Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization. (image by Jag_cz, via Adobe Stock) Everyone in security wants to know how criminals do their work… but everyone in security would rather watch cybercriminals’ handiwork while it plucks apart someone else’s computing infrastructure, not their own. Understanding your…

Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility. Retail and banking technology professionals are keenly aware of the large number of devices that connect to their enterprise’s network via Ethernet and Wi-Fi. IT sprawl at each branch adds complexity to network visibility and security, and that complexity means increased risk of a breach. Endpoint security alone, without proper edge security, won’t be…

The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security. The first Patch Tuesday of 2020 has the industry buzzing about 49 CVEs, in particular a Windows CryptoAPI spoofing vulnerability disclosed to Microsoft by the US National Security Agency (NSA). CVE-2020-0601, which affects Windows’ cryptographic functionality, exists in Windows 10, Windows Server 2016,…

Many companies are struggling to get a handle on risk exposure because of visibility issues, Radware survey shows. Many businesses that are transitioning to public cloud environments, microservices architectures, and 5G networks are creating new blind spots in the attack surface for criminals to leverage, according to a new report from Radware. The security vendor recently surveyed more than 560 security professionals from small and large companies around the world…

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2020-6306PUBLISHED: 2020-01-14 Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17). CVE-2020-6307PUBLISHED: 2020-01-14 Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. CVE-2015-4107PUBLISHED: 2020-01-14 **…

It’s “not about blocking” but removing them altogether, the company said. Google plans to stop supporting third-party cookies in its Chrome browser within two years as part of its user-privacy initiative. In a blog post today, Justin Schuh, director of Chrome Engineering at Google, said the company believes its Privacy Sandbox open standards effort for Web privacy and other industry programs will support both user privacy and business requirements for…

Network intruders are staying undetected for an average of 95 days, enabling them to target critical systems and more completely disrupt business. More cyberattackers are targeting large companies with stealthier attacks, aiming to significantly disrupt businesses and force them to pay higher ransoms, according to a report summarizing more than 300 breach investigations. The “CrowdStrike Services Cyber Front Lines Report” found that 36% of incidents aimed to disrupt business or…

How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch. The new year is shaping up to be a year of giant leaps for cybersecurity and the energy sector. The escalation of attacks brought us to a tipping point in 2019. Across the energy sector, leaders now recognize we need to step up defenses to meet the threat…

A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards. Consumer Reports has issued a letter to 25 connected camera manufacturers, urging them to adopt stronger security and privacy measures for cameras, doorbells, and security systems. The letter is directed to companies including ADT/LifeShield, Guardzilla, Honeywell Home, Google/Nest, Ring, SimpliSafe, TP-Link, and Samsung SmartThings. In it, Consumer Reports’ Policy Counsel Katie McInnis…

For nearly six months, an attack group linked to Iran reportedly had access to the network of Bahrain’s national oil company, Bapco, before it executed a destructive payload. On December 29, a group of attackers used a data-deleting program known as a “wiper” to attempt to destroy data on systems at Bahrain’s national oil company, overwriting data with a string of characters including the phrases “Down With Bin Salman” and…