Security News

Parasoft announced its C/C++test update to support IAR Systems' build tools for Linux for Arm. IAR Build Tools for Linux inspired the update of Parasoft's unified testing solution for C/C++test software development.

When the move to the cloud was dramatically exacerbated by companies rapidly shifting to remote work, these tools fell short of supplying clear visibility into multiple environments and technology layers. The need to quickly adapt and scale to the new reality provided the perfect opportunity to accelerate the push to cloud, but outdated traditional security information and event management tools are not able to efficiently collect and process the high volume of telemetry generated by the multiple cloud services adopted as part of this push.

We'll guide you through the process of using Homebrew package manager to install security tools on macOS to exploit vulnerabilities found in your Apple equipment. In this follow-up to the installing security tools on macOS via Homebrew series, we'll be looking at various applications that can be used to exploit any vulnerabilities that have been found after performing an assessment using scanning tools to determine what-if any-issues exist.

We'll guide you through the process of using Homebrew package manager to install security tools on macOS to assess vulnerabilities and the security posture of the devices on your network. Some tools may be used to obtain vulnerability information from generic devices, while other tools are suited only to identify specific vulnerabilities related to certain types of applications and services, such as web servers, for example.

Implementing the measures in NSA's guidance eliminates the false sense of security provided by obsolete encryption protocols by helping block insecure TLS versions, cipher suites, and key exchange methods to properly encrypt network traffic. Updating TLS configurations will provide government and enterprise organizations with stronger encryption and authentication to help them build a better defense against malicious actors' attacks and protect important information.

"Cybersecurity is very good at identifying activities that are black or white-either obviously bad and dangerous or clearly good and safe," writes Margaret Cunningham, PhD, psychologist and principal research scientist at Forcepoint's Innovation Lab, in her research paper Exploring the Gray Space of Cybersecurity with Insights from Cognitive Science. "But, traditional cybersecurity tools struggle with ambiguity-our algorithms are not always able to analyze all salient variables and make a confident decision whether to allow or block risky actions."

Millions of devices are exposed to potential attacks exploiting the vulnerabilities used in the tools that threat actors recently stole from FireEye, security and compliance solutions provider Qualys reported on Tuesday. Qualys said it identified more than 7.5 million instances related to vulnerabilities associated with the stolen FireEye tools and compromised versions of the SolarWinds Orion product.

ColorTokens announced its ColorTokens Partner Program and Partner Portal, providing distributors, resellers, and other technology service providers the resources they need to get started in the enterprise information security market. The ColorTokens Partner Program allows easy entry for first-time cloud security partners, guiding them to develop skills, scale revenue, and achieve success.

FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a state-sponsored attack by a "Highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. Red Team tools are often used by cybersecurity organizations to mimic those used in real-world attacks with the goal of assessing a company's detection and response capabilities and evaluating the security posture of enterprise systems.

U.S. cybersecurity company FireEye has suffered a breach, and the attackers made off with the company's RedTeam tools, FireEye CEO Kevin Mandia has disclosed on Tuesday. "The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past."