Microsoft this week announced the public preview of a new feature that allows enterprise users to check their Azure Active Directory sign-ins for any unusual activity. Dubbed Azure AD My Sign-In, the new feature provides users with information on any attempts to guess a password, tells them whether the attacker managed to successfully sign in to the account, and what apps they attempted to access. The sign-in activity information users…
ATLANTA — SECURITYWEEK 2019 ICS CYBER SECURITY CONFERENCE — Outdated and unsupported operating systems are still present and they still pose a serious risk in many industrial organizations, according to a new report from industrial cybersecurity firm CyberX. The company’s 2020 Global IoT/ICS Risk Report is based on data passively collected by CyberX from over 1,800 networks around the world between October 2018 and October 2019. It’s worth mentioning that…
Facebook said Monday it was tightening its security for the 2020 US elections, amid signs of fresh activity from Russia attacking Democratic presidential candidates, including Joe Biden. The leading social network said it was taking down more accounts for “inauthentic” activity and stepping up scrutiny of “state controlled” media seeking to manipulate American voters. As Facebook unveiled its latest steps, an analysis of activity on the social platform released by…
VPN providers TorGuard and NordVPN have responded to reports that their systems have been breached, and both blame the incident on a third-party service provider. Hackers have leaked private RSA keys and information on configuration files that were stolen from a NordVPN server last year. At least three private keys appear to have been stolen from the server, including one from an older NordVPN website certificate and two OpenVPN keys….
Google has improved the Site Isolation feature in Chrome to help defend against more types of attacks. Through Site Isolation, Chrome was so far able to defend against side-channel attacks such as Spectre, which could leak data from a given renderer process. Now, it can handle attacks where the renderer process is fully compromised via a security bug, such as memory corruption or Universal Cross-Site Scripting (UXSS), the Internet giant…
Two bills, currently in the Senate, have the potential to change the U.S. cybersecurity landscape if passed into law. The first is the ‘Cybersecurity Disclosure Act of 2019’, introduced by Senator Jack Reed (D-RI) on 28 February 2019. The second is the ‘Mind Your Own Business Act of 2019’, introduced by Senator Ron Wyden (D-OR) last week on 17 October 2019. The Cybersecurity Disclosure Act of 2019 is a relatively…
Trend Micro on Monday announced the acquisition of cloud security company Cloud Conformity for $70 million. Founded in Australia, Cloud Conformity specializes in cloud security posture management (CSPM) and it provides cloud security, governance and compliance solutions for organizations using AWS, Microsoft Azure and Google Cloud. By acquiring Cloud Conformity, Trend Micro wants to expand the types of cloud services it can secure, particularly when it comes to infrastructure misconfigurations….
On the first Saturday in March, computer screens at the 911 dispatch center in this small town went dark. Staff at the county jail around the same time could no longer open cell doors remotely with electronic controls, and sheriff’s deputies lost the use of their laptops to look up license plates. Jackson County was under a ransomware attack. “It really crippled us as far as just made it harder…
Czech police and intelligence services said on Monday they had busted a Russian espionage network operating through its Prague embassy. It was allegedly set up to attack Czech and foreign targets through computer servers. “The network was completely destroyed and decimated,” Michal Koudelka, head of the Czech Republic’s BIS intelligence service, said in parliament, quoted by the Czech CTK news agency. He said it was part of another chain created…
An unknown threat actor managed to access Avast’s network in yet another supply chain compromise attempt, the security company announced on Monday. Detected at the end of September, the intrusion involved the use of a temporary VPN profile that had been kept alive although it did not have two-factor authentication enabled. The attackers had been using the profile for unauthorized access to Avast’s network since May 14, 2019. Avast says…