 2022
Office 365 boosts email security against MITM, downgrade attacks Full Text
Abstract
Microsoft has added SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers' email communication integrity and security.BleepingComputer
February 02, 2022
Microsoft Sentinel adds threat monitoring for GitHub repos Full Text
Abstract
Microsoft says its cloud-native SIEM (Security Information and Event Management) platform now allows to detect potential ransomware activity using the Fusion machine learning model.BleepingComputer
February 02, 2022
Cynet’s Keys to Extend Threat Visibility Full Text
Abstract
We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM's Cost of a Data Breach Report that has been tracking this statistic for years. In the 2021 report, IBM found that, on average, it takes an average of 212 days to identify a breach and then another 75 days to contain the breach, for a total of 287 days. A new solution overview document provides insights on how XDR provider Cynet tackles the difficult problem of greatly improving threat visibility. Cynet takes a modern approach that includes a greater level of native technology integration and advanced automation purposely designed for organizations with smaller security teams than Fortune 500 organizations. A live webinar will discuss the same topic ( Register here ) Cynet's Keys for Threat Visibility Einstein said that the definition of iThe Hacker News
February 01, 2022
Microsoft Defender now detects Android and iOS vulnerabilities Full Text
Abstract
Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform.BleepingComputer
January 31, 2022
Microsoft Office 365 to add better protection for priority accounts Full Text
Abstract
Microsoft is working on updating Microsoft Defender for Office 365 with differentiated protection for enterprise accounts tagged as critical for an organization (i.e., accounts of high-profile employees including executive-level managers, the ones most often targeted by attackers).BleepingComputer
January 30, 2022
Researchers Use Natural Silk Fibers to Generate Secure Keys for Strong Authentication Full Text
Abstract
A group of academics at South Korea's Gwangju Institute of Science and Technology (GIST) have utilized natural silk fibers from domesticated silkworms to build an environmentally friendly digital security system that they say is "practically unbreachable." "The first natural physical unclonable function (PUF) […] takes advantage of the diffraction of light through natural microholes in native silk to create a secure and unique digital key for future security solutions," the researchers said . Physical unclonable functions or PUFs refer to devices that leverage inherent randomness and microscopic differences in electronics introduced during manufacturing to generate a unique identifier (e.g., cryptographic keys) for a given set of inputs and conditions. In other words, PUFs are non-algorithmic one-way functions derived from uncopiable elements to create unbreakable identifiers for strong authentication. Over the years, PUFs have been widely used in smartcaThe Hacker News
January 28, 2022
How Wazuh Can Improve Digital Security for Businesses Full Text
Abstract
2021 was a year peppered by cyberattacks, with numerous data breaches happening. Not only that, but ransomware has also become a prominent player in the hackers' world. Now, more than ever, it's important for enterprises to step up cybersecurity measures. They can do this through several pieces of technology, such as an open-source security platform like Wazuh . Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities, which not only enables companies to detect sophisticated threats, but can also help immensely in preventing data breaches and leaks from happening. As a result, it can save businesses from costly fixes that can ultimately end in their closure. It is also possible to integrate Wazuh with a number of external services and tools. Some of them are VirusTotal, YARA, Amazon Macie, Slack, and Fortigate Firewall. Consequently, companies can improve their security against hackers from penetrating their networks. What's great abouThe Hacker News
January 26, 2022
GitHub enables two-factor authentication mechanism through iOS, Android app Full Text
Abstract
The new security feature introduced by GitHub is another way users can enable two-factor authentication alongside security keys and WebAuthn, one-time passcodes, and SMS.ZDNet
January 25, 2022
UK NCSC is going to release Nmap scripts to find unpatched vulnerabilities Full Text
Abstract
The UK NCSC cybersecurity agency is going to release a collection of NMAP scripts that can allow defenders to find unpatched vulnerabilities. The United Kingdom's National Cyber Security Centre (NCSC) announced the release of NMAP Scripting Engine...Security Affairs
January 24, 2022
ZTNAs Address Requirements VPNs Cannot. Here’s Why. Full Text
Abstract
I recently hopped on the Lookout podcast to talk about virtual private networks (VPNs) and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to be the go-to solution for remote access and cloud access. After my conversation with Hank Schless, I was inspired to put some additional thoughts about VPN on paper. When most organizations were forced to shift to remote work last year, they needed a quick-fix solution that would enable their remote employees to access work resources securely. For many, this solution came in the form of VPNs. However, VPNs were not designed for the bring your own device (BYOD) and cloud app use cases. While VPNs are able to provide remote access, it may come as a surprise that they fall short when it comes to security. This is because VPNs were built for when only a small portion of your workforce wThe Hacker News
January 24, 2022
Microsoft switches off Excel 4.0 macros by default to protect users against security threats Full Text
Abstract
That setting, released as an optional configuration in the Excel Trust Center setting in July, is now the default when opening Excel 4.0 macros (XLM), Microsoft said in a blog post.ZDNet
January 20, 2022
ProtonMail introduces a new email tracker blocking system Full Text
Abstract
ProtonMail has introduced an enhanced email tracking protection system for its web-based email solution that prevents senders from being tracked by recipients who open their messages.BleepingComputer
January 17, 2022
Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons Full Text
Abstract
Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C specification called private network access ( PNA ). "Chrome will start sending a CORS preflight request ahead of any private network request for a subresource, which asks for explicit permission from the target server," Titouan Rigoudy and Eiji Kitamura said . "This preflight request will carry a new header, Access-Control-Request-Private-Network: true, and the response to it must carry a corresponding header, Access-Control-Allow-Private-Network: true." What this means is that starting with Chrome version 101, any website accessible via the internet will be made to seek explicit permiThe Hacker News
January 14, 2022
Researchers develop CAPTCHA solver to aid dark web research Full Text
Abstract
A team of researchers at the Universities of Arizona, Georgia, and South Florida, have developed a machine-learning-based CAPTCHA solver that they claim can overcome 94.4% of real challenges on dark websites.BleepingComputer
January 13, 2022
Android users can now disable 2G to block Stingray attacks Full Text
Abstract
Google has finally rolled out an option on Android allowing users to disable 2G connections, which come with a host of privacy and security problems exploited by cell-site simulators.BleepingComputer
January 13, 2022
Meeting Patching-Related Compliance Requirements with TuxCare Full Text
Abstract
Cybersecurity teams have many demands competing for limited resources. Restricted budgets are a problem, and restricted staff resources are also a bottleneck. There is also the need to maintain business continuity at all times. It's a frustrating mix of challenges – with resources behind tasks such as patching rarely sufficient to meet security prerogatives or compliance deadlines. The multitude of different security-related standards have ever stringent deadlines, and it is often the case that business needs don't necessarily align with those requirements. At the core of what TuxCare does is automated live patching – a way to consistently keep critical services safe from security threats, without the need to expend significant resources in doing so, or the need to live with business disruption. In this article, we'll outline how TuxCare helps organizations such as yours deal better with security challenges including patching, and the support of end-of-life operating sThe Hacker News
January 11, 2022
Firefox Focus now blocks cross-site tracking on Android devices Full Text
Abstract
Mozilla's Firefox Focus web browser can now protect Android users against cross-site tracking while browsing the Internet by preventing cookies from being used for advertising and monitoring your activity.BleepingComputer
January 7, 2022
How to secure QNAP NAS devices? The vendor’s instructions Full Text
Abstract
QNAP is warning customers of ransomware attacks targeting network-attached storage (NAS) devices exposed online. Taiwanese vendor QNAP has warned customers to secure network-attached storage (NAS) exposed online from ransomware and brute-force attacks....Security Affairs
January 05, 2022
Microsoft Defender for Endpoint adds zero-touch iOS onboarding Full Text
Abstract
Microsoft says zero-touch onboarding for Microsoft Defender for Endpoint (MDE) on iOS is now available in public preview, allowing enterprise admins to silently install Defender for Endpoint automatically on enrolled devices.BleepingComputer
January 04, 2022
First Microsoft Pluton-powered Windows 11 PCs unveiled at CES Full Text
Abstract
Lenovo unveiled today at CES 2022 the first Microsoft Pluton-powered Windows 11 PCs, the ThinkPad Z13 and Z16, with AMD Ryzen 6000 Series processors.BleepingComputer
December 23, 2021
VK introduces 2FA and plans to make it mandatory in 2022 Full Text
Abstract
VK, Russia's most popular social media platform with 650 million users, is finally introducing two-factor authentication on all its services and plans to make it mandatory in February 2022 for administrators of large communities.BleepingComputer
December 22, 2021
Opera browser working on clipboard anti-hijacking feature Full Text
Abstract
The Opera browser team is working on a new clipboard monitoring and protection system called Paste Protection, which aims to prevent content hijacking and snooping.BleepingComputer
December 22, 2021
CISA releases Apache Log4j scanner to find vulnerable apps Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by& two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046.BleepingComputer
December 21, 2021
Windows 10 21H2 adds ransomware protection to security baseline Full Text
Abstract
Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit.BleepingComputer
December 21, 2021
WhiteSource Open Source Tool Can Discover Log4j Vulnerabilities Full Text
Abstract
WhiteSource has made available an open-source tool to detect vulnerable instances of Log4j logging software. The recently disclosed flaw allows attackers to launch an RCE attack via Java applications.Security Boulevard
December 17, 2021
How to Prevent Customer Support Help Desk Fraud Using VPN and Other Tools Full Text
Abstract
It's no secret that the internet isn't a very safe place. And it's not hard to understand why. It's a medium that connects billions of people around the world that affords bad actors enough anonymity to wreak havoc without getting caught. It's almost as if the internet's tailor-made to enable scams and fraud. And that's just what it does. Right now, the world's on track to lose $10.5 trillion every year to cybercrime. That number is so large that it's hard for the average person to grasp. And when most people hear it, they imagine that money's coming mostly from large-scale data breaches and ransomware attacks on large companies. Although businesses are among the hardest hit each year, they're by no means the only target. Every day, internet users are targeted too. They face barrages of phishing emails, compromised websites, and booby-trapped downloads. But among all of the attacks aimed at rank-and-file users, there's one that standThe Hacker News
December 17, 2021
Google unleashes security ‘fuzzer’ on Log4Shell bug in open-source software Full Text
Abstract
To seek out Log4Shell vulnerabilities in newly built open-source software, Google is partnering with security firm Code Intelligence to provide continuous fuzzing for Log4j.ZDNet
December 16, 2021
Google Calendar now lets you block invitation phishing attempts Full Text
Abstract
Google now makes it easy to block unwanted calendar invitations, commonly used by threat actors in phishing and malicious campaigns, from being added to your Google Calendar.BleepingComputer
December 16, 2021
Firefox users can’t reach Microsoft.com — here’s what to do Full Text
Abstract
Those using the Mozilla Firefox web browser are left unable to access Microsoft.com domain. Tests by BleepingComputer confirm the issue relates to SSL certificate validation errors. Below we explain what can you do to remedy the issue.BleepingComputer
December 15, 2021
Cynet’s MDR Offers Organizations Continuous Security Oversight Full Text
Abstract
