Security News
Ericom Application Isolator separates corporate apps from unauthorized users to prevent ransomware. Ericom Software announced the introduction of Ericom Application Isolator, a new solution that integrates with existing remote access VPNs and Next Generation Firewalls to secure corporate applications and data from the security risks associated with excessive access rights inside a network.
Cybersecurity training organisation the SANS Institute suffered the loss of 28,000 items of personally identifiable information after a staffer's email account was accessed by malicious people. In a statement on its website, SANS said: "Aside from the affected user, we currently believe that no other accounts or systems at SANS were compromised."
Fortinet unveiled the FortiGate 4400F, a firewall capable of securing 5G networks. The FortiGate 4400F is a hyperscale firewall, setting new milestones for Security Compute Ratings to deliver performance, scalability and security in a single appliance.
Some 3D printers can be flashed with firmware updates downloaded directly from the internet - and an infosec research firm says it has discovered a way to spoof those updates and potentially make the printer catch fire. Research from the appropriately named Coalfire biz claimed printers from Chinese company Flashforge could be abused through crafted updates that bypass safety features built into the devices' firmware.
McAfee MVISION Cloud now maps threats to MITRE ATT&CK. With the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK or to learn and operationalize a separate framework for cloud threats and vulnerabilities, which can be cumbersome and time consuming - especially as cloud-native threats become more abundant. Amazon Fraud Detector is a fully managed service that makes it easy to quickly identify potentially fraudulent online activities like online payment and identity fraud.
Neal Krawetz, a computer forensics expert, has published details on how to detect Tor bridge network traffic that he characterizes as "Zero-day exploits"... which the Tor Project insists are nothing of the sort. Typically, users slide into the Tor network through a publicly listed entry relay, though they may choose to join via a bridge relay, or bridge for short, to avoid IP-based detection and censorship.
Nearly half of British university staff say they have received no cybersecurity training, according to a recent survey. 46 per cent of staff received no training at all, while one Russell Group uni said that just 12 per cent of its staff had received "Any" training in infosec matters.
"In olden days, being a SOC analyst was a respected gig. Entry-level SOC analyst was how you broke into the industry, learned about alarms, alerts, and notifications, and earned your chops in incident response, root cause analysis, report writing/documentation, and potentially, if you were awesome, in presenting it to the boss(es). Then you were either put on the incident response team, or moved over to digital forensics, or you could maybe switch a bit to DevOps/SecDevOps if that caught your interest. Even pentesting, if you got really good at blue teaming, which is a pretty good pathway into breaking and red teaming," Marpet explained what he meant to Help Net Security. "Now, in many companies, SOC analyst is a dead-end job. With the extreme specialization and commoditization of SOC analyst jobs, anything interesting is taken away almost immediately: 'Oh! This looks bad, send it to Incident Response!' or 'I'm not sure what this is, send it to Security!' SOC analysts became security dispatchers a while ago."
"In an era where workplace stress, mental illness, mindfulness and work-life balance are matters of importance and interest, we sought to understand if the security profession was at risk of burning itself out," the report, Security Profession 2019/2020 [PDF], stated. Some 18 per cent said they had personally walked out of a role permanently because of burnout; 36 per cent professed to knowing someone that had left due to it; and another 25 per cent claimed they had considered it.
Former UK prime minister Tony Blair has declared that governments can't "Take 10 years to catch up" with cyber crims - while speaking at an infosec conference organised by Vladimir Putin's favourite Russian bank. Blair scoffed at people with concerns about the role of the state in everyday online life, saying: "When people worry about the data they shared with governments - most people share enormous amounts of data with technology companies!".