Security News

Here's a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies
2021-07-29 06:26

Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments are fully patched against them. Number one on the US, UK, and Australia's jointly published [PDF] list was the well-known Citrix arbitrary code execution vuln in Application Delivery Controller, aka Netscaler load-balancer.

'Woefully insufficient': Biden administration's assessment of critical infrastructure infosec protection
2021-07-29 05:15

The Biden administration has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems to address what it describes as a "Woefully insufficient" security posture. "The Memorandum was accompanied by transcripts of remarks made by a"Senior administration official" who said the edicts are needed because "We have a patchwork of sector-specific statutes that have been adopted piecemeal, typically in response to discrete security threats in particular sectors that gained public attention.

Misconfigured Azure Blob at Raven Hengelsport exposed records of 246,000 anglers – and took months to tackle, claim infosec researchers
2021-07-27 20:49

Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. "Sadly, actually getting Raven, also known as Raven Fishing, to do anything about the issue proved challenging."We immediately tried to get in touch with Raven once we discovered the open database, but did not receive a response from Raven regarding the breach," SafetyDetectives' researchers noted.

New infosec products of the week: July 23, 2021
2021-07-23 06:00

The new version builds on the MITRE ATT&CK framework to reflect the iterative approach of attackers and the likelihood of attacking any point or multiple points of an organization's attack surface. With this new capability, all files hosted within AWS storage will be delivered to the Votiro Secure File Gateway.

Respect in Security initiative aims to build reporting lines for infosec bods suffering harassment at work, conferences and online
2021-07-22 15:30

A new initiative aims to make it easier to report personal abuse and harassment within the information security industry - without the involvement of social media mobs. Respect in Security, launched today with support from Trend Micro's veep of security research Rik Ferguson, Lisa Forte, a partner at Red Goat Cyber Security and other notable folk from the UK infosec scene, aims to set up a "Vulnerability style" reporting scheme for infosec professionals to flag up harassment and abuse to abusers' employers.

Respect in Security initiative aims to build reporting lines for infosec bods suffering harassment at work, conferences and online
2021-07-22 15:30

A new initiative aims to make it easier to report personal abuse and harassment within the information security industry - without the involvement of social media mobs. Respect in Security, launched today with support from Trend Micro's veep of security research Rik Ferguson, Lisa Forte, a partner at Red Goat Cyber Security and other notable folk from the UK infosec scene, aims to set up a "Vulnerability style" reporting scheme for infosec professionals to flag up harassment and abuse to abusers' employers.

New infosec products of the week: July 16, 2021
2021-07-16 06:00

ThreatQuotient releases ThreatQ Data Exchange to simplify bidirectional sharing of intelligence data. ThreatQ Data Exchange provides the ability to granularly define data collections for sharing, and easily connect and monitor a network of external systems with which to share data.

We're terrified of sharing information, but the benefits of talking about IT and infosec outweigh the negatives
2021-07-13 09:15

We stand in front of rooms full of people - or, more recently, sit in front of laptop cameras trying to remember what rooms full of people look like - and say: hey, if you fall for a phishing campaign, or you inadvertently delete a directory, or you lose your laptop, get in touch straight away and we'll help you get it sorted. So how do you do something conversational with a bunch of people whose opinions you respect, while retaining a reasonable chance of not blabbing your woes to the public at large? The simplest to make happen is to seek out your peers by going along to local networking events - and even if there aren't any locally run user groups in your field you can also look to professional bodies such as the BCS,2, ISACA and the like, all of which have regional branches or chapters that can be used as a means of meeting the people you'd like to get to know and share with.

Criminals prefer to WFH too: Singapore infosec agency says 43% of all crimes in the city-state happened online in 2020
2021-07-08 11:10

The Cyber Security Agency of Singapore today released data revealing that cybercrime accounted for 43 per cent of all crime in the city-state during 2020. Ransomware attacks rose 154 per cent from 35 cases in 2019 to 89 in 2020, shifting from what CSA called "Indiscriminate, opportunistic attacks" to "Big Game Hunting".

New infosec products of the week: June 25, 2021
2021-06-25 06:00

Splunk Security Cloud helps customers secure and manage multi-cloud deployments. Splunk Security Cloud brings together security operations solutions that help customers get maximum value from their data.