Today's cyber attackers are constantly looking for ways to exploit vulnerabilities and infiltrate organizations. To keep up with this evolving threat landscape, security teams must be on the lookout for potential risks around the clock. Since most organizations simply cannot afford to have 24x7 security teams, managed detection and response (MDR) services have become a critical aspect of any modern security stack. Most organizations must find outsourced MDR providers on top of their existing solutions, but that's not always a feasible solution. XDR provider Cynet offers its MDR service ( learn more here ), which the company calls CyOps, as part of its offering. The service is much more than simply a help desk, though. CyOps offers a thorough MDR service that offers both monitoring and threat hunting, as well as incident response in cases where an attack is successful. How CyOps operates The key selling point for CyOps MDR is that it enhances organizations' security aThe Hacker News
December 14, 2021
Microsoft rolls out end-to-end encryption for Teams calls Full Text
Abstract
Microsoft announced today the general availability of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls.BleepingComputer
December 11, 2021
Cybereason released Logout4Shell, a vaccine for Log4Shell Apache Log4j RCE Full Text
Abstract
Cybereason researchers released a "vaccine" that mitigates the critical 'Log4Shell' Apache Log4j code execution vulnerability. Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for a critical remote code execution zero-day...Security Affairs
December 10, 2021
Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk Full Text
Abstract
The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, remote code execution (RCE) on any application that uses the open-source utility and affects versions Log4j 2.0-beta9 up to 2.14.1. The bug has scored a perfect 10 on 10 in the CVSS rating system, indicative of the severity of the issue. "An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled," the Apache Foundation said in an advisory. "From Log4j 2.15.0, this behavior has been disabled by default." Exploitation can be achieved by a single string of text, which cThe Hacker News
December 10, 2021
Researchers release ‘vaccine’ for critical Log4Shell vulnerability Full Text
Abstract
Researchers from cybersecurity firm Cybereason has released a "vaccine" that can be used to remotely mitigate the critical 'Log4Shell' Apache Log4j code execution vulnerability running rampant through the Internet.BleepingComputer
December 09, 2021
Kali Linux 2021.4 released with 9 new tools, further Apple M1 support Full Text
Abstract
Kali Linux 2021.4 was released today by Offensive Security and includes further Apple M1 support, increased Samba compatibility, nine new tools, and an update for all three main desktop.BleepingComputer
December 09, 2021
Microsoft previews new endpoint security solution for SMBs Full Text
Abstract
Microsoft Defender for Business, a new endpoint security solution specially built for small and medium-sized businesses (SMBs), is now rolling out in preview worldwide.BleepingComputer
December 08, 2021
Microsoft: Secured-core servers help prevent ransomware attacks Full Text
Abstract
Microsoft says the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices are now available to protect customers' networks from security threats, including ransomware attacks.BleepingComputer
December 07, 2021
STOP Ransomware vaccine released to block encryption Full Text
Abstract
German security software company G DATA has released a vaccine that will block STOP Ransomware from encrypting victims' files after infection.BleepingComputer
December 06, 2021
Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code Full Text
Abstract
Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed " RLBox " and implemented in collaboration with researchers at the University of California San Diego and the University of Texas, the improved protection mechanism is designed to harden the web browser against potential weaknesses in off-the-shelf libraries used to render audio, video, fonts, images, and other content. To that end, Mozilla is incorporating "fine-grained sandboxing" into five modules, including its Graphite font rendering engine, Hunspell spell checker, Ogg multimedia container format, Expat XML parser, and Woff2 web font compression format. The framework uses WebAssembly , an open standard that defines a portable binary-code format for executable programs that can be run on modern web browsers, to iThe Hacker News
December 06, 2021
WhatsApp adds default disappearing messages for new chats Full Text
Abstract
WhatsApp announced today that it had expanded the privacy control features with the addition of default disappearing messages for all newly initiated chats.BleepingComputer
December 02, 2021
Meta Expands Facebook Protect Program to Activists, Journalists, Government Officials Full Text
Abstract
Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. "These people are at the center of critical communities for public debate," said Nathaniel Gleicher, head of security policy at Meta. "They enable democratic elections, hold governments and organizations accountable, and defend human rights around the world. Unfortunately this also means that they are highly targeted by bad actors." Facebook Protect , currently being launched globally in phases, enables users who enroll for the initiative to adopt stronger account security protections, like two-factor authentication (2FA), and watch out for potential hacking threats. Meta said more than 1.5 million accounts have enabled Facebook Protect to date, of which nearly 950,000 accountThe Hacker News
December 1, 2021
VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs) Full Text
Abstract
VirusTotal announced VirusTotal Collections, a new service that allows security researchers to share sets of Indicators of Compromise (IoCs). VirusTotal announced VirusTotal Collections, a new service that allows threat researchers to share Indicators...Security Affairs
December 1, 2021
VirusTotal Introduces ‘Collections’ to Simplify IoC Sharing Full Text
Abstract
Chronicle-owned VirusTotal this week announced VirusTotal Collections, a new resource aimed at making it easier for security researchers to share Indicators of Compromise (IoCs).Security Week
December 01, 2021
VirusTotal Collections feature helps keep neat IoC lists Full Text
Abstract
Scanning service VirusTotal announced today a new feature called Collections that lets researchers create and share reports with indicators of compromise observed in security incidents.BleepingComputer
November 29, 2021
CleanMyMac X: Performance and Security Software for Macbook Full Text
Abstract
We use Internet-enabled devices in every aspect of our lives today—to find information, shop, bank, do homework, play games, and keep in touch with friends and family. As a result, our devices contain much personal information about us. Also, any great device will get a little clunky and slow over time and the Mac is no exception, and the whole "Macs don't get viruses" claim is a myth. Malware for Macs has increased over the years, and today's Macs are being plagued by adware, scareware, and other potentially unwanted programs as well. If you are worried about your Macbook's performance and security, including unwanted software, ransomware, CleanMyMac X software has you covered. CleanMyMac is all-in-all software to optimize your Mac's performance and security. It clears out clutter and removes megatons of junk so your computer can run faster, just like it did on day one. The tool is designed to replace several optimization apps for Mac and can be anythiThe Hacker News
November 26, 2021
New differential fuzzing tool reveals novel HTTP request smuggling techniques Full Text
Abstract
Researchers have released a new fuzzing tool used for finding novel HTTP request smuggling techniques. The tool, dubbed ‘T-Reqs’, was built by a team from Northeastern University, Boston, and Akamai.The Daily Swig
November 23, 2021
Microsoft Edge adds Super Duper Secure Mode to Stable channel Full Text
Abstract
Microsoft has quietly added a 'Super Duper Secure Mode' to the Microsoft Edge web browser, a new feature that brings security improvements without significant performance losses.BleepingComputer
November 20, 2021
Microsoft: Office 365 will boost default protection for all users Full Text
Abstract
Microsoft is rolling out Built-In Protection to Defender for Office 365, a new feature that would automatically enable recommended settings and policies to make sure all new and existing users get at least a basic level of protection.BleepingComputer
November 19, 2021
Microsoft Authenticator gets new enterprise security features Full Text
Abstract
Microsoft has added new security features for Microsoft Authenticator users that further secure the app and make it easier to roll out in enterprise environments.BleepingComputer
November 16, 2021
Microsoft adds AI-driven ransomware protection to Defender Full Text
Abstract
Microsoft has introduced an AI-driven ransomware attack detection system for Microsoft Defender for Endpoint customers that complements existing cloud protection by evaluating risks and blocking actors at the perimeter.BleepingComputer
November 12, 2021
New tool flags up benign-but-exploitable Chrome extensions Full Text
Abstract
Researchers from Germany's CISPA Helmholtz Center for Information Security have developed a tool to identify Chrome extensions that could be exploited by malicious webpages and other extensions.The Register
November 09, 2021
Tor Browser 11 removes V2 Onion URL support, adds new UI Full Text
Abstract
The Tor Project has released Tor Browser 11.0 with a new user interface design and the removal of support for V2 onion services.BleepingComputer
November 03, 2021
Product Overview - Cynet Centralized Log Management Full Text
Abstract
For most organizations today, the logs produced by their security tools and environments provide a mixed bag. On the one hand, they can be a trove of valuable data on security breaches, vulnerabilities, attack patterns, and general security insights. On the other, organizations don't have the right means to manage the massive scale of logs and data produced to derive any value from it. Log management can quickly become a sore point, and either be forgotten or improperly managed if done manually. In turn, this reduces data transparency and leaves organizations more exposed to vulnerabilities that could have been detected. A new centralized log management module (CLM) introduced by XDR provider Cynet ( learn more here ) could help organizations lighten that load and enhance organizations' visibility into their valuable log data. Instead of manually handling the collection, storage, and parsing of data, organizations can use CLM to enhance their log analysis, better understand theiThe Hacker News
November 3, 2021
Confidential Computing Consortium unveils Gramine 1.0 to protect sensitive datasets at all stages Full Text
Abstract
The Confidential Computing Consortium’s new Gramine Project is introducing its production-ready version – Gramine 1.0 – to enable the protection of sensitive workloads with Intel SGX.Help Net Security
November 3, 2021
Microsoft to release ‘Defender for Business’ platform Full Text
Abstract
Microsoft 365's Jon Maunder said its "specially built to bring enterprise-grade endpoint security to businesses with up to 300 employees, in a solution that is easy-to-use and cost-effective."ZDNet
November 02, 2021
Microsoft announces new endpoint security solution for SMBs Full Text
Abstract
Microsoft today announced a new endpoint security solution dubbed Microsoft Defender for Business, specially built for small and medium-sized businesses.BleepingComputer
November 01, 2021
Signal now lets you report and block spam messages Full Text
Abstract
Signal has added an easy way for users to report and block spam straight from message request screens with a single mouse click.BleepingComputer
November 1, 2021
Google Introduces New Open-Source Data Privacy Protocol Full Text
Abstract
Google introduced Private Set Membership (PSM), a cryptographic protocol that helps clients check whether a specific identifier is present in a list held by a server, in a privacy-preserving manner.Security Week
October 29, 2021
Microsoft: Windows web content filtering now generally available Full Text
Abstract
Microsoft has announced that web content filtering has reached general availability and is now available for all Windows enterprise customers.BleepingComputer
October 27, 2021
Babuk ransomware decryptor released to recover files for free Full Text
Abstract
Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free.BleepingComputer
October 25, 2021
Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM Full Text
Abstract
The average cost of a data breach, according to the latest research by IBM, now stands at USD 4.24 million , the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge itself is not new. What is new is the unprecedented and accelerated complexity of securing the workplace. CISOs/CIOs are dealing with legacy systems, cloud hosting, on-prem, remote workers, office based, traditional software, and SaaS. How businesses adapted was laudable, but now that employees spread across locations, offices and homes – with more than half threatening not to return to offices unless hybrid working is implemented – the challenge morphs into securing a nonuniform perimeter. We know passwords aren't sufficient. Knowledge-based access is usually fortified with other forms of multi-factor authentication (MFA), such as auth apps or FIDO tokens, and in highly sensitive caseThe Hacker News
October 25, 2021
Facebook Introduces New Tool for Finding SSRF Vulnerabilities Full Text
Abstract
The new utility from Facebook features a simple interface that allows researchers to create unique internal endpoint URLs for targeting and then learn whether their URLs have been hit by SSRF attempt.Security Week
October 24, 2021
Microsoft 365 will get support for custom ARC configurations Full Text
Abstract
Microsoft is working on adding custom Authenticated Received Chain (ARC) configuration support to Microsoft Defender for Office 365.BleepingComputer
October 22, 2021
Microsoft Teams adds end-to-end encryption for one-to-one calls Full Text
Abstract
Microsoft has announced the public preview roll-out of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls.BleepingComputer
