Monday 8/17
Online and offsite: the future of training and consultancy? (F5)
As offices gradually re-open across the world, the question arises of how many of our old working habits we will return to.
http://f5so.co/70FD4B
Forescout Sets a New Standard for Securing the Enterprise of Things
The new integrations allow organizations to reduce attack surface, maintain compliance and minimize breach impact across IT, IoT, healthcare and operational technology (OT) environments. Continuous monitoring of segmentation hygiene provides an instant understanding of new risks due to the expanded interconnectivity between traditional IT, cyber-physical and clinical technology domains.
https://bit.ly/2Efv38H
Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities
The security issues allow Safari cookies to be read and dumped, and these packets of data are then used to inject JavaScript-based backdoors into displayed pages via a Universal Cross-site Scripting (UXSS) attack.
https://zd.net/32ehaAj
Tuesday 8/18
How Online Businesses Can Defeat Application Fraud in a Multi-Cloud World
Businesses need to hold their application security vendors accountable for security outcomes rather than merely the existing functionality that today’s bad actors continually engineer around. Join F5 Networks and Ingram Micro on August 26, at 1:00 PM to discuss what application owners and security teams face next in the world of fraud and cyber-crime. See the link below for registration details.
https://bit.ly/3kW5EC8
Bridging the Cybersecurity Skills Gap Through Artificial Intelligence (Fortinet)
As organizations are forced to operate exclusively in reactive mode, they position broad-brush security tools to close the most common avenues of known attacks. Sometimes having to wait until an attack was actively targeting their devices and systems in order to repel them, or far too often, clean up the mess after a stealthy attack was able to break into their system and get out with the data it was looking for.
https://bit.ly/2YbaFwN
Citrix enables customer choice with support for VMware Cloud on AWS
Now, within a single management tool, Citrix Virtual Apps and Desktops service allows you to easily manage and provision Citrix workloads to extend your virtual apps and desktops in vSphere as needed, between either on-premises deployments or within VMware-based clouds, starting with VMware Cloud on AWS.
https://bit.ly/34cjIl2
Wednesday 8/19
Making Azure Cloud Environments Even More Secure with CyberArk
The recent release of CyberArk Privileged Access Security Solution v11.5 added capabilities to automate the deployment of CyberArk Vault environments in Azure and support multi-cloud and multi-region configurations options with Azure.
https://bit.ly/3gd8mPO
AWS Cryptojacking Worm Spreads Through the Cloud
A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency.
https://bit.ly/3hcyfRg
Thursday 8/20
How Are You Addressing the NSA/CISA Immediate Recommended Actions?(Forescout)
Without appropriate due diligence, organizations often find that they can check all the boxes when it comes to visibility but are completely unprepared to deal with what they see, such as malware breaches or other nefarious activities. Clearly, asset visibility isn’t enough.
https://bit.ly/31bJfZv
With everyone working from home, VPN security is now paramount
Besides enabling MFA to protect VPN accounts for employees working from home, CISA also recommended that companies review the patching levels of corporate VPN products.
https://zd.net/3gcv0Yz
Friday 8/21
Implementing the Zero Trust eXtended (ZTX) Framework with Meta Networks (Proofpoint)
If you ask the folks at Forrester Research, they’ll probably tell you that most organizations still have a long way to go on the road to implementing zero trust security. Partially, “because they're not sure of the concrete technology purchases and organizational changes needed to do so.”
https://bit.ly/2YmGYcc
Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws
Microsoft has released an out-of-band security update addressing two high-severity elevation-of-privilege (EoP) bugs. Both flaws exist in a service called Windows Remote Access, which provides remote-access capabilities to client applications on computers running Windows.
https://bit.ly/34lt9yD