Day: February 26, 2021
Microsoft makes CodeQL queries public so security pros can better understand SolarWinds attack
26 February 2021Microsoft has won praise from security researchers by making its CodeQL queries public so any organization could use the open source tools to analyze if they experienced any vulnerabilities from the SolarWinds or similar supply chain attacks. (Microsoft) Microsoft has won praise from security researchers by making its CodeQL queries public so any organization could […]
Read More
New data could help CISOs quantify the value of a strong security culture
26 February 2021Phishing warning seen on Google Chrome when visiting a website that has been recognized as phishing website. (Christiaan Colen/CC BY-SA 2.0) Building a security awareness training program to develop a strong infosec culture requires time and money, and chief information security officers frequently try to make a case for such an investment by citing return on […]
Read More
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
26 February 2021A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor’s tactics by going beyond the usual […]
Read More
Four questions all cybersecurity RFPs should ask
26 February 2021Effective security can help companies save in excess of $1 million on a nation-state attack from the likes of Vladimir Putin’s Russia. Today’s columnist, Dan Pitman of Alert Logic, says as part of the equation, companies should focus requests-for-proposals around business goals vs. looking to bring on too many products. PalaciodoPlanalto CreativeCommons Credit: CC BY […]
Read More
ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
26 February 2021Researchers have uncovered gaps in Amazon’s skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the […]
Read More
Cisco Releases Security Patches for Critical Flaws Affecting its Products
26 February 2021Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. “An attacker could exploit this vulnerability by sending a crafted request to the affected API,” the company said in an advisory published yesterday. “A successful exploit […]
Read More