ChaChi: a new GoLang Trojan used in attacks against US schools
| June 23rd, 2021By l33tdawg ChaChi: a new GoLang Trojan used in attacks against US schools
l33tdawg
Wed, 06/23/2021 – 23:22 …read more
Source:: hitb
Nearly half (48%) of organizations do not have a user verification policy in place for password reset calls to IT service desks, according to a new Specops Software survey, which highlights social engineering vulnerabilities among IT service help desks. …read more
Source:: Security magazin
Honeywell Launches OT Cybersecurity Monitoring and Response Service
| June 10th, 2021American industrial giant Honeywell this week announced a new cybersecurity monitoring and incident response service for industrial organizations.
Source:: securityweek
US Drops Trump Order Targeting TikTok, Plans Its Own Review
| June 10th, 2021The White House dropped Trump-era executive orders intended to ban the popular apps TikTok and WeChat and will conduct its own review aimed at identifying national security risks with software applications tied to China, officials said Wednesday.
Source:: securityweek
Webinar Today: CISO Guide to Preventing Vendor Email Compromise
| June 10th, 2021
ALPACA: New TLS Attack Allows User Data Extraction, Code Execution
| June 10th, 2021Researchers from three universities in Germany have identified a new TLS attack method that can allow a man-in-the-middle (MitM) attacker to extract user data or execute arbitrary code.
The new attack, dubbed ALPACA, has been described as an “application layer protocol content confusion attack.”
Source:: securityweek
Google Patches Chrome Zero-Day Used by Commercial Exploit Company
| June 10th, 2021Google this week released patches for 14 vulnerabilities in the Chrome browser, including a security flaw that has been exploited in the wild.
Ten of the issues were reported by external security researchers: one rated critical severity, seven high severity, and two medium severity. All are patched in Chrome 91.0.4472.101 for Windows, Mac and Linux.
Source:: securityweek
Zero Trust, a core component of any modern security strategy
| June 10th, 2021
In the spirit of building a solid foundation, Zero Trust security has once again come into the forefront. Whie the concept of Zero Trust is not new, the reality is that not enough organizations have adopted those in IT and security, the concept of identity-centric protection isn’t anything new. …read more
Source:: Security magazin
Enterprise security professionals face a difficult task. The growth of the cybersecurity market has led to increased clutter and overwhelming fragmentation. Before we dig into the tips that enterprise security professionals should keep top of mind when seeking out the right vendor, let’s delve into the primary pain points that buyers face.
Source:: Security magazin
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), private sector partners, local first responders, and state and federal partners held a tabletop exercise to test emergency response and recovery operations in preparation for the U.S. Olympic Team Trials – Track & Field, which will be held June 18-27 at Hayward Field on the University of Oregon campus. …read more
Source:: Security magazin