Security News

China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.

Today's reality is that security breaches are a given. Sophisticated attackers are too numerous and too determined to get caught by perimeter defenses.

In an almost exclusively mobile world and the increased usage of mobile devices to access corporate data, cybercriminals started taking advantage of the vulnerability of such devices. To select a suitable mobile threat defense solution for your business, you need to think about a variety of factors.

Once a "Nuisance" threat, ransomware has grown into a layered, multi-billion-dollar industry for attackers. The U.S. Department of Justice has issued internal guidance that ransomware attacks should be treated with the same priority as terrorist attacks - did this dissuade any attackers? It does not seem so.

Simple tech investments like these, Tebow notes, can be an easy, effective way to end a ransomware attack before it starts. While using modern solutions to defeat modern threats is critical, upgraded defenses alone are not enough in a world where ransomware is considered an inevitability by experts.

DataTribe announced a $2.5M seed investment in Ntrinsec. Ntrinsec is the moving-target defense start-up that is solving the secrets sprawl that exists in enterprises of all sizes today.

Accenture has acquired Sentor, a Sweden-based independent provider of cyber defense and managed security services. The company's portfolio includes advisory services, security testing, managed detection and incident-response capabilities, powered by a 24/7/365 security operations center in Stockholm.

Wouldn't it be nice if you could prevent a ransomware attack from occurring in the first place? DMARC can make this seemingly impossible claim a possibility for domain owners! DMARC is also known as the first line of defense against Ransomware.

D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE. NSA funded MITRE's research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base. The D3FEND technical knowledge base of defensive countermeasures for common offensive techniques is complementary to MITRE's ATT&CK, a knowledge base of cyber adversary behavior.

A critical security bug in Palo Alto Networks' Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug is an improper-authorization vulnerability that "Enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API," according to the security vendor's Tuesday advisory.