October 21, 2021
Product Overview: Cynet SaaS Security Posture Management (SSPM) Full Text
Abstract
Software-as-a-service (SaaS) applications have gone from novelty to business necessity in a few short years, and its positive impact on organizations is clear. It's safe to say that most industries today run on SaaS applications, which is undoubtedly positive, but it does introduce some critical new challenges to organizations. As SaaS application use expands, as well as the number of touchpoints they create, the attack surface also becomes significantly larger. As an answer to this emerging challenge, XDR provider Cynet has added a new SaaS Security Posture Management (SSPM) tool to its existing platform ( you can learn more here ). Regardless of the size of an organization or its security team, managing the security policy and posture of dozens to hundreds of SaaS applications is a complex task, and one that requires the right tools to expedite and optimize. Using SSPM can centralize many of the management and logistics requirements and offer a more unified way to establish securThe Hacker News
October 19, 2021
Brave ditches Google for its own privacy-centric search engine Full Text
Abstract
Brave Browser has replaced Google with its own no-tracking privacy-centric Brave Search as the default search engine for new users in five regions.BleepingComputer
October 18, 2021
Password Auditing Tool L0phtCrack Released as Open Source Full Text
Abstract
First released in 1997, the L0phtCrack tool can be used to test password strength and recover lost Windows passwords via dictionary, brute-force, and other types of attacks.Security Week
October 14, 2021
WhatsApp rolls out iOS, Android end-to-end encrypted chat backups Full Text
Abstract
WhatsApp is rolling out end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing your chats, regardless of where they are stored.BleepingComputer
October 14, 2021
Microsoft releases Linux version of the Windows Sysmon tool Full Text
Abstract
Microsoft has released a Linux version of the very popular Sysmon system monitoring utility for Windows, allowing Linux administrators to monitor devices for malicious activity.BleepingComputer
October 11, 2021
Microsoft Defender for Identity to detect Windows Bronze Bit attacks Full Text
Abstract
Microsoft is working on adding support for Bronze Bit attacks detection to Microsoft Defender for Identity to make it easier for Security Operations teams to detect attempts to abuse a Windows Kerberos bug tracked as CVE-2020-17049.BleepingComputer
October 09, 2021
Microsoft adds tamper protection to Windows 11 security baseline Full Text
Abstract
Microsoft has released the final version of its security configuration baseline settings for Windows 11, downloadable today using the Microsoft Security Compliance Toolkit.BleepingComputer
October 07, 2021
Microsoft is disabling Excel 4.0 macros by default to protect users Full Text
Abstract
Microsoft will soon begin disabling Excel 4.0 XLM macros by default in Microsoft 365 tenants to protect customers from malicious documents.BleepingComputer
October 06, 2021
Google to turn on 2-factor authentication by default for 150 million users Full Text
Abstract
Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security. In addition, the internet giant said it also intends to require 2 million YouTube creators to switch on the setting, which it calls two-step verification (2SV), to protect their channels from potential takeover attacks. "2SV is strongest when it combines both 'something you know' (like a password) and 'something you have' (like your phone or a security key)," Google's AbdelKarim Mardini and Guemmy Kim said in a post, adding "having a second form of authentication dramatically decreases an attacker's chance of gaining access to an account." The rollout follows the company's proposals to beef up account sign-ins earlier this May, when it said it intends to "automatically enrolling users in 2SV iThe Hacker News
October 06, 2021
Microsoft shares Windows 11 TPM check bypass for unsupported PCs Full Text
Abstract
Microsoft has published a new support webpage where they provide an official method to bypass the TPM 2.0 and CPU checks (TPM 1.2 is still required) and have Windows 11 installed on unsupported systems.BleepingComputer
October 06, 2021
Firefox improves advertising tracker blocking in private browsing Full Text
Abstract
Mozilla says that Firefox users will be better protected from advertising trackers (like Google Analytics scripts) while browsing the Internet in Private Browsing mode and using Strict Tracking Protection.BleepingComputer
September 30, 2021
ImmuniWeb Launches Free Cloud Security Test to Detect Unprotected Storage Full Text
Abstract
The IDC cloud security survey 2021 states that as many as 98% of companies were victims of a cloud data breach within the past 18 months. Fostered by the pandemic, small and large organizations from all over the world are migrating their data and infrastructure into a public cloud, while often underestimating novel and cloud-specific security or privacy issues. Nearly every morning, the headlines are full of sensational news about tens of millions of health or financial records being found in unprotected cloud storage like AWS S3 buckets, Microsoft Azure blobs or another cloud-native storage service by the growing number of smaller cloud security providers. ImmuniWeb, a rapidly growing application security vendor that offers a variety of AI-driven products, has announced this week that its free Community Edition , running over 150,000 daily security tests, now has one more online tool – cloud security test . To check your unprotected cloud storage, you just need to enter yourThe Hacker News
September 30, 2021
CISA releases Insider Risk Mitigation Self-Assessment Tool Full Text
Abstract
The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks. The US Cybersecurity and Infrastructure Security Agency (CISA) has released...Security Affairs
September 30, 2021
Facebook released Mariana Trench tool to find flaws in Android and Java apps Full Text
Abstract
Facebook released Mariana Trench, an internal open-source tool that can be used to identify vulnerabilities in Android and Java applications. The Facebook security team has open-sourced the code for Mariana Trench, an internal open-source tool used...Security Affairs
September 29, 2021
Facebook open-sources tool to find Android app security flaws Full Text
Abstract
Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications.BleepingComputer
September 29, 2021
Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps Full Text
Abstract
Facebook on Wednesday announced it's open-sourcing Mariana Trench , an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. "[Mariana Trench] is designed to be able to scan large mobile codebases and flag potential issues on pull requests before they make it into production," the Menlo Park-based social tech behemoth said . In a nutshell, the utility allows developers to frame rules for different data flows to scan the codebase for in order to unearth potential issues — say, intent redirection flaws that could result in the leak of sensitive data or injection vulnerabilities that would allow adversaries to insert arbitrary code — explicitly setting boundaries as to where user-supplied data entering the app is allowed to come from (source) and flow into (sink) such as a database, file, web view, or a log. Data flows found violating the rulesThe Hacker News
September 29, 2021
CISA releases tool to help orgs fend off insider threat risks Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks.BleepingComputer
September 23, 2021
Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API Full Text
Abstract
Domain names are often brands’ most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection.Threatpost
September 22, 2021
How Cynet’s Response Automation Helps Organizations Mitigate Cyber Threats Full Text
Abstract
One of the determining factors of how much damage a cyber-attack cause is how fast organizations can respond to it. Time to response is critical for security teams, and it is a major hurdle for leaner teams. To help improve this metric and enhance organizations' ability to respond to attacks quickly, many endpoint detection and response (EDR) and extended detection and response (XDR) vendors have started including some form of automation in their platforms to reduce the need for manual intervention. XDR provider Cynet claims that they go beyond existing solutions when it comes to security automation. More than automating individual components, the Cynet 360 platform ( see a live demo here ) offers automation across every phase of incident response – from detection through remediation. The company uses a variety of tools and techniques to keep organizations safe and quickly respond to any emerging threat. How Cynet removes the guesswork from Incident Response Cynet fully automateThe Hacker News
September 15, 2021
You Can Now Sign-in to Your Microsoft Accounts Without a Password Full Text
Abstract
Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email. The change is expected to be rolled out in the coming weeks. "Except for auto-generated passwords that are nearly impossible to remember, we largely create our own passwords," said Vasu Jakkal, Microsoft's corporate vice president for Security, Compliance, and Identity. "But, given the vulnerability of passwords, requirements for them have gotten increasingly complex in recent years, including multiple symbols, numbers, case sensitivity, and disallowing previous passwords." "Passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives," Jakkal added. Over the years, weak passwords have emerged as the entry point for a vast majority of attacks across enterprise and consThe Hacker News
September 15, 2021
Microsoft to let users completely remove account passwords and go passwordless Full Text
Abstract
In the coming weeks, Microsoft said that users would be able to remove the password from their consumer account and choose an alternative authentication option instead to boost security.The Record
September 15, 2021
Kali Linux 2021.3 released with new pentest tools, improvements Full Text
Abstract
Kali Linux 2021.3 was released yesterday by Offensive Security and includes a new set of tools, improved virtualization support, and a new OpenSSL configuration that increases the attack surface.BleepingComputer
September 15, 2021
Security bods boost Apple iPhone hardware attack research with iTimed toolkit Full Text
Abstract
Researchers at NC State created a toolkit dubbed iTimed, which builds atop an open-source reimplementation of the "unpatchable" checkm8 boot ROM vulnerability first disclosed back in September 2019.The Register
September 13, 2021
Facebook announces WhatsApp end-to-end encrypted (E2EE) backups Full Text
Abstract
Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history...Security Affairs
September 11, 2021
WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud Full Text
Abstract
WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. The feature, which will go live to all of its two billion users in the coming weeks, is expected to only work on the primary devices tied to their accounts, and not companion devices such as desktops or laptops that simply mirror the content of WhatsApp on the phones. While the Facebook-owned messaging platform flipped the switch on end-to-end encryption (E2EE) for personal messages, calls, video chats, and media between senders and recipients as far back as April 2016 , the content — should a user opt to back up on the cloud to enable the transfer of chat history to a new device — wasn't subjected to the same security protections until now. "With the introduction of end-to-end encrypted backups, WhaThe Hacker News
September 10, 2021
Google debuts new Private Compute features in ramp up of Android security Full Text
Abstract
Currently in Android 12 Beta, Private Compute Core is an open source platform that aims to isolate itself from other apps and the main operating system on an Android device to improve privacy and security.ZDNet
September 08, 2021
3 Ways to Secure SAP SuccessFactors and Stay Compliant Full Text
Abstract
The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are leveraging the cloud to accelerate essential HR functions such as recruiting, onboarding, evaluating, and more. SAP is leading this HR transformation with its human capital management (HCM) solution, SAP SuccessFactors. Delivering HR solutions from the cloud enables employees and administrators to not only automate typical tasks, such as providing a report on employee attrition, but also allows them to complete these tasks from anywhere and on any device. SuccessFactors makes it easy for employees to access what they need. But the wide range of sensitive employee data within SuccessFactors creates additional security and compliance challenges. Whether it's personal and financial information used for payroll or health information for benefits, you need the right cybersecurity to ensure that sensitive data,The Hacker News
September 8, 2021
Tooling Network Detection & Response for Ransomware Full Text
Abstract
Justin Jett, director of audit and compliance at Plixer, discusses how to effectively use network flow data in the fight against ransomware.Threatpost
September 06, 2021
New Chainsaw tool helps IR teams analyze Windows event logs Full Text
Abstract
Incident responders and blue teams have a new tool called Chainsaw that speeds up searching through Windows event log records to identify threats.BleepingComputer
September 05, 2021
Office 365 to let admins block Active Content on Trusted Docs Full Text
Abstract
Microsoft plans to allow Office 365 admins ensure that end-users can't ignore organization-wide policies set up to block active content on Trusted Documents.BleepingComputer
September 01, 2021
