Security News

A critical security bug in Palo Alto Networks' Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug is an improper-authorization vulnerability that "Enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API," according to the security vendor's Tuesday advisory.

As more businesses move their critical data and cybersecurity defenses to the cloud and the volume of network traffic increases substantially, enterprise cybersecurity teams are rethinking their use of sandbox environments. It's becoming increasingly easier to avoid the sandbox as enterprises generally direct only a sampling of their traffic to the sandbox.

U.S. pipeline operators will be required for the first time to conduct a cybersecurity assessment under a Biden administration directive in response to the ransomware hack that disrupted gas supplies in several states this month. The Transportation Security Administration directive being issued Thursday will also mandate that the owners and operators of the nation's pipelines report any cyber incidents to the federal government and have a cybersecurity coordinator available at all times to work with authorities in the event of an attack like the one that shut down Colonial Pipeline.

President Joe Biden signed an executive order Wednesday meant to strengthen U.S. cybersecurity defenses in response to a series of headline-grabbing hacking incidents that highlight how vulnerable the country's public and private sectors are to high-tech spies and criminals operating from half a world away. The order will require all federal agencies to use basic cybersecurity measures, like multi-factor authentication, and require new security standards for software makers that contract with the federal government.

UK's National Cyber Security Centre highlights the success of its Active Cyber Defence program. The UK's National Cyber Security Center Active Cyber Defense program is an ambitious project designed to improve the security posture of an entire nation.

This approach is all about data and resilience, not deliberately sabotaging your own network, according to two cybersecurity experts.

In this role, Ms. Beckham will oversee all financial operations while working closely with our leadership team to support Cyber Defense Labs' business strategy and anticipated growth. Ms. Beckham brings a proven track record of success in leading all aspects of corporate finance with strong expertise in financial management, budgeting and forecasting, risk mitigation, cost controls and strategic planning.

French President Emmanuel Macron on Thursday unveiled a plan to better arm public facilities and private companies against cybercriminals following ransomware attacks at two hospitals this month and an upsurge of similar cyber assaults in France. The attacks at the hospitals in Dax and Villefranche-sur-Saone prompted the transfer of some patients to other facilities as the French health care system is under pressure from the coronavirus pandemic.

Chaos engineering is a way for security teams to replace continuous firefighting with continuous learning, according to two industry experts. At the RSA 365 Virtual Summit this week, Aaron Rinehart, CTO and co-founder Verica, and Jamie Dicken, manager of applied security at Cardinal Health, explained how this approach to IT security works.

Owl Cyber Defense Solutions announced the acquisition of the Trident Assured Collaboration Systems product line. The acquisition gives Owl a broader range of certified network perimeter defense solutions than any competitor in the market.