Month: November 2020
First Look: PrivafyCentral
25 November 2020PrivafyCentral’s dashboard offers security teams a unified view of data-in-motion. (Credit: Privafy) Company Name: Privafy Security Services Product Name: PrivafyCentral Basic Price: $150 per month per location What it does: Creates a more secure internet experience by addressing the most challenging issues plaguing data-in-motion security for enterprises of all sizes. What we liked: The customizable […]
Read More
2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
25 November 2020cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as “SEC-575” and discovered by researchers from Digital Defense, has been remedied by the company in […]
Read More
Baidu’s Android Apps Caught Collecting and Leaking Sensitive User Data
25 November 2020Two popular Android apps from Chinese tech giant Baidu have been removed from the Google Play Store in October after they were caught collecting sensitive user details. The two apps in question—Baidu Maps and Baidu Search Box—were found to collect device identifiers, such as the International Mobile Subscriber Identity (IMSI) number or MAC address, without […]
Read More
Biden’s DHS nominee Mayorkas offers hope of stability, resilience
24 November 2020President-elect Joe Biden nominated Alejandro Mayorkas as his secretary of Homeland Security, a move that drew quick praise from information security experts. Mayorkas, a former U.S. attorney and former deputy secretary of Homeland Security, is a known commodity in cybersecurity quarters. (World Travel & Tourism Council) President-elect Joe Biden Monday nominated Alejandro Mayorkas as his […]
Read More
Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies
24 November 2020An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, […]
Read More
Critical Unpatched VMware Flaw Affects Multiple Corporates Products
24 November 2020VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. “A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges […]
Read More
CyberArk, Forescout and Phosphorus team to automate IoT device integration and lockdown
23 November 2020The Newton headquarters of CyberArk, which has teamed with Forescout and Phosphorus to address risks tied to IoT devices. (CC BY-SA 4.0) Privileged access management company CyberArk today joined forces with Forescout and Phosphorus to leverage automated network integration to more effectively secure IoT devices on corporate networks. CyberArk maintains that companies can significantly reduce […]
Read More
Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?
23 November 2020At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS (Domain Name System) related outage and Distributed denial of service (DDoS) lead a negative impact on businesses. Among the wide range of countermeasures, a web application firewall is […]
Read More
A look back: The 2020 Professional Award winners
22 November 2020The Professional Awards recognize the top cybersecurity leaders of 2020 –the people within the cybersecurity vendor community who drove innovation, cyber awareness and industry growth. For 2021, we will now include the top cybersecurity vendor leaders within SC’s Excellence Awards and a new category of awards – Leadership Awards, formerly known as Reboot – will recognize […]
Read More
Websites requiring security software downloads opened door to supply chain attack
20 November 2020The Seoul skyline in South Korea (Flickr – Laurie Nevayhttps://www.flickr.com/photos/laurienevay/, CC BY-SA 2.0 https://creativecommons.org/licenses/by-sa/2.0, via Wikimedia Commons). A newly reported supply chain attack involved malicious hackers compromising financial and government websites so they would deliver malware to unsuspecting visitors. The tactic demonstrates the risks involved with requiring users to download software in order use your […]
Read More