Twitter adds Safety Mode to automatically block online harassment Full Text
Abstract
Twitter has introduced today Safety Mode, a new feature that aims to block online harassment attempts and reduce disruptive interactions on the platform.BleepingComputer
August 31, 2021
Microsoft 365 Usage Analytics now anonymizes user info by default Full Text
Abstract
Microsoft has announced that it will start anonymizing user-level info by default Microsoft 365 Usage Analytics beginning with September 1, 2021.BleepingComputer
August 31, 2021
Researchers Propose Machine Learning-based Bluetooth Authentication Scheme Full Text
Abstract
A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called " Verification of Interaction Authenticity " (aka VIA), the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once two devices are paired with one another, which remain authenticated until an explicit deauthentication action is taken, or the authenticated session expires. "Consider devices that pair via Bluetooth, which commonly follow the pattern of pair once, trust indefinitely. After two devices connect, those devices are bonded until a user explicitly removes the bond. This bond is likely to remain intact as long as the devices exist, or until they transfer ownership," Travis Peters, one of the co-authors of the study, said . "The increased adoption of (Bluetooth-enabled)The Hacker News
August 30, 2021
How Does MTA-STS Improve Your Email Security? Full Text
Abstract
Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage (e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now), and therefore security was not an important consideration. As a result, in most email systems encryption is still opportunistic, which implies that if the opposite connection does not support TLS, it gets rolled back to an unencrypted one delivering messages in plaintext. To mitigate SMTP security problems, MTA-STS (Mail Transfer Agent Strict Transport Security) is the recommended email authentication standard. It enforces TLS in order to allow MTAs to send emails securely. This means that it will only allow mail from MTAs that support TLS encryption, and it will only allow mail to go to MX hosts that support TLS encryption. In case an encrypted connection cannot be negotiated between communicating SMTP servers, theThe Hacker News
August 26, 2021
ShadowPad: A High in Demand Chinese Espionage Tool Full Text
Abstract
A new report has disclosed that ShadowPad backdoor malware has been actively used by different Chinese espionage groups since 2017. The Windows malware platform greatly reduces the development and maintenance cost for the attackers. The availability of such advanced malware as a commodity might emp ... Read MoreCyware Alerts - Hacker News
August 26, 2021
New Passwordless Verification API Uses SIM Security for Zero Trust Remote Access Full Text
Abstract
Forget watercooler conspiracies or boardroom battles. There's a new war in the office. As companies nudge their staff to return to communal workspaces, many workers don't actually want to – more than 50 percent of employees would rather quit, according to research by EY . While HR teams worry over the hearts and minds of staff, IT security professionals have a different battle plan to draft – how to make the new normal of the hybrid workplace secure. The Trade-off Between Usability and Security A company's biggest vulnerability continues to be its people. In a hybrid workplace, a Zero Trust strategy means ever-tightening security. The MFA a company chooses affects the difficulty of logging into email, dashboards, workflow tools, client documentation, and so on. Or, conversely, how porous access security is. Now imagine this scenario. An employee opens a company portal, confirms a prompt on a company app on her phone, and that's it. She has been authenticated sThe Hacker News
August 25, 2021
Preventing your Cloud ‘Secrets’ from Public Exposure: An IDE plugin solution Full Text
Abstract
I'm sure you would agree that, in today's digital world, the majority of applications we work on require some type of credentials – to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials, or sometimes just referred to as 'Secrets,' are pieces of user or system-level confidential information that ought to be carefully protected and accessible to legitimate users only. We all know how important it is to keep these assets secure to prevent account misuse and breaches. A reality check: How often do you make proactive efforts to protect these assets? Rarely, I'd say. Among the worst mistakes a developer can make when it comes to application security is to accidentally commit confidential information publicly on the Internet. Surprisingly, secrets and credentials are accidentally leaked more often than you might expect, and there are intelligent tools that sThe Hacker News
August 25, 2021
Microsoft will add secure preview for Office 365 quarantined emails Full Text
Abstract
Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails.BleepingComputer
August 24, 2021
Effective Threat-Hunting Queries in a Redacted World Full Text
Abstract
Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers’ infrastructure.Threatpost
August 20, 2021
Emsisoft releases free SynAck ransomware decryptor Full Text
Abstract
Emsisoft researchers have released a decryptor for the SynAck Ransomware that could allow victims of the gang to decrypt their files for free Emsisoft has released a free decryptor for SynAck Ransomware that can allow victims of the gang to decrypt...Security Affairs
August 18, 2021
GitHub urges users to enable 2FA after going passwordless Full Text
Abstract
GitHub is urging its user base to toggle on two-factor authentication (2FA) after deprecating password-based authentication for Git operations.BleepingComputer
August 16, 2021
UNISOC joins Google’s Android Ready SE Alliance to deliver secure solutions to the Android ecosystem Full Text
Abstract
UNISOC has joined Google’s Android Ready SE Alliance, a collaboration between Google and Secure Element (SE) vendors, to offer a growing list of open-source, validated, and ready-to-use SE Applets.Help Net Security
August 16, 2021
Google Releases Tool to Help Developers Enforce Security Full Text
Abstract
Google this week announced its latest aid for developers, a tool that automates security tasks and checks project attributes to ensure that the security of an open-source project has not changed.Dark Reading
August 14, 2021
Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger Full Text
Abstract
Facebook on Friday said it's extending end-to-end encryption (E2EE) for voice and video calls in Messenger, along with testing a new opt-in setting that will turn on end-to-end encryption for Instagram DMs. "The content of your messages and calls in an end-to-end encrypted conversation is protected from the moment it leaves your device to the moment it reaches the receiver's device," Messenger's Ruth Kricheli said in a post. "This means that nobody else, including Facebook, can see or listen to what's sent or said. Keep in mind, you can report an end-to-end encrypted message to us if something's wrong." The social media behemoth said E2EE is becoming the industry standard for improved privacy and security. It's worth noting that the company's flagship messaging service gained support for E2EE in text chats in 2016, when it added a " secret conversation " option to its app, while communications on its sister platform WhatThe Hacker News
August 14, 2021
The Rise of Deep Learning for Detection and Classification of Malware Full Text
Abstract
Different types of deep learning algorithms, such as convolutional neural networks (CNN), recurrent neural networks and Feed-Forward networks, have been applied to a variety of use cases in malware analysis.McAfee
August 13, 2021
Microsoft Teams will alert users of incoming spam calls Full Text
Abstract
Microsoft is working on adding a spam call notification feature to the Microsoft 365 Teams collaboration platform.BleepingComputer
August 13, 2021
Google open-sourced Allstar tool to secure GitHub repositories Full Text
Abstract
Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations. Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security...Security Affairs
August 13, 2021
One-click Microsoft Outlook button makes it a breeze for workers to report phishing emails Full Text
Abstract
This week, the U.K. NCSC has published a guide on how IT administrators can add the new button to Outlook on Microsoft Office 365 suites across their organizations to report phishing emails.Cyber News
August 12, 2021
CobaltSpam tool can flood Cobalt Strike malware servers Full Text
Abstract
A security researcher has published this week a tool to flood Cobalt Strike servers—often used by malware gangs—with fake beacons in order to corrupt their internal databases of infected systems.The Record
August 12, 2021
A Simple Software Fix Could Limit Location Data Sharing Full Text
Abstract
Security researchers Paul Schmitt and Barath Raghavan have created a scheme called Pretty Good Phone Privacy that can mask wireless users' locations from carriers with a simple software upgrade.Wired
August 10, 2021
Microsoft Azure Sentinel uses Fusion ML to detect ransomware attacks Full Text
Abstract
Microsoft Azure Sentinel cloud-native SIEM (Security Information and Event Management) platform used the Fusion machine learning model to detect ransomware attack. Microsoft Azure Sentinel cloud-native SIEM is using the Fusion machine learning model...Security Affairs
August 10, 2021
Windows security update blocks PetitPotam NTLM relay attacks Full Text
Abstract
Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain.BleepingComputer
August 10, 2021
Firefox adds enhanced cookie clearing, HTTPS by default in private browsing Full Text
Abstract
Mozilla says that, starting in Firefox 91 released today, users will be able to fully erase the browser history for all visited websites which prevents privacy violations due to "sneaky third-party cookies sticking around."BleepingComputer
August 09, 2021
Microsoft adds Fusion ransomware attack detection to Azure Sentinel Full Text
Abstract
Microsoft says that the Azure Sentinel cloud-native SIEM (Security Information and Event Management) platform is now able to detect potential ransomware activity using the Fusion machine learning model.BleepingComputer
August 9, 2021
Enfilade: Open source tool flags ransomware and bot infections in MongoDB instances Full Text
Abstract
Researchers Aditya Sood and Rohit Bansal created an open-source tool that detects internet-facing MongoDB instances and whether they’ve been infected with ransomware or Meow malware has been launched.The Daily Swig
August 6, 2021
Open source tool WARCannon simplifies web-wide vulnerability research Full Text
Abstract
Security researchers and bug bounty hunters can use WARCannon to non-invasively test regex patterns across the entire internet for corresponding vulnerability indicators.The Daily Swig
August 5, 2021
Credential leak detection tool Scrapesy aims to reduce incident response times Full Text
Abstract
The tool, which scrapes both the clear web and dark web for exposed credentials, is designed for use by workers in security operations, incident response, threat intelligence, and pen testing roles.The Daily Swig
August 5, 2021
Spotting brand impersonation with Swin transformers and Siamese neural networks Full Text
Abstract
Using a combination of ML techniques, Microsoft developed a detection system that outperforms all visual fingerprint-based benchmarks on all metrics while maintaining a 90% hit rate.Microsoft
August 5, 2021
Edge Super Duper Secure Mode turns off the JavaScript JIT compiler for extra security Full Text
Abstract
The lead of Microsoft Edge Vulnerability Research Johnathan Norman has detailed an experiment in Edge that disabled the JavaScript JIT compiler to enable some extra security protections.ZDNet
August 02, 2021
Windows PetitPotam attacks can be blocked using new method Full Text
Abstract
Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily.BleepingComputer
August 01, 2021
Bot protection now generally available in Azure Web Application Firewall Full Text
Abstract
Microsoft has announced that the Web Application Firewall (WAF) bot protection feature has reached general availability on Azure on Application Gateway starting this week.BleepingComputer
July 31, 2021
Microsoft Shares More Information on Protecting Systems Against PetitPotam Attacks Full Text
Abstract
PetitPotam is the name assigned to a vulnerability that can be exploited by an unauthenticated attacker to get a targeted server to connect to an arbitrary server and perform NTLM authentication.Security Week
July 27, 2021
Microsoft Teams just got this new protection against phishing attacks Full Text
Abstract
The additional phishing protection in Microsoft Teams is available for organizations using Defender for Office 365 to guard against phishing attacks that use weaponized URLs.ZDNet
July 27, 2021
Microsoft Teams now automatically blocks phishing attempts Full Text
Abstract
Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks.BleepingComputer
July 26, 2021
Microsoft Defender ATP now secures removable storage, printers Full Text
Abstract
Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus.BleepingComputer
July 26, 2021
GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies Full Text
Abstract
What GitLab sets out to achieve with the new open source tool -- named Package Hunter -- is the detection of malicious code that would execute within an application’s dependencies.Security Week
July 26, 2021
Microsoft publishes mitigations for the PetitPotam attack Full Text
Abstract
Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their password hashes. Microsoft has released mitigations for the recently discovered PetitPotam NTLM attack...Security Affairs
July 24, 2021
Microsoft shares mitigations for new PetitPotam NTLM relay attack Full Text
Abstract
Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers.BleepingComputer
July 21, 2021
Google Chrome now comes with up to 50x faster phishing detection Full Text
Abstract
Google Chrome now comes with up to 50 times faster phishing detection starting with the latest released version 92, promoted to the stable channel on Tuesday.BleepingComputer
July 21, 2021
capa 2.0: Better, Faster, Stronger Full Text
Abstract
The open-source tool called capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering.FireEye
July 18, 2021
Instagram implements ‘Security Checkup’ to help users recover compromised accounts Full Text
Abstract
Instagram introduced a new security feature dubbed "Security Checkup" to help users to recover their accounts that have been compromised. Good news for the owners of Instagram accounts that may have been compromised, the company launched a new feature...Security Affairs
July 16, 2021
Microsoft Defender for Identity now detects PrintNightmare attacks Full Text
Abstract
Microsoft has added support for PrintNightmare exploitation detection to Microsoft Defender for Identity to help Security Operations teams detect attackers' attempts to abuse this critical vulnerability.BleepingComputer
July 15, 2021
New Zero-Trust API Offers Mobile Carrier Authentication to Developers Full Text
Abstract
Zero Trust is increasingly being adopted as the best strategy to maintain application security and prevent data breaches. To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators – without the overhead of processing or storing user data. Before we show you how it works and how to integrate it, let's start with the fundamental challenge. Zero Trust and Authentication The Zero Trust model of identity verification essentially means never trusting that a returning user is whom they claim to be, regardless of their location or previous successful attempts. Zero Trust is a strategic approach to access management that is vital for keeping out bad actors. As the world moves to the cloud, with an increasingly distributed network of employees, partners, and clients, tighter auth journeys become even more important. But with greater security comes greateThe Hacker News
July 14, 2021
Strata automation tool looks to simplify cloud migration projects Full Text
Abstract
Users will be able to automatically discover and catalog on-premises identity systems that are nearing their end of life.SCMagazine
July 14, 2021
Google Chrome will add HTTPS-First Mode to keep your data safe Full Text
Abstract
Google will add an HTTPS-First Mode to the Chrome web browser to block attackers from intercepting or eavesdropping on users' web traffic.BleepingComputer
July 13, 2021
Amazon starts rolling out Ring end-to-end encryption globally Full Text
Abstract
Amazon-owned Ring has announced starting the worldwide roll out of video End-to-End Encryption (E2EE) to customers with compatible devices.BleepingComputer
July 8, 2021
Tor Browser 10.5 is out, it includes a new anti-censorship feature Full Text
Abstract
The Tor Project has released Tor Browser 10.5 which enhances an anti-censorship feature and warns of V2 onion URL deprecation. The Tor Project has released Tor Browser 10.5 which implements an improved anti-censorship feature and warns users of V2 onion...Security Affairs
July 08, 2021
Mozilla Firefox to roll out DNS over HTTPS for Canadian users Full Text
Abstract
Mozilla has decided to roll out the DNS over HTTPS (DoH) feature by default for Canadian Firefox users later this month. The move comes after DoH has already been offered to US-based Firefox users since 2020.BleepingComputer
July 7, 2021
Kaseya offers pre-patch instructions for on-prem VSA customers Full Text
Abstract
Still struggling to manage the fallout from a ransomware attack that kicked off Friday, Kaseya was unable to relaunch the software-as-a-service VSA remote management product it took offline or provide a patch for its on-premises VSA customers Wednesday. But the company did release pre-patch instructions to prepare on-premises clients for the coming update.SCMagazine
July 07, 2021
Tor Browser adds new anti-censorship feature, V2 onion warnings Full Text
Abstract
The Tor Project has released Tor Browser 10.5 with V2 onion URL deprecation warnings, a redesigned Tor connection experience, and an improved anti-censorship feature.BleepingComputer
July 4, 2021
Kaseya announces breach detection tool in VSA ransomware fight Full Text
Abstract
According to a company update Saturday night, Kaseya only received a single report of a new infection Saturday from a client who left their VSA server on.SCMagazine
July 02, 2021
New Google Scorecards Tool Scans Open-Source Software for More Security Risks Full Text
Abstract
Google has launched an updated version of Scorecards , its automated security tool that produces a "risk score" for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis. "With so much software today relying on open-source projects, consumers need an easy way to judge whether their dependencies are safe," Google's Open Source Security Team said Thursday. "Scorecards helps reduce the toil and manual effort required to continually evaluate changing packages when maintaining a project's supply chain." Scorecards aims to automate analysis of the security posture of open source projects as well as use the security health metrics to proactively improve the security posture of other critical projects. To date, the tool has been scaled up to evaluate security criteria for over 50,000 open source projects. Some of the new additions include checks for contributions from maliThe Hacker News
July 1, 2021
Built to ease SOC analysts’ burdens, Kestrel threat-hunting language gains an audience Full Text
Abstract
Newly embraced by the Open Cybersecurity Alliance, Kestrel is open source and platform-agnostic, and leverages automation.SCMagazine
July 1, 2021
US CISA releases a Ransomware Readiness Assessment (RRA) tool Full Text
Abstract
The US CISA has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool. The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware...Security Affairs
July 01, 2021
Twitter now lets you use security keys as the only 2FA method Full Text
Abstract
Twitter now lets users use security keys as the only two-factor authentication (2FA) method while having all other methods disabled, as the social network announced three months ago, in March.BleepingComputer
June 30, 2021
Windows 11 makes TPM Diagnostics tool its first optional feature Full Text
Abstract
Windows 11 comes with a new optional feature called 'TPM Diagnostics' that allows administrators to query the data stored on a device's TPM security processor.BleepingComputer
June 30, 2021
GitHub Launches ‘Copilot’ — AI-Powered Code Completion Tool Full Text
Abstract
GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot , as the code synthesizer is called, has been developed in collaboration with OpenAI , and leverages Codex, a new AI system that's trained on publicly available source code and natural language with the goal of translating comments and code written by a user into auto-generated code snippets. "GitHub Copilot draws context from the code you're working on, suggesting whole lines or entire functions," GitHub CEO Nat Friedman said in a blog post. "It helps you quickly discover alternative ways to solve problems, write tests, and explore new APIs without having to tediously tailor a search for answers on the internet." Despite its function as an AI-based autocomplete for writing boilerplate code, the MicrThe Hacker News
June 29, 2021
Lorenz ransomware decryptor recovers victims’ files for free Full Text
Abstract
Dutch cybersecurity firm Tesorion has released a free decryptor for the Lorenz ransomware, allowing victims to recover some of their files for free without paying a ransom.BleepingComputer
June 29, 2021
Apple encrypts its iCloud data on Google, AWS clouds Full Text
Abstract
Apple had become Google’s largest customer of cloud data services, with the company’s encryption standards viewed as a positive development by some security researchers, who said more companies need to take the shared responsibility model with cloud service providers seriously.SCMagazine
June 29, 2021
Windows 11 includes the DNS-over-HTTPS privacy feature - How to use Full Text
Abstract
Microsoft has added a privacy feature to Windows 11 called DNS-over-HTTPS, allowing users to perform encrypted DNS lookups to bypass censorship and Internet activity.BleepingComputer
June 29, 2021
New API Lets App Developers Authenticate Users via SIM Cards Full Text
Abstract
Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts. The Problem with Identity Verification The traditional model of online identity – username/email and password – has long outlived its usefulness. This is how multi-factor or two-factor authentication (MFA or 2FA) has come into play, to patch up vulnerabilities of the so-called knowledge-based model, usually by SMS passcode to verify possession of a mobile phone number. The simplicity of SMS-based verification has taken apps by storm – it's the default option, as most users have a mobile phone. Yet bad actors have learned how to exploit this verification method, leading to the menace of SIM swap fraud , which is alarmingly easy to pull off and rising rapidly in incidents. There's been no lack of effort in finding a more secure factor that is still universal. For example, bThe Hacker News
June 29, 2021
Experts developed a free decryptor for the Lorenz ransomware Full Text
Abstract
Researchers analyzed a recently discovered threat, the Lorenz ransomware, and developed a free decryptor for the victims of this new operation. The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding...Security Affairs
June 29, 2021
Google now requires app developers to verify their address and use 2FA Full Text
Abstract
Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace, Google Play Trust and Safety team said. As part of the changes, individual users and businesses in possession of Google Play developer accounts will be asked to specify an account type (personal or organization), a contact name, their physical address, as well as verifying the email address and phone number provided during account creation. In addition, the search giant is also mandating users of Google Play Console to sign in using Google's 2-Step Verification to prevent account takeover attacks. According to the timeline shared by Google, developer account owners will be able to declare their account type aThe Hacker News
June 28, 2021
Sizing Up the Security Features Slated for Windows 11 Full Text
Abstract
Microsoft's decision to offload more security requirements onto hardware is the right move, some security experts say. But many firms running older gear could have a hard time taking advantage of it.Bank Info Security
June 25, 2021
Google rolls out a unified security vulnerability schema for open-source software Full Text
Abstract
Now the OSV and the schema has been expanded to several new key open-source ecosystems: Go, Rust, Python, and DWF. This expansion unites and aggregates their vulnerability databases.ZDNet
June 22, 2021
Tool lets users supplement Mitre ATT&CK knowledge base with their own threat intel Full Text
Abstract
The tool ultimately enables companies to create their own customized repository of cyber threat information.SCMagazine
June 22, 2021
New Tool Launched to Remove Nude Images of Children Online Full Text
Abstract
Children worried about nude content appearing online can now access a tool to restrict content being sharedInfosecurity Magazine
June 18, 2021
Google Releases New Framework to Prevent Software Supply Chain Attacks Full Text
Abstract
As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called " Supply chain Levels for Software Artifacts " (SLSA, and pronounced "salsa"), the end-to-end framework aims to secure the software development and deployment pipeline — i.e., the source ➞ build ➞ publish workflow — and mitigate threats that arise out of tampering with the source code, the build platform, and the artifact repository at every link in the chain. Google said SLSA is inspired by the company's own internal enforcement mechanism called Binary Authorization for Borg , a set of auditing tools that verifies code provenance and implements code identity to ascertain that the deployed production software is properly reviewed and authorized. "In its current state, SLSA is a set of incrementally adoptableThe Hacker News
June 18, 2021
Researchers offer advice on how to block WFH employees from downloading pirated software Full Text
Abstract
Security teams looking to prevent work-from-home and remote users from downloading potentially trojanized pirated software will find Thursday’s research by Sophos of interest. In a blog post, Sophos researchers reported on a curious malware program that comes disguised as pirated copies of software, but actually modifies infected users’ HOSTS file to blocks them from visiting…SCMagazine
June 17, 2021
A look at Google’s new project to boost security for open source (and other) software code Full Text
Abstract
The tech giant’s new software security framework is a roadmap to help developers defend against common attacks at every link in the development and production chain.SCMagazine
June 16, 2021
TimeCache aims to block side-channel cache attacks – without hurting performance Full Text
Abstract
Researchers from the University of Rochester have created TimeCache, an approach to system security claimed to protect against side-channel attacks without the usual deleterious impact on performance.The Register
June 15, 2021
UChecker tool from CloudLinux scans Linux servers Full Text
Abstract
For security administrators, the tool covers more than one Linux distribution in a scripted fashion.SCMagazine
June 12, 2021
Codecov ditches Bash Uploader for a NodeJS executable Full Text
Abstract
