Security News
Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. "Easy to use from the command line with simple, understandable output, Prowler offers standard reporting formats like CSV and JSON, enabling users to thoroughly examine findings across any cloud provider, all in a uniform format. Its seamless integrations with Security Hub and S3 facilitate easy incorporation with other SIEMs, databases, and more. The ability to write custom checks and develop custom security frameworks is crucial for our expanding community," Toni de la Fuente, the creator of Prowler, told Help Net Security.
JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors...
Security teams often operate in a silo, detached from the soft, human parts of the business like sales and marketing, which can lead to overlooking potential attack vectors that are evident from a business standpoint. In essence - learn the business to attack the business.
Threat actors aren't looking for companies of specific sizes or industries, they are looking for opportunities. Given that many companies operate in the dark and overlook breaches until ransomware attacks occur, this makes the threat actors' job easy.
Despite 57% of interviewed organizations reporting significant security incidents, over 70% of organizations reported better performance on cybersecurity key performance indicators, such as mean time to detect, investigate, respond, and remediate in 2023 as compared to 2022, and 90% believe they have good or excellent ability to detect cyberthreats. "While we aren't surprised by the contradictions in the data, our study in partnership with IDC further opened our eyes to the fact that most security operations teams still do not have the visibility needed for overall security operations success. Despite the varied TDIR investments they have in place, they are struggling to thoroughly conduct comprehensive analysis and response activities," said Steve Moore, Exabeam Chief Security Strategist.
Microsoft's Azure AD Password Protection, now rebranded as Microsoft Entra ID helps users create a password policy they hope will protect their systems from account takeover and other identity and access management issues. The absence of Dark Web data usage in Microsoft Entra ID's security measures poses a considerable risk to businesses by not adequately protecting against compromised credentials.
It's an annual meme that DEF CON infosec conference has been canceled, but this time it actually happened. According to conference founder Jeff Moss, AKA Dark Tangent, the hotel and casino operator unexpectedly canceled the Con's booking with no warning or explanation.
Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information. Necessarily alert to revenue diversification opportunities in light of its dependence on Google paying to be the default search service on its beleaguered Firefox browser, Mozilla has taken Monitor beyond HIBP alerts, added data removal, and branded that expanded service Monitor Plus with a subscription fee of $8.99 per month.
Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. While phishing is generalized in that one phishing email may be sent to millions of people, spear phishing is highly targeted.
Verizon is notifying more than 63,000 people, mostly current employees, that an insider, accidentally or otherwise, had inappropriate access to their personal data. At the heart of the drama: A Verizon employee apparently obtained a file that they shouldn't have had access to, containing personal information including: names, addresses, Social Security numbers or other national identifiers, gender, union affiliation, dates of birth, and compensation information.