Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Palo Alto fixes nine vulnerabilities in PAN-OS

Palo Alto Networks has fixed nine vulnerabilities in its PAN-OS operating system for versions 8.1 or later. The CVSS scores ranged from a high of 9.8 to a low of 3.3. While none of the vulnerabilities were used by attackers in the wild, security researchers from Tenable and Positive Technologies published advisories letting Palo Alto…

What’s really changed three years after Equifax breach?

Are organizations better off today than they were three years ago when a devastating breach at Equifax exposed sensitive customer data and poor security practices in equal measure? The consensus among experts is that companies still have a ways to go. “Unfortunately, not much has changed,” said Greg Foss, senior threat researcher from VMware Carbon…

New Zeppelin strand avoids AV detection with trojan downloader

A fresh wave of Zeppelin ransomware attacks discovered in late August went undetected by antivirus defenses as the result of a new trojan downloader and research suggests the attacks might be targeted. The presumably targeted infections were announced in a blog post by Juniper Threat Labs researcher Asher Langton. “This campaign shows an evolution of…

Cyber Threat Alliance CEO and former White House cyber czar on playing well with others

There’s a good chance that, somewhere within a company’s security stack is at least one product from any of the 26 vendors in the Cyber Threat Alliance – a behind-the-scenes industry threat sharing group that this week announced its 100 millionth shared observable data point.   CTA includes such industry mainstays as Cisco, Palo Alto Networks, and Symantec, as well as sector-specific…

Hacker-for-hire groups profit by commoditizing APT tactics

In the span of just over three months, researchers have exposed three mercenary, “hacker-for-hire” groups engaging in industrial espionage and stealing corporate secrets for profit. Despite using tactics, techniques and procedures that are more typical of a nation-state ATP group, these threat actors –  Dark Basin, DeathStalker and an unnamed third entity group detailed late last month by Bitdefender –…

Threat gardening: What CISOs can learn from ‘mystery seeds’

In July, thousands of Americans started to complain about unsolicited packages of seeds mailed from China. And despite not knowing exactly what the seeds were, and holding suspicions that something nefarious was afoot, many recipients planted them. The parallels between the mystery seeds and phishing attacks are unmistakable and can serve as a cautionary tale…

Adobe releases update to patch critical flaws that could leave networks, data vulnerable

Adobe Tuesday released critical security updates for Adobe InDesign, Framemaker and Experience Manager, addressing multiple vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned.   “While only a few are marked critical, even less critical vulnerabilities are targeted and exploited to gain access to a system, which…

Microsoft fixes 129 flaws, 23 critical, in massive Patch Tuesday

In a Patch Tuesday to rival June’s security update,  Microsoft fixed 129 new software vulnerabilities, including 23 critical flaws, impacting multiple platforms, including the Windows Graphic Device Interfaces (GDI), Microsoft SharePoint and Microsoft Exchange Server. Justin Knapp, Automox product marketing manager, attributed the patch laundry list to a remote workforce not going back to offices en masse…

No more excuses: how to build a diverse workforce now

For such a vibrant, innovative industry, cybersecurity isn’t as diverse and inclusive within the executive ranks as it should be. And some leaders say that reality is to the detriment of the community. Industry luminaries Camille Stewart from Google, Microsoft’s Edna Conway and former NASA technology chief Jerry Davis will draw on their substantial private…

China pushes new global data security initiative, decrying US ‘politicizing’ the issue

China announced a comprehensive global data security program Tuesday, proposing many of the same international norms agreed upon by Western nations already, while protecting China’s interest in balkanizing the internet. State Councilor and Foreign Minister Wang Yi proposed the “Global Data Security Initiative” in a statement translated here by the New America think tank. According…

Next post in Security News