How to Comprehend the Buzz About Honeypots

Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization. (image by Jag_cz, via Adobe Stock) Everyone in security wants to know how criminals do their work… but everyone in security would rather watch cybercriminals’ handiwork while it plucks apart someone else’s computing infrastructure, not their own. Understanding your…

January 15, 2020
Read More >>

How SD-WAN Helps Achieve Data Security and Threat Protection

Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility. Retail and banking technology professionals are keenly aware of the large number of devices that connect to their enterprise’s network via Ethernet and Wi-Fi. IT sprawl at each branch adds complexity to network visibility and security, and that complexity means increased risk of a breach. Endpoint security alone, without proper edge security, won’t be…

January 15, 2020
Read More >>

Microsoft Patches Windows Vuln Discovered by the NSA

The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security. The first Patch Tuesday of 2020 has the industry buzzing about 49 CVEs, in particular a Windows CryptoAPI spoofing vulnerability disclosed to Microsoft by the US National Security Agency (NSA). CVE-2020-0601, which affects Windows’ cryptographic functionality, exists in Windows 10, Windows Server 2016,…

January 15, 2020
Read More >>

Cloud Adoption & Technology Change Create Gaps in Enterprise Security

Many companies are struggling to get a handle on risk exposure because of visibility issues, Radware survey shows. Many businesses that are transitioning to public cloud environments, microservices architectures, and 5G networks are creating new blind spots in the attack surface for criminals to leverage, according to a new report from Radware. The security vendor recently surveyed more than 560 security professionals from small and large companies around the world…

January 15, 2020
Read More >>

‘Fancy Bear’ Targets Ukrainian Oil Firm Burisma in Phishing Attack

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2020-6306PUBLISHED: 2020-01-14 Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17). CVE-2020-6307PUBLISHED: 2020-01-14 Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. CVE-2015-4107PUBLISHED: 2020-01-14 **…

January 14, 2020
Read More >>

Google: Chrome Will Remove Third-Party Cookies and Tracking

It’s “not about blocking” but removing them altogether, the company said. Google plans to stop supporting third-party cookies in its Chrome browser within two years as part of its user-privacy initiative. In a blog post today, Justin Schuh, director of Chrome Engineering at Google, said the company believes its Privacy Sandbox open standards effort for Web privacy and other industry programs will support both user privacy and business requirements for…

January 14, 2020
Read More >>

Attackers Increasingly Focus on Business Disruption

Network intruders are staying undetected for an average of 95 days, enabling them to target critical systems and more completely disrupt business. More cyberattackers are targeting large companies with stealthier attacks, aiming to significantly disrupt businesses and force them to pay higher ransoms, according to a report summarizing more than 300 breach investigations. The “CrowdStrike Services Cyber Front Lines Report” found that 36% of incidents aimed to disrupt business or…

January 14, 2020
Read More >>

Global Predictions for Energy Cyber Resilience in 2020

How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch. The new year is shaping up to be a year of giant leaps for cybersecurity and the energy sector. The escalation of attacks brought us to a tipping point in 2019. Across the energy sector, leaders now recognize we need to step up defenses to meet the threat…

January 14, 2020
Read More >>

Consumer Reports Calls for IoT Manufacturers to Raise Security Standards

A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards. Consumer Reports has issued a letter to 25 connected camera manufacturers, urging them to adopt stronger security and privacy measures for cameras, doorbells, and security systems. The letter is directed to companies including ADT/LifeShield, Guardzilla, Honeywell Home, Google/Nest, Ring, SimpliSafe, TP-Link, and Samsung SmartThings. In it, Consumer Reports’ Policy Counsel Katie McInnis…

January 14, 2020
Read More >>

Dustman Attack Underscores Iran’s Cyber Capabilities

For nearly six months, an attack group linked to Iran reportedly had access to the network of Bahrain’s national oil company, Bapco, before it executed a destructive payload. On December 29, a group of attackers used a data-deleting program known as a “wiper” to attempt to destroy data on systems at Bahrain’s national oil company, overwriting data with a string of characters including the phrases “Down With Bin Salman” and…

January 14, 2020
Read More >>