Codecov has now introduced a new cross-platform uploader meant to replace its former Bash Uploader. The new uploader is available as a static binary executable currently supporting the Windows, Linux, and macOS operating systems. However, some have raised concerns with the new uploader and the many dependencies it contains.BleepingComputer
June 10, 2021
Meet ViVian, a new ID crime chatbot that may be used for future B2B cyber applications Full Text
Abstract
Resource-depleted businesses could use version of this tool to field help desk calls and reports of cyber incidents.SCMagazine
June 10, 2021
ACSC scanning is allowing Commonwealth entities to avoid being hacked Full Text
Abstract
Under its Cyber Hygiene Improvement Programs (CHIPs), the ACSC was able to identify vulnerable, internet-exposed MobileIron systems across Commonwealth, state and territory, and local governments.ZDNet
June 9, 2021
Infoblox ups integration across on-premises, cloud and remote office environments Full Text
Abstract
The combination of three pieces of information runs on DDI (DNS, DHCP, IPAM) technology, which delivers this granular data to administrators so they can solve networking and security issues.SCMagazine
June 9, 2021
As clouds get more complex, companies are struggling to adapt legacy security tooling Full Text
Abstract
2020 could be a tipping point for cloud adoption, but its bringing more complexity and causing companies to reevaluate their old security stack.SCMagazine
June 8, 2021
Proofpoint rolls out full-featured, cloud-native security platform Full Text
Abstract
The company’s new cloud platform was developed from its extensive experience managing and analyzing email traffic. Proofpoint claims that every day it analyzes more than 2.2 billion email messages, 35 billion URLs, 200 million attachments, and 35 million cloud accounts.SCMagazine
June 06, 2021
Google, Microsoft, and Mozilla work together on better browser extensions Full Text
Abstract
Google, Microsoft, Apple, and Mozilla have launched the WebExtensions Community Group (WECG) to collaborate on standardizing browser extensions to enhance both security and performance.BleepingComputer
June 4, 2021
‘Gatekeeper’ Google aims for safer extension installs, fewer phishing attacks Full Text
Abstract
As one researcher warned, being in the gatekeeper position of determining what’s trustworthy gives tremendous influence to an organization that owns more than three-quarters of browser market.SCMagazine
June 3, 2021
Self-service tool claims to execute cloud-based data access in five minutes Full Text
Abstract
DevSecOps company Satori announced a self-service data access capability that it says cuts down cloud-based data access from a manual, three-week process that requires database administrators to a five-minute task that any business user can do.SCMagazine
June 03, 2021
Microsoft Teams calls are getting end-to-end encryption in July Full Text
Abstract
Microsoft Teams is getting better security and privacy next month with the addition of end-to-end encrypted 1:1 voice calls.BleepingComputer
June 02, 2021
Kali Linux 2021.2 released with new tools, improvements, and themes Full Text
Abstract
Kali Linux 2021.2 was released today by Offensive Security and includes new themes and features, such as access to privileged ports, new tools, and a console-based configuration utility.BleepingComputer
June 01, 2021
Microsoft adds Automatic HTTPS in Edge for secure browsing Full Text
Abstract
Microsoft Edge now can automatically switch users to a secure HTTPS connection when visiting websites over HTTP, after enabling Automatic HTTPS.BleepingComputer
May 31, 2021
Deadshot: Open source DevOps tool stops sensitive data from being uploaded to GitHub Full Text
Abstract
Deadshot monitors GitHub pull requests in real-time. The open-source tool flags the potential inclusion of sensitive data in any code, as well as “changes to sensitive functionality”.The Daily Swig
May 24, 2021
Microsoft: This new open source tool helps you test your defences again hacker attacks Full Text
Abstract
Microsoft has released SimuLand, an open-source project which aims to help security teams reproduce known attack scenarios - and test just how good Microsoft's core security products are.ZDNet
May 21, 2021
Microsoft SimuLand, an open-source lab environment to simulate attack scenarios Full Text
Abstract
Microsoft released SimuLand, an open-source tool that can be used to build lab environments to simulate attacks and verify their detection. Microsoft has released SimuLand, an open-source lab environment that allows to reproduce the techniques used...Security Affairs
May 20, 2021
Comcast now blocks BGP hijacking attacks and route leaks with RPKI Full Text
Abstract
Comcast, one of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks. Left unchecked, a BGP route hijack or leak can cause a drastic surge in internet traffic that now gets misdirected or stuck, leading to global congestion and a Denial of Service (DoS).BleepingComputer
May 20, 2021
Microsoft releases SimuLand, a test lab for simulated cyberattacks Full Text
Abstract
Microsoft has released SimuLand, an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.BleepingComputer
May 20, 2021
Google Chrome Makes It Easier to Update Compromised Passwords Full Text
Abstract
Google is launching a new capability in Chrome to alert users when a password is compromised and automate the process of updating to a new one. The feature runs on Google's Duplex technology.Dark Reading
May 19, 2021
Mozilla Begins Rolling Out ‘Site Isolation’ Security Feature to Firefox Browser Full Text
Abstract
Mozilla has begun rolling out a new security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of side-channel attacks from malicious sites. Called "Site Isolation," the implementation loads each website separately in its own operating system process and, as a result, prevents untrusted code from a rogue website from accessing confidential information stored in other sites. "This fundamental redesign of Firefox's Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop," Mozilla said in a statement. "Isolating each site into a separate operating system process makes it even harder for malicious sites to read another site's secret or private data." The motivation for Site Isolation can be traced all the way back to January 2018 when Spectre and Meltdown vulnerabilities were publicly disThe Hacker News
May 19, 2021
A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser Full Text
Abstract
Google on Tuesday announced a new feature to its password manager that could be used to change a stolen password automatically with a single tap. Automated password changes build on the tool's ability to check the safety of saved passwords. Thus when Chrome finds a password that may have been compromised as part of a data breach, it will prompt users with an alert containing a "Change Password" button, tapping which "Chrome will not only navigate to the site, but also go through the entire process of changing your password." Enabling this in the background is Google's Duplex technology, which it debuted in 2018 and expanded in 2019 to support various functions in Google Assistant like booking a rental car, ordering food, and buying movie tickets. The search giant, however, noted that users could take over control at any point during the process and change the password manually. The feature is currently being rolled out in Chrome for Android to alThe Hacker News
May 18, 2021
Chrome now automatically fixes breached passwords on Android Full Text
Abstract
Google is rolling out a new Chrome on Android feature to help users change passwords leaked online following data breaches with a single tap.BleepingComputer
May 18, 2021
Mozilla starts rolling out Site Isolation to all Firefox channels Full Text
Abstract
Mozilla has started rolling out the Site Isolation security feature to all Firefox channels, now also protecting users in the Beta and Release channels from attacks launched via malicious websites.BleepingComputer
May 13, 2021
UK government releases free cyber-threat warning tool at annual CyberUK conference Full Text
Abstract
The tool, called Early Warning, is the latest Active Cyber Defence (ACD) service from the NCSC, and was launched on the opening day of the government agency’s annual conference.The Daily Swig
May 11, 2021
Microsoft Defender ATP now secures networked Linux, macOS devices Full Text
Abstract
Microsoft has added support for identifying and assessing the security configurations of Linux and macOS endpoints on enterprise networks using Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection).BleepingComputer
May 11, 2021
Google open sources cosign tool for verifying containers Full Text
Abstract
Google has released a new open-source tool called cosign that could allow administrators to sign and verify the container images. Google has released a new open-source tool called cosign that allows to sign, verify container images, it was developed...Security Affairs
May 11, 2021
Google Releases Open Source Tool for Verifying Containers Full Text
Abstract
Developed in collaboration with Linux Foundation’s sigstore project, the technology company said the motivation for cosign is “to make signatures invisible infrastructure.”Security Week
May 10, 2021
GitHub now supports security keys when using Git over SSH Full Text
Abstract
GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts.BleepingComputer
May 06, 2021
Google wants to enable multi-factor authentication by default Full Text
Abstract
Google strives to push all its users to start using two-factor authentication (2FA), which can block attackers from taking control of their accounts using compromised credentials or guessing their passwords.BleepingComputer
May 01, 2021
Office 365 security baseline adds macro signing, JScript protection Full Text
Abstract
Microsoft has updated the security baseline for Microsoft 365 Apps for enterprise (formerly Office 365 Professional Plus) to include protection from JScript code execution attacks and unsigned macros.BleepingComputer
April 28, 2021
Can the Bytecode Alliance secure the supply chain with WebAssembly? Full Text
Abstract
The Bytecode Alliance, which counts Intel, Mozilla, Microsoft, and Fastly among its members, announced that it formed a non-profit organization to focus on promoting WebAssembly (WASM) and the WebAssembly System Interface (WASI) as emerging standards that can fix some of the inherent weaknesses in the way software gets developed.SCMagazine
April 27, 2021
Microsoft Edge to add automatic HTTPS option for all domains Full Text
Abstract
Microsoft Edge will automatically redirect users to a secure HTTPS connection when visiting websites using the HTTP protocol, starting with version 92, coming in late July.BleepingComputer
April 26, 2021
NFC Forum specifications offer cryptology security for NFC application development Full Text
Abstract
The NFC Authentication Protocol 1.0 Specification (NAP 1.0) provides a framework for using cryptography to establish a secure channel and authentication as well as the bonding between two devices.Help Net Security
April 19, 2021
Infection Monkey: Open source tool allows zero trust assessment of AWS environments Full Text
Abstract
Using this tool, security professionals can conduct zero trust assessments of AWS environments to help identify the potential gaps in an organization’s AWS security posture that can put data at risk.Help Net Security
April 14, 2021
Microsoft Released CyberBattleSim – A Python-based Enterprise Environment Simulator Full Text
Abstract
Microsoft has recently announced the open-source availability of the Python-based enterprise environment simulator named ‘CyberBattleSim’. It is an experimental...Cyber Security News
April 11, 2021
Top 10 Best Free Penetration Testing Tools 2021 Full Text
Abstract
When we talk about the penetration Testing tools, we all know very well that the first thing that comes up to our...Cyber Security News
April 05, 2021
Microsoft Defender for Endpoint now supports Windows 10 Arm devices Full Text
Abstract
Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Defender antivirus, now comes with support for Windows 10 on Arm devices.BleepingComputer
April 1, 2021
Google Cloud And Deloitte Launch Security Analytics Platform Full Text
Abstract
Google Cloud and Deloitte have launched a new platform for enterprises aimed at helping companies thwart cyberthreats as the global workforce has gone remote and cloud usage has exploded.CRN
March 30, 2021
New ‘digital trust exchange’ removes risks of managing PII of job applicants Full Text
Abstract
The onus of responsible data stewardship fall on employing organizations, when in reality they’d probably prefer to move that burden elsewhere. Raj Ananthanpillai, CEO of Endera, believes he has created a solution to this problem.SCMagazine
March 25, 2021
Cloudflare Page Shield: Early warning system for malicious scripts Full Text
Abstract
Cloudflare has released a new feature that aims to protect websites from Magecart and other malicious JavaScript-based attacks.BleepingComputer
March 25, 2021
Chrome to defaults to HTTPS, as Google looks to improve privacy and loading speeds Full Text
Abstract
Chrome will start using the more secure protocol by default for all URLs typed in the address bar starting April 13.SCMagazine
March 25, 2021
Cloudflare Launches zero-trust Tool Designed to Help Protect Remote Employees from Cyberattacks Full Text
Abstract
Cloudflare is excited to announce that Cloudflare Browser Isolation is now available within Cloudflare for Teams suite of zero trust security and...Cyber Security News
March 24, 2021
Google Chrome will use HTTPS as default navigation protocol Full Text
Abstract
Google Chrome will switch to choosing HTTPS as the default protocol for all URLs typed in the address bar, starting with the web browser's next stable version.BleepingComputer
March 23, 2021
CISA Releases CHIRP Tool that Allows to Detect SolarWinds Malicious Activity Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has released Hunt and Incident Response Program (CHIRP) tool. CHIRP is a...Cyber Security News
