Security News

Red Hat Enterprise Linux 8.2 adds evolved container tools to help fuel cloud-native development
2020-04-21 13:20

Red Hat announced the general availability of Red Hat Enterprise Linux 8.2, the foundation for Red Hat's hybrid cloud portfolio. Red Hat Enterprise Linux can help intelligently detect, diagnose and address potential issues before they impact production, driven by advancements in Red Hat Insights.

CTERA unveils DevOps tools that allow enterprises to automate global file services delivery
2020-04-17 01:30

CTERA, the edge-to-cloud file services leader, announced DevOps tools that allow enterprises to automate file services delivery on a global scale. The CTERA Software Development Kit for Python and the CTERA Ansible Collection enable engineers to rapidly provision hybrid cloud storage services across distributed topologies with thousands of edge locations, applications and users in just a few lines of code.

New PoetRAT Hits Energy Sector With Data-Stealing Tools
2020-04-16 21:30

A never-before-seen remote access trojan has been discovered in a set of campaigns targeting the energy sector, with a slew of post-exploitation tools to log keystrokes, record footage from webcams and steal browser credentials. Researchers called the malware "PoetRAT" due to various references to sonnets by English playwright William Shakespeare throughout the macros, which was embedded in malicious Word documents that were part of the campaign.

Shared Assessments Program issues set of best practices and tools to help orgs comply with the CCPA
2020-04-16 01:00

The Shared Assessments Program issued "CCPA Privacy Guidelines & Checklists," the security and risk industry's first comprehensive set of best practices and tools to help organizations comply with the California Consumer Privacy Act. "As participants networked this past year to share ideas, best practices and pain points, the committee initiated a set of Privacy White Papers to help industry peers navigate and provide checklists to map their progress."

Free Security Tools, Resources Offered During Coronavirus Outbreak
2020-04-07 19:14

Many companies are offering free cybersecurity tools and resources to help organizations during the COVID-19 coronavirus outbreak. Tens of companies have announced over the past weeks that they are offering free tools and services to organizations impacted by the pandemic.

While many migrate security tools to the cloud, concerns remain
2020-03-27 05:00

While many companies are beginning to migrate security tools to the cloud, a significant number have concerns, a survey by Exabeam reveals. Typically, organizations migrate security tools to the cloud to minimize the resources and overhead associated with owning and maintaining on-premises equipment and software.

Public ICS Hacking Tools Make It Easier to Launch Attacks: FireEye
2020-03-25 12:35

The cybersecurity firm told SecurityWeek that its Mandiant Intelligence team tracks nearly 100 tools that can be used to exploit vulnerabilities in ICS or interact with industrial equipment in an effort to support intrusions or attacks. Of the ICS hacking tools tracked by FireEye - the company calls them ICS cyber operation tools - 28% are designed for discovering ICS devices on a network and 24% for software exploitation.

Widely available ICS attack tools lower the barrier for attackers
2020-03-24 14:03

The general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology networks and industrial control systems. "As ICS are a distinct sub-domain to information and computer technology, successful intrusions and attacks against these systems often requires specialized knowledge, establishing a higher threshold for successful attacks. Since intrusion and attack tools are often developed by someone who already has the expertise, these tools can help threat actors bypass the need for gaining some of this expertise themselves, or it can help them gain the requisite knowledge more quickly," FireEye researchers point out.

2020 cybersecurity risks: Insecure security tools, supply chains, abandonware
2020-03-23 05:00

During 2019 a SafeBreach research team discovered major vulnerabilities in widely used security products that were written and tested by reputable cybersecurity companies. Product What can happen Underlying flaws Trend Micro Maximum Security 2019 and 2020 DLL Search-Order Hijacking Signed Execution Whitelisting Bypass Uncontrolled search path, no digital certificate validation against the binary.

Russia-Linked Cybercriminals Use Legitimate Tools in Attacks on German Firms
2020-03-20 13:25

Earlier this year, Prevailion's security researchers identified a TA505 campaign targeting German companies with fake job application emails, but the attacks appear to have started in June 2019, or even the month before. Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.