5G Security in the Balance as Britain Navigates Brexit

Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime PM Boris Johnson: US ‘Must Tell Us What’s the Alternative’ to Chinese-Made Gear Mathew J. Schwartz (euroinfosec) • January 15, 2020     British Prime Minister Boris Johnson speaks to BBC Breakfast on Tuesday. Britain continues to collectively debate its existential future, including the meaning and timing of its so-called “Brexit” from the European Union. The British government’s…

January 15, 2020
Read More >>

Organizations Feel Threat of Nation-State Attacks, Survey Shows

An increasing number of companies believe they are being targeted by state-sponsored hacking groups, a new survey shows.  According to Radware’s latest Global Application & Network Security Report, of 561 respondents representing a broad range of organizations worldwide, 27% said their company was hit by nation-state hackers in 2019, a 42% increase compared to 2018, when only 19% of respondents claimed they experienced such attacks.  With the challenges of attack…

January 15, 2020
Read More >>

Policy Compliance Library Updates, January 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices. In order to keep up with the latest changes in security control…

January 15, 2020
Read More >>

‘Wartime’ Security Mentality Revisited

Five years ago, cybersecurity executive Dave Merkel called upon enterprises to shed their “peacetime” mindsets and adopt a “wartime” stance against persistent cybercriminals and nation-state actors. How have they risen to that challenge? Merkel was CTO of cybsecurity vendor FireEye at the time of that interview (see: Advanced Threats: Prepare for War). Today, as co-founder and CEO of managed security service provider Expel, he revisits this conversation about adopting the…

January 15, 2020
Read More >>

Trusona Raises $20 Million in Series C Funding Round

Passwordless multi-factor authentication technology provider Trusona this week announced it has raised $20 million as part of a Series C funding round led by Georgian Partners. Scottsdale, Arizona-based Trusona was founded in 2015 by Ori Eisen, who also acts as CEO. The company’s platform is used by organizations in the financial services, healthcare, higher education, media, and other industries. The company plans on using the new funds to expand operations…

January 15, 2020
Read More >>

Introducing Periscope: Out-of-Band Vulnerability Detection Mechanism in Qualys WAS

Web applications and REST APIs can be susceptible to a certain class of vulnerabilities that can’t be detected by a traditional HTTP request-response interaction.  These vulnerabilities are challenging to find but provide a way for attackers to target otherwise inaccessible, internal systems.  An attacker can potentially use this to their advantage.  Essentially, a vulnerable application (or API) can be used as a proxy for an attack against a separate internal…

January 15, 2020
Read More >>

Vulnerabilities Found in VMware Tools, Workspace ONE SDK

VMware on Tuesday advised customers using VMware Tools version 10 for Windows to update their installations to version 11 due to a local privilege escalation vulnerability. According to the virtualization giant, the repair operation in VMware Tools 10.x.y is affected by a race condition that allows an attacker who has access to the guest virtual machine to escalate their privileges. The company says VMware Tools 11.0.0 is not affected as…

January 15, 2020
Read More >>

Oracle’s January 2020 CPU Delivers 334 New Patches

Oracle has released its first Critical Patch Update (CPU) for 2020, which includes a total of 334 new security patches across multiple product families. More than half (192) of the security fixes address vulnerabilities that can be exploited remotely without authentication, Oracle reveals in its advisory. Moreover, the company notes that 40 of the new patches address critical issues. This month, Enterprise Manager was the most affected, with 50 patches…

January 15, 2020
Read More >>