March 21, 2021
CISA releases CHIRP, a tool to detect SolarWinds malicious activity Full Text
Abstract
US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise environments. US CISA released the CISA Hunt and Incident Response Program (CHIRP) tool, is a Python-based...Security Affairs
March 21, 2021
Microsoft Defender can now protect servers against ProxyLogon attacks Full Text
Abstract
Microsoft announced that its Defender Antivirus and System Center Endpoint Protection now protects users against attacks exploiting Exchange Server vulnerabilities. Microsoft announced this week that Defender Antivirus and System Center Endpoint Protection...Security Affairs
March 18, 2021
CISA releases new SolarWinds malicious activity detection tool Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments.BleepingComputer
March 18, 2021
WINTRIAGE: THE TRIAGE TOOL FOR WINDOWS DFIRERS Full Text
Abstract
Wintriage is a live response tool that extracts Windows artifacts, it allows to extract the most artifacts as possible, but in a selective way Throughout my life, my daily job has been purely related to cybersecurity. But the branch I like the most...Security Affairs
March 18, 2021
Facebook rolls out physical keys to guard against hacking mobile accounts Full Text
Abstract
Facebook on Thursday announced that iOS and Android mobile device users can now utilize physical security keys to verify their accounts and guard against hackers.The Hill
March 17, 2021
Dropbox to Make Password Manager Feature Free for All Users Full Text
Abstract
As of April, users can try a limited version of Dropbox Passwords free-of-chargeInfosecurity Magazine
March 17, 2021
Apple May Start Delivering Security Patches Separately From Other OS Updates Full Text
Abstract
Apple may be changing the way it delivers security patches to its devices running iOS and iPadOS mobile operating systems. According to code spotted in iOS 14.5, the iPhone maker is reportedly working on a method for delivering security fixes independently of other OS updates. The changes were first reported by the 9to5Mac website. While Google's Android has had monthly security patches rolled out that are completely divorced from the OS-related updates, iOS has no option to install a security update without upgrading to the latest version of the OS. But with this new setting called "Install Security Updates" added to the software update menu, it's expected that Apple will let users choose between either installing the entire iOS update or just the security updates, in a manner that echoes macOS. On Macs running older versions of the operating system such as macOS Mojave, Apple has offered standalone update packs, allowing users to get security patches and buThe Hacker News
March 16, 2021
Argon emerges from stealth as concern over software supply chain integrity peaks Full Text
Abstract
Argon’s main pitch — that it aims to secure the integrity of the software development and update process — has become increasingly relevant to industry following the SolarWinds breach.SCMagazine
March 16, 2021
Twitter Users Can Now Secure Accounts With Multiple Security Keys Full Text
Abstract
“Secure your account (and that alt) with multiple security keys. Now you can enroll and log in with more than one physical key on both mobile and web,” the company announced.Security Week
March 16, 2021
Twitter Updates 2FA to Enable Use of Multiple Security Keys Full Text
Abstract
Users will soon be able to use security keys as sole authentication methodInfosecurity Magazine
March 15, 2021
Twitter now supports multiple 2FA security keys on mobile and web Full Text
Abstract
Twitter has added support for multiple security keys to accounts with two-factor authentication (2FA) enabled for logging into the social network's web interface and mobile apps.BleepingComputer
March 15, 2021
GLEIF CA Stakeholder Group accelerates integration of LEIs in digital certificates Full Text
Abstract
In accordance with ISO 17442-2, the CA Stakeholder Group will develop and promote best practice guidelines and use cases for LEI integration across the digital identity industry.Help Net Security
March 12, 2021
Netflix Introduces Measures to Prevent Password Sharing Full Text
Abstract
Users can verify if they are able to access a particular account according to Netflix terms of serviceInfosecurity Magazine
March 11, 2021
Free sigstore signing service confirms software origin and authenticity Full Text
Abstract
sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log.Help Net Security
March 10, 2021
Linux Foundation unveils Sigstore — a Let’s Encrypt for code signing Full Text
Abstract
The Linux Foundation, Red Hat, Google, and Purdue have unveiled the free 'sigstore' service that lets developers code-sign and verify open source software to prevent supply-chain attacks.BleepingComputer
March 10, 2021
Linux Foundation unveils Sigstore — a Let’s Encrypt for code signing Full Text
Abstract
The Linux Foundation, Red Hat, Google, and Purdue have unveiled the free 'sigstore' service that lets developers code-sign and verify open source software to prevent supply-chain attacks.BleepingComputer
March 10, 2021
WhatsApp to password protect your chat backups on Cloud Full Text
Abstract
The chat database is already encrypted now (excluding media), but the algorithm is reversible and it's not end-to-end encrypted. Local Android backups will be compatible with this feature.The Times Of India
March 9, 2021
Linux Foundation launches software signing service Full Text
Abstract
The sigstore project, a free-to-use software signing certificate authority available to all developers, opens with Google, Purdue University and Red Hat as founding members.SCMagazine
March 9, 2021
Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs Full Text
Abstract
Administrators could use MSERT to make a full scan of the install or they can perform a ‘Customized scan’ of the paths where malicious files from the threat actor have been observed.Security Affairs
March 07, 2021
Microsoft Office 365 gets protection against malicious XLM macros Full Text
Abstract
Microsoft has added XLM macro protection for Microsoft 365 customers by expanding the runtime defense provided by Office 365's integration with Antimalware Scan Interface (AMSI) to include Excel 4.0 (XLM) macro scanning.BleepingComputer
March 4, 2021
Top 10 Best Open Source Firewall to Protect Your Enterprise Network 2021 Full Text
Abstract
Open Source Firewall is best known for protecting the network from a threat by filtering the inbound and outbound traffic and ensure...Cyber Security News
March 03, 2021
Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams Full Text
Abstract
The attack surface is virtually expanding before our eyes. Protecting assets across multiple locations, with multiple solutions from different vendors, has become a daily concern for CISOs globally. In a new e-book recently published ( download here ), CISOs with small security teams talk about the drivers for replacing their EDR/NGAV solutions with an Autonomous XDR solution and why they believe consolidation provides significant benefits to organization and team. The first topic discussed is the need to ensure coverage and have optimal visibility in order to uncover even stealthy threats. Organizations keep adding more and more security solutions that extend visibility, yet these solutions need to be maintained, monitored, and managed, taking up quite a bit of the analyst's time. In addition, these systems each provide some visibility leaving the analysts to make contextual connections and create the complete attack storyline. Unfortunately, these processes take time, and sThe Hacker News
March 2, 2021
Google Cloud boosts customers’ insurance with a new, optional data tool Full Text
Abstract
Customers on Google Cloud are now able to use a diagnostic tool called “Risk Manager” to evaluate cyber hygiene. In doing so, and in sharing the results with Munich Re and Allianz, the insurers will offer expanded coverage options.SCMagazine
March 2, 2021
Pwn20wnd released the unc0ver v 6.0 jailbreaking tool Full Text
Abstract
The popular jailbreaking tool called "unc0ver" now supports iOS 14.3 and earlier releases, and is able to unlock almost every iPhone device. Pwn20wnd, the author of the jailbreaking tool "unc0ver," has updated their software to support iOS 14.3 and earlier...Security Affairs
March 2, 2021
Jailbreak Tool Works on iPhones Up to iOS 14.3 Full Text
Abstract
The UnC0ver team took advantage of an iOS flaw patched in January in its latest tool allowing developers and other enthusiasts to hack into their own devices.Threatpost
March 02, 2021
Microsoft announces Windows Server 2022 with new security features Full Text
Abstract
Microsoft says that Windows Server 2022 will come with security improvements and will bring Secured-core to the Windows Server platform for added protection against a wide range of threats.BleepingComputer
March 2, 2021
Hackers Release New Jailbreak Tool for Almost Every iPhone Full Text
Abstract
The Unc0ver hacking team released its latest jailbreaking tool this weekend, and says it works on iOS 11 (iPhone 5s and later) to iOS 14.3, which Apple released in December.TechCrunch
March 02, 2021
Microsoft Teams adds end-to-end encryption (E2EE) to one-on-one calls Full Text
Abstract
Microsoft adds new security, privacy, and compliance features to the Microsoft Teams chat and collaboration solution, including end-to-end encryption support for one-on-one calls.BleepingComputer
March 2, 2021
Scientists have built this ultrafast laser-powered random number generator Full Text
Abstract
Using a single, chip-scale laser, scientists have managed to generate streams of completely random numbers at about 100 times the speed of the currently fastest random-numbers generator systems.ZDNet
March 02, 2021
Microsoft 365 Defender Threat Analytics enters public preview Full Text
Abstract
Microsoft announced the addition of Threat Analytics for Microsoft 365 Defender customers and the roll-out of Microsoft 365 Insider Risk Management Analytics, both in public preview.BleepingComputer
March 1, 2021
Self-Assessment Tool Aims to Enhance Small Biz Security Full Text
Abstract
Micro-businesses and sole traders urged to take the testInfosecurity Magazine
March 1, 2021
New tool spots to identify security and privacy issues with COVID-19 tracing apps Full Text
Abstract
"COVIDGuardian", the first automated security and privacy assessment tool, tests contact tracing apps for potential threats such as malware, embedded trackers, and private information leakage.The Times Of India
February 26, 2021
Microsoft makes CodeQL queries public so security pros can better understand SolarWinds attack Full Text
Abstract
Microsoft won praise from security researchers by making its CodeQL queries public so any organization could use the open source tools to analyze if they experienced any vulnerabilities from the SolarWinds hack or similar supply chain attacks.SCMagazine
February 26, 2021
Microsoft releases open-source CodeQL queries to assess Solorigate compromise Full Text
Abstract
Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during...Security Affairs
February 26, 2021
Analyzing the Security of eBPF Maps Full Text
Abstract
eBPF enables auditing and filtering of high-volume events, such as network packets or system calls, without the security or the stability overhead of a custom kernel module.Crowdstrike
February 25, 2021
Microsoft shares CodeQL queries to scan code for SolarWinds-like implants Full Text
Abstract
Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack.BleepingComputer
February 25, 2021
The Top Free Tools for Sysadmins in 2021 Full Text
Abstract
It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you're a sysadmin seeking to simplify your workflows, you're in luck. We've gathered some excellent software picks to help tackle different duties more efficiently. Thankfully, these free tools are also respectful of tight budgets—without sacrificing core functionality. Best for Permissions Management: SolarWinds Permissions Analyzer for Active Directory Whether you are part of an organization with many members or numerous resources, keeping track of permissions can be challenging. Changes in responsibilities, titles, or even employment statuses can influence one's access to proprietary data. Each user has unique privileges. We not only need to visualize these but manage them onThe Hacker News
February 24, 2021
Firefox’s Total Cookie Protection aims to stop tracking between multiple sites Full Text
Abstract
The feature is included in the web browser's latest release — alongside multiple picture-in-picture views — and essentially works by keeping cookies isolated between each site you visit.Engadget
February 23, 2021
Google adds Password Checkup support to Android autofill Full Text
Abstract
Google is adding support for the Password Checkup service to Android applications through the passwords autofill feature to warn users if their saved passwords have been compromised or leaked in data breaches.BleepingComputer
February 22, 2021
CIS Offers Free DNS Security Tool for US Hospitals Full Text
Abstract
Akamai-powered MDBR service blocks traffic to suspicious domainsInfosecurity Magazine
February 21, 2021
New Chrome for iOS feature locks Incognito tabs with Face ID Full Text
Abstract
Google Chrome for iOS is getting a new privacy feature that lets you lock your opened Incognito tabs behind your iPhone's Face ID or Touch ID biometric authentication features.BleepingComputer
February 21, 2021
Chrome for iOS will let you lock Incognito mode with Face ID Full Text
Abstract
Google Chrome for iOS is getting a new privacy feature that lets you lock your opened Incognito tabs behind your iPhone's Face ID or Touch ID biometric authentication features.BleepingComputer
February 19, 2021
Apple adds ‘BlastDoor’ security feature to fight iMessage hacks Full Text
