Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Cyber leaders must take ownership of cyber skills gap

We’ve all heard about the cyber skills gap by now. As cyber adversaries grow more advanced and organizations struggle to manage these evolving threats, cybersecurity jobs are getting harder to fill. There are an estimated 2.9 million unfilled openings worldwide, with half a million in North America alone. Meanwhile, 60% of organizations say it takes…

Researcher details decades-old design flaws in Microsoft’s CTF protocol

Google Project Zero researcher Tavis Ormandy yesterday disclosed a series of 20-year-old flaws in Microsoft’s CTF protocol that could allow unauthorized parties to take over applications that use said protocol. According to Ormandy’s blog post and technical analysis, the flaw is specifically found in the msctf subsystem, which is a component of the Text Services…

Varenyky malware records porn on screen, distributes sextortion spam

A cybercriminal operation that’s been targeting France since May is attempting to distribute malware capable of recording the screens of victims who visit pornographic websites. In other cases, the malware sends out spam emails that merely intend to trick victims into believing their web sessions were recorded while they watched porn, even though they were…

Intel rolls out security updates for seven products

Intel has released a series of security updates crossing seven product lines with three rated high and four carrying a medium severity rating. The three high-rated issues cover Intel’s NUC (CVE-2019-11140), Processor Identification Utility for Windows (CVE-2019-11163) and Computing Improvement Program (CVE-2019-11162). The NUC vulnerability is due to an insufficient session validation in system firmware…

Fidelis Cybersecurity Deception 9.2.1

Fidelis Deception is one component of the Fidelis Elevate platform,  which combats the spectrum of cyberattacks by providing full visibility across hybrid, cloud and on-premises environments. Elevate automates threat and data theft detection to empower threat hunting and optimize incident response by providing context, speed and accuracy. By integrating bidirectional network traffic analysis with detection,…

Acalvio Technologies ShadowPlex 3.3

Acalvio Technology’s ShadowPlex aims to detect advanced attackers with precision and speed. It addresses the limitations of hard-to-install, difficult-to-maintain solutions otherwise not suited for enterprise-scale environments and allows organizations to deploy enterprise-wide deception solutions for accurate, timely and cost-effective detection. The company includes a rich palette of deception including decoys, breadcrumbs, baits and lures that…

Attivo Networks ThreatDefend Deception and Response Platform version 5.0

Attivo Networks’ ThreatDefend Deception and Response Platform arms the defender with no-nonsense threat detection and faster incident response that empowers organizations of all sizes and industries with visibility, high efficacy detection and intelligence-gathering to gain the upper hand against attackers. The platform supplies high-interaction traps, baits and lures developed for today’s evolving attack surface and…

CounterCraft Cyber Deception Platform 2.3.0

CounterCraft’s Cyber Deception Platform is a full spectrum deception solution that takes the design, deployment and management of deception to the next level with real-time attack detection and targeted, actionable threat intelligence directly applicable to the host network. This solution has a full rest API. We saw a ton of changes CounterCraft has made over…

Illusive Networks Deception Management System V3.1.105

Illusive Networks Deception Management System stops attacks by disrupting the human-decision making process behind lateral movement through proactively hardening the network by removing excess credentials, connections and pathways to critical assets. It detects attackers early on by planting fake data on endpoints that trigger alerts. The solution simplifies the incident response process by compiling real-time…

PacketViper Deception360 version 5.0

PacketViper is an active, agentless deception solution that combines internal deception with active, exterior-facing artifacts. It takes action early in the kill chain to detect, prevent and respond to threats automatically without the need for complex orchestrations. Decoys are lightweight, software-based and easily deployed. Internal decoys sit laterally within the network and yield virtually zero…

Next hm-product-review in Security News