Heading to RSA: NSA Brings Innovative Ideas to Cybersecurity Industry

FORT MEADE, Md., Feb. 12, 2020 — The breadth of talent and expertise across the private industry offers vast potential for collaboration. The RSA Conference — an annual security gathering hosting educational, professional, networking, and awards programs — offers one of the largest opportunities for NSA to bolster partnerships and continue to build understanding of…

Managed Defense: The Analytical Mindset

When it comes to cyber security (managed services or otherwise), you’re ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an analyst’s trained eyes and investigative process are the deciding…

RobbinHood Kills Security Processes Before Dropping Ransomware

Attackers deploy a legitimate, digitally signed hardware driver to delete security software from machines before encrypting files. In a newly detected attack campaign, the attackers behind RobbinHood ransomware deploy legitimate, digitally signed hardware drivers to delete security tools on target machines before they encrypt files. These attacks exploit known vulnerability CVE-2019-19320, report Sophos researchers who…

Court Stops Sprawling Scheme That Operated Hundreds of Websites That Deceived Consumers About Government Services

A court has granted the Federal Trade Commission’s request to preliminarily halt a scheme in which the defendants operated hundreds of websites that promised a quick and easy government service, such as renewing a driver’s license, or eligibility determinations for public benefits. Following an evidentiary hearing, the court held that the FTC was likely to prevail…

FTC Takes Action to Stop Anti-Aging “Cure-All” Marketers From Making Baseless Health Claims

The sellers of a pill called ReJuvenation settled Federal Trade Commission charges that they deceptively claimed that their product is a virtual cure-all for age-related ailments—including cell damage, heart attack damage, brain damage, blindness, and deafness—and even aging itself. The orders settling the FTC’s complaint prohibit the defendants from making such claims unless they are…

What is Cloud Networking?

When you have many computers in a corporation with sensitive data or captured work that needs to be viewed regularly, digital space can become a problem. Computer hard drives may store large files that can cause servers and digital devices to lag. Even when you create your own blog or you’re working on other digital…

SharePoint Bug Proves Popular Weapon for Nation-State Attacks

Thousands of servers could be exposed to SharePoint vulnerability CVE-2019-0604, recently used in cyberattacks against Middle East government targets. Researchers have detected multiple instances of cyberattackers using SharePoint vulnerability CVE-2019-0604 to target government organizations in the Middle East. These mark the latest cases of adversaries exploiting the flaw, which was recently used to breach the…

Microsoft DART Finds Web Shell Threat on the Rise

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2015-2802PUBLISHED: 2020-02-04 An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TL… CVE-2019-10786PUBLISHED:…

7 Ways SMBs Can Secure Their Websites

Here’s what small and midsize businesses should consider when they decide it’s time to up their website security. 1 of 8 Too often small and midsize business (SMBs) run websites that aren’t secure or even have the basics, such as SSL encryption technology or a Web application firewall. It’s understandable: SMB owners are typically very…

Kubernetes Shows Built-in Weakness

A Shmoocon presentation points out several weaknesses built in to Kubernetes configurations and how a researcher can exploit them. Containers — single processes virtualized in isolated environments — are becoming important parts of the IT infrastructure at many companies, especially those embracing DevOps or continuous deployment methodologies. And Kubernetes, an open source system for automating…