Abstract
While largely invisible to users, BlastDoor is present on iOS 14, the most recent version of Apple’s iPhone operating system, and systems for all its other devices, company officials said.Reuters
February 18, 2021
Apple touts M1 features in updated security guide, days after malicious code discovery Full Text
Abstract
Apple released substantial updates Thursday to its Platform Security Guide – the first revision since April, and the first in the era of Apple’s self-designed M1 chips.SCMagazine
February 17, 2021
Most businesses plan to move away from VPNs, adopt a zero-trust access model Full Text
Abstract
Growing security risks have prompted companies to move away from virtual private networks (VPNs) in favor of a zero-trust model. Most organizations, 72 percent, plan to ditch VPNs, according to Zscaler’s 2021 VPN Risk Report, which found that 67 percent of organizations are considering remote access alternatives. “It’s encouraging to see that enterprises understand that…SCMagazine
February 17, 2021
Unleash the Power of MITRE ATT&CK for a More Mature SOC Full Text
Abstract
The ATT&CK knowledge base is used as a foundation for building specific threat models and methodologies in the private sector, governments, and the cybersecurity products and services world.Security Intelligence
February 16, 2021
Microsoft releases Azure Firewall Premium in public preview Full Text
Abstract
Microsoft has announced that the new Premium tier for its managed cloud-based network security service Azure Firewall has entered public preview starting today.BleepingComputer
February 16, 2021
Microsoft Edge is getting a new child-friendly Kids Mode Full Text
Abstract
Microsoft is adding a new 'Kids Mode' to the Microsoft Edge browser that provides a safe environment for children to browse the web and consume family-friendly content.BleepingComputer
February 16, 2021
Microsoft Edge is getting a new child-friendly Kids Mode Full Text
Abstract
Microsoft is adding a new 'Kids Mode' to the Microsoft Edge browser that provides a safe environment for children to browse the web and consume family-friendly content.BleepingComputer
February 14, 2021
Google Chrome, Microsoft Edge getting this Intel security feature Full Text
Abstract
Chromium-based browsers such as Microsoft Edge and Google Chrome will soon support the Intel CET security feature to prevent a wide range of vulnerabilities.BleepingComputer
February 10, 2021
Microsoft now forces secure RPC to block Windows Zerologon attacks Full Text
Abstract
Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates.BleepingComputer
February 10, 2021
Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack Full Text
Abstract
Remote access to industrial facilities can be architected safely. But the best architecture can also be circumvented by attackers with unapproved software such as TeamViewer.Dragos
February 09, 2021
Google expands election security aid for federal, state campaigns Full Text
Abstract
Google announced Tuesday it is expanding its efforts around election security by providing free training to state and federal campaigns in all 50 states.The Hill
February 09, 2021
Office 365 will help admins find impersonation attack targets Full Text
Abstract
Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap.BleepingComputer
February 9, 2021
Microsoft to add ‘nation-state activity alerts’ to Defender for Office 365 Full Text
Abstract
Microsoft is working on adding a new security alert to the dashboard of Microsoft Defender for Office 365 to notify companies when their employees are being targeted by nation-state threat actors.ZDNet
February 8, 2021
Open-source tool BlobHunter helps pinpoint public Azure blobs that might contain sensitive files Full Text
Abstract
CyberArk researchers have released BlobHunter, an open-source tool organizations can use to discover Azure blobs containing sensitive files they have inadvertently made public.Help Net Security
February 5, 2021
Open-source tool for hardening commonly used HMI/SCADA system Full Text
Abstract
Otorio, a provider of OT security and digital risk management solutions, released an open-source tool designed for hardening the security of GE Digital’s CIMPLICITY, a commonly used HMI/SCADA system.Help Net Security
February 4, 2021
SonicWall released patch for actively exploited SMA 100 zero-day Full Text
Abstract
SonicWall has released a security patch to address the zero-day flaw actively exploited in attacks against the SMA 100 series appliances. SonicWall this week released firmware updates (version 10.2.0.5-29sv) to address an actively exploited zero-day...Security Affairs
February 4, 2021
RF Enables Takeover of Hostile Drones Full Text
Abstract
Various kinds of drones are increasingly breaching the security lines of restricted areas, and whenever a drone crosses into an unauthorized territory, security teams must determine if it's hostile.Dark Reading
February 4, 2021
Cisco fixes critical remote code execution issues in SMB VPN routers Full Text
Abstract
Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers....Security Affairs
February 3, 2021
OBIE Launches Free Tool to Fight Open Banking Fraud Full Text
Abstract
New tool is freely available to all firms enrolled in the OBIE DirectoryInfosecurity Magazine
February 02, 2021
Microsoft Defender now detects macOS system, app vulnerabilities Full Text
Abstract
Microsoft announced that Defender for Endpoint will now also help admins discover OS and software vulnerabilities affecting macOS devices on their organization's network.BleepingComputer
February 1, 2021
SC Product Reviews: Identity & Access Management Full Text
Abstract
The identity and access management solutions reviewed here guard the proverbial gates of critical organization resources, checking the IDs of everyone that attempts to enter, ensuring identities match end-user claims and privileged access is sufficient for entry.SCMagazine
February 1, 2021
SC Product Reviews: Identity & Access Management Full Text
Abstract
Editor’s Note: This set of reviews originally appeared in June 2020. To find out more about SC Labs, contact Adrian Sanabria at [email protected] This month, SC Labs assessed several identity and access management solutions. This review comes at a relevant time with the recent events surrounding COVID-19 and the global shift to working from home. The…SCMagazine
February 1, 2021
SC Product Reviews: Identity & Access Management Full Text
Abstract
Editor’s Note: This set of reviews originally appeared in June 2020. To find out more about SC Labs, contact Adrian Sanabria at [email protected] This month, SC Labs assessed several identity and access management solutions. This review comes at a relevant time with the recent events surrounding COVID-19 and the global shift to working from home. The…SCMagazine
February 1, 2021
Facial Recognition Ethical Framework Launched by BSIA Full Text
Abstract
Guide encompasses useful terms, abbreviations and ethical issuesInfosecurity Magazine
January 29, 2021
Google uncovers new iOS security feature Apple quietly added after zero-day attacks Full Text
Abstract
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed " BlastDoor ," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project Zero, a team of security researchers at Google tasked with studying zero-day vulnerabilities in hardware and software systems. "One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed 'BlastDoor' service which is now responsible for almost all parsing of untrusted data in iMessages," Groß said . "Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base." The development is a consequence of a zero-click exploit that leveraged an Apple iMeThe Hacker News
January 28, 2021
Return to SMS as Security Feature Full Text
Abstract
Use of SMS as security feature grows by over 100% during pandemicInfosecurity Magazine
January 28, 2021
Apple says new privacy notifications to roll out in ‘early spring’ Full Text
Abstract
Apple said that new privacy pop-up notifications will start appearing on most iPhones as soon as early spring, a requirement that major digital ad firms have warned will harm their businesses.Cyber News
January 28, 2021
Google Chrome blocks 7 more ports to stop NAT Slipstreaming attacks Full Text
Abstract
Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability.BleepingComputer
January 28, 2021
TeamTNT group adds new detection evasion tool to its Linux miner Full Text
Abstract
The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion...Security Affairs
January 28, 2021
Chromebooks will now let you sign into websites with your fingerprint Full Text
Abstract
Google has finally brought Web Authentication (WebAuthn) passwordless authentication to Chrome OS to allow users to sign in to websites with a PIN or fingerprint used to unlock a Chromebook.ZDNet
January 28, 2021
Remote Workers Could Offer Brexit Britain Cybersecurity Lifeline Full Text
Abstract
CrowdStrike study reveals many IT leaders are concerned at hiring freezeInfosecurity Magazine
January 27, 2021
Microsoft rolls out Application Guard for Office to all customers Full Text
Abstract
Microsoft has announced that Application Guard for Office is now generally available for all Microsoft 365 users with supported licenses.BleepingComputer
January 27, 2021
Mitigating Abuse of Android Application Permissions and Special App Accesses Full Text
Abstract
Mobile devices commonly run a variety of applications that have the potential to contain exploitable vulnerabilities or deliberate malicious behaviors that exploit specific app permissions.Medium
January 27, 2021
Using the Manager Attribute in Active Directory (AD) for Password Resets Full Text
Abstract
Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic. With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have to bolster security around resetting passwords on user accounts. How can organizations bolster the security of password resets for remote workers? One security workflow might involve having manager approval before IT helpdesk technicians can change a remote worker's password. In this way, the user's manager is involved in the process. Additionally, some organizations might opt to allow managers themselves the ability to change end-user passwords. How can this be configured in Active Directory? Also, is there a more seamless solution for requiring manager approval for password resets? Why password reset security is critical This past year has undoubtedly created many IT helpdesk stThe Hacker News
January 27, 2021
Deloitte bolsters cyber threat hunting capabilities with acquisition of Root9B Full Text
Abstract
The deal will bolster its Detect and Respond cyber client offering with R9B’s deeply experienced cyber operations professionals and its award-winning threat-hunting and risk assessment solutions.Help Net Security
January 26, 2021
Google to offer suite of new zero trust capabilities through Chrome browser Full Text
Abstract
With backing from Google infrastructure and support from a host of industry partners, the features have the potential to significantly expand the footprint of zero trust solutions within industry and government.SCMagazine
January 26, 2021
Mastercard Introduces Quantum-Resistant Specs to Enhance Contactless Security Full Text
Abstract
Standards designed to provide a more secure contactless experienceInfosecurity Magazine
January 25, 2021
Zero trust: A solution to many cybersecurity problems Full Text
Abstract
CISOs of organizations that have been hit by the attackers who compromised SolarWinds Orion are now mulling over how to make sure that they’ve eradicated the attackers’ presence from their networks.Help Net Security
January 22, 2021
Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs Full Text
Abstract
Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to weaponize network observables against sophisticated attackers.SCMagazine
January 22, 2021
Defense More Effective Than Offense in Curbing Nation State Threat Actors Full Text
Abstract
Innovative cybersecurity solutions key to preventing attacks such as SolarWindsInfosecurity Magazine
January 21, 2021
Microsoft Edge gets a password generator, leaked credentials monitor Full Text
Abstract
Microsoft is rolling out a built-in password generator and a leaked credentials monitoring feature on Windows and macOS systems running the latest Microsoft Edge version.BleepingComputer
January 20, 2021
Google Chrome now checks for weak passwords, helps fix them Full Text
Abstract
Google has added a new feature to the Chrome web browser that will make it easier for users to check if their stored passwords are weak and easy to guess.BleepingComputer
January 20, 2021
FireEye releases an auditing tool to detect SolarWinds hackers’ activity Full Text
Abstract
Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers...Security Affairs
January 19, 2021
FireEye releases tool for auditing networks for techniques used by SolarWinds hackers Full Text
Abstract
FireEye released a free tool on GitHub named Azure AD Investigator that can help companies determine if the SolarWinds hackers (aka UNC2452) used any of their attack techniques inside their networks.ZDNet
January 19, 2021
Microsoft Defender is boosting its response to malware attacks by changing a key setting Full Text
Abstract
Microsoft is stepping up security for users of Microsoft Defender for Endpoint by changing a key setting, switching the default from optional automatic malware fixes to fully automatic remediation.ZDNet
January 18, 2021
Microsoft Defender to enable full auto-remediation by default Full Text
Abstract
Microsoft will enable fully automated threat remediation by default for Microsoft Defender for Endpoint customers who have opted into public previews starting next month, on February 16, 2021.BleepingComputer
January 15, 2021
NCSC Reveals New Solution to Protect Remote Public Sector Workers Full Text
Abstract
Solution enables existing PDNS solution to extend beyond the enterprise networkInfosecurity Magazine