Security News

A new initiative aims to make it easier to report personal abuse and harassment within the information security industry - without the involvement of social media mobs. Respect in Security, launched today with support from Trend Micro's veep of security research Rik Ferguson, Lisa Forte, a partner at Red Goat Cyber Security and other notable folk from the UK infosec scene, aims to set up a "Vulnerability style" reporting scheme for infosec professionals to flag up harassment and abuse to abusers' employers.

Vulnerabilities identified in the STEM Audio Table conference room speakerphone could be exploited by hackers for various purposes, including to eavesdrop on conversations, according to cybersecurity research firm GRIMM. The first identified issue is a stack-based buffer overflow in the function responsible for handling user requests for the device's "Local server" configuration option. GRIMM's researchers discovered a command injection bug in the firmware update mechanism of the device, which is handled by a Python script that accepts user-supplied arguments.

Several egregious vulnerabilities affecting the Stem Audio Table conference room speakerphone could be exploited by attackers to eavesdrop on what's being discussed in its proximity, download malicious firmware, achieve and maintain network persistence, and more, GRIMM researchers have discovered. Stack buffer overflow and command injection flaws that could allow attackers to execute arbitrary code as root on the device.

The world is one step closer to ultimately secure conference calls, thanks to a collaboration between Quantum Communications Hub researchers and their German colleagues, enabling a quantum-secure conversation to take place between four parties simultaneously. This advance in quantum secured communications could lead to conference calls with inherent unhackable security measures, underpinned by the principles of quantum physics.

Whether bolstering or enhancing corporate security posture, creating awareness for formerly office-based employees now working from home or responding to the damage caused by an unfortunate breach or attack, we have learned the importance of resilience and the need to learn from success or failure. The pandemic produced new challenges for security teams in addition to their existing workload. They not only found themselves working remotely - but with a workforce doing the same, threats that could be spotted on the corporate network were now starting to hide on a home WiFi.

Arctic Wolf announced Managed Security Awareness, a new solution that it described as a security awareness and training program delivered as a concierge service. The new solution includes security awareness microlearning, automated phishing simulations, and account takeover monitoring.

Cisco announces XDR, SASE and network security improvements. Cisco unveiled improvements for its extended detection and response solutions, including enhanced vulnerability management capabilities as a result of the acquisition of Kenna Security, better device visibility via SecureX, simplified transition from EDR to XDR, and expanded investigation and threat hunting capabilities.

Satori, a DataSecOps company revolutionizing data access, security and privacy for the modern data infrastructure, has been named one of 10 finalists for the RSA Conference 2021 Innovation Sandbox Contest for its work democratizing and protecting sensitive data in the cloud using a SaaS-based transparent setup. Satori allows monitoring and governing of data usage and data access in the cloud.

How can military experience help build resilience in information security? What lessons in perseverance and resilience can we pick up from an aerospace consultant who learned them the hard way in the wake of the NASA Challenger tragedy? Or, perhaps, you want to know more about how pentesting works in practice and hear advice by CISOs on how to manage infosec programs?

A former Cisco employee who went medieval on his former employer and cost the company millions, has been sentenced to two years in prison and a $15,000 fine. Five months later he used access credentials to get back into Cisco's systems and deleted virtual machines on Webex - borking more than 16,000 WebEx Teams accounts for two weeks in some cases and costing Cisco $2.4m in refunds and repair work.