Security News
FireEye and McAfee, whose business models center around charging enterprises money to protect their networks from cyber-threats, issued a joint report this week predicting next year you'll see an increase in cyber-threats, particularly those against enterprise networks and the staff who run them. Nation states will "Increase their offensive operations by leveraging cybercriminals." as senior principal McAfee engineer Christiaan Beek theorized, citing the example of US indictments against four Chinese nationals who were allegedly running front companies on behalf of Beijing.
Cisco Secure unveiled the future of simple and effective security with infrastructure agnostic, passwordless authentication by Duo. Integrated seamlessly into the existing Duo authentication experience used by more than 25,000 organizations globally, Duo passwordless authentication will enable enterprise users to skip the password and securely log into cloud applications via security keys or biometrics built into modern laptops and smartphones.
A 17-year-old high school senior along with her mother, Laura Rose Carroll, were arrested this week, charged with accessing student records in a fraudulent attempt to rig her school's Homecoming Queen election. The same district where her daughter attended Tate High School, the Washington Post reported.
Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mailbox was protected by MFA. Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo. The logs from the Duo authentication server further showed that no attempts had been made to log into the account in question.
The pair were performing a routine penetration test at the Dallas County courthouse at night when they tripped an alarm, were collared by deputies, and, ultimately, charged with felony trespassing - a crime that can lead to up to seven years behind bars. Part of the problem, the two professional attackers told the Black Hat online conference today, was the imprecise terms of the penetration tests Coalfire was hired to perform at the request of the US state of Iowa.
The pair were performing a routine penetration test at the Dallas County courthouse at night when they tripped an alarm, were collared by deputies, and, ultimately, charged with felony trespassing - a crime that can lead to up to seven years behind bars. Part of the problem, the two professional attackers told the Black Hat online conference today, was the imprecise terms of the penetration tests Coalfire was hired to perform at the request of the US state of Iowa.
On Tuesday, the US Department of Justice charged two Chinese nationals with allegedly hacking hundreds of organizations and individuals in America and elsewhere to steal confidential corporate secrets on behalf of Beijing for more than a decade. The US claims that the two accused worked both for themselves and with the backing of the Chinese government's Ministry of State Security.
Together, Bitglass and Duo balance enterprise-grade access control and data protection with the flexibility and seamless user experience needed to support a global, remote, and multi-device workforce. It is crucial organizations adjust their security strategies as employees can download, upload, and share data from personal devices or public networks, meaning data is traveling beyond the corporate firewall.
Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities - and exploit code for one of them is already public, so get patching. Interestingly enough, at the time, this public source-code tweak was spotted and studied by Exodus Intelligence researchers István Kurucsai and Vignesh Rao, who hoped to see whether it's still practical to identify security bug fixes among code changes in the Chromium source tree and develop an exploit before the patch sees an official release, a practice known as patch-gapping.
Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities - and exploit code for one of them is already public, so get patching. Interestingly enough, at the time, this public source-code tweak was spotted and studied by Exodus Intelligence researchers István Kurucsai and Vignesh Rao, who hoped to see whether it's still practical to identify security bug fixes among code changes in the Chromium source tree and develop an exploit before the patch sees an official release, a practice known as patch-gapping.