Security News
A variety of attack tools by a variety of threat actors are involved in exploiting the Pulse Secure systems, including four variants of a novel malware family FireEye/Mandiant has named SLOWPULSE. Three of the four variants of SLOWPULSE allow attackers to bypass two-factor authentication mechanisms in the VPN system. There is no information yet as to whether or which industrial or critical infrastructure sites might have been targeted.
The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "Skillful and methodic operators who follow operations security best practices to minimize traces, stay under the radar, and avoid detection." By analyzing telemetry data associated with previously published indicators of compromise, RiskIQ said it identified an additional set of 18 servers with high confidence that likely communicated with the targeted, secondary Cobalt Strike payloads delivered via the TEARDROP and RAINDROP malware, representing a 56% jump in the attacker's known command-and-control footprint.
Red Balloon Security announced an expanded and customizable set of offerings for critical infrastructure and a range of industries - including energy, industrial control systems, building management systems, automotive, and telecommunications. Red Balloon Security is launching a portfolio of solutions combining its expertise with its advanced suite of technologies for embedded devices.
The coronavirus pandemic accelerated trends that had slowly been changing businesses everywhere, transforming remote work from a perk to a necessity and sending even more of our data, applications, and day-to-day activities into the cloud. The most obvious pain point that many organizations are working through is how to manage workforce transformation, specifically when it comes to authenticating and monitoring remote user identities.
Guardicore extends microsegmentation and zero trust security to protect legacy infrastructure and IT
Guardicore announced new capabilities that extends microsegmentation and zero trust security to the industry broadest catalog of legacy servers, applications, and operating systems. Customers using Guardicore Centra to protect their hybrid data centers that include legacy servers can now extend zero trust policies and granular microsegmentation to IBM iSeries AS/400 servers.
Cisco announced new server solutions supported by 3rd Gen Intel Xeon Scalable processors to bring new performance and security capabilities to customers' hybrid cloud infrastructure. To help technology teams address increasingly complex hybrid cloud environments, Cisco today is introducing Unified Computing System server models with the latest 3rd Gen Intel Xeon Scalable processors.
Cisco Secure unveiled the future of simple and effective security with infrastructure agnostic, passwordless authentication by Duo. Integrated seamlessly into the existing Duo authentication experience used by more than 25,000 organizations globally, Duo passwordless authentication will enable enterprise users to skip the password and securely log into cloud applications via security keys or biometrics built into modern laptops and smartphones.
Critical infrastructure protection firm OPSWAT has secured $125 million growth funding from Brighton Park Capital. OPSWAT is expanding rapidly, and Benny Czarny, founder and CEO, expects to hire up to 100 more over the next three years in the Tampa, Florida area.
DTEX Systems announced that it has broadened the reach of its Workforce Cyber Security Platform, DTEX InTERCEPT, with enhanced capabilities to monitor and secure server infrastructures. "If the Tesla, General Electric, Microsoft Exchange and Verkada attacks have taught us anything, it is that we need to rethink server visibility, detection and protection," said Mohan Koo, Co-founder and CTO, DTEX Systems.
Aqua Security announced that its cloud native security platform now protects containers and Virtual Machine workloads at runtime on Arm-powered devices. This enables Aqua customers to take advantage of the high density and cost-effectiveness provided by Arm-powered hosts and devices across cloud infrastructure, edge and IoT platforms, including the new AWS Graviton2 instances from Amazon Web Services.