Network Security

January 20, 2021

SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach

Tactics expose the need for organizations to develop cohesive playbooks for breaches affecting hybrid environments.

The post SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach appeared first on SC Media.

January 19, 2021

7 vulnerabilities in popular DNS forwarding software open door to range of attacks

Researchers at JSOF have discovered distinct spoofing and buffer overflow vulnerabilities associated with DNSMasq, used in networking devices to cache and forward Domain Name System requests.

The post 7 vulnerabilities in popular DNS forwarding software open door to range of attacks appeared first on SC Media.

January 18, 2021

Free cyber career training coursework emerges as a perk in tough times

New complimentary offerings are helping current, aspiring and unemployed infosec professionals gain an upper hand in a down economy, while aiding an industry facing a growing skills gap.

The post Free cyber career training coursework emerges as a perk in tough times appeared first on SC Media.

January 15, 2021

NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks

NSA advises security pros to use designated enterprise DNS resolvers to lock down DoH on corporate networks.

The post NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks appeared first on SC Media.

January 14, 2021

Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers

The software essentially exempted Apple's own programs from being routed through its Network Extension Framework, which the company created for third-party security products to monitor and filter network traffic.

The post Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers appeared first on SC Media.

January 14, 2021

Google: Attacker ‘likely’ had access to Android zero-day vulnerabilities

Google’s Project Zero this week introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.

The post Google: Attacker ‘likely’ had access to Android zero-day vulnerabilities appeared first on SC Media.

January 12, 2021

Complexity and cost chip away at SOCs’ perceived return on investment

51% of 17,200 surveyed IT and security practitioners said that
their SOC’s ROI has gotten worse.

The post Complexity and cost chip away at SOCs’ perceived return on investment appeared first on SC Media.

January 12, 2021

SolarWinds attackers suspected in Microsoft authentication compromise

Mimecast issued a new certificate and is urging affected customers to delete the old one after Microsoft warned of a compromise.

The post SolarWinds attackers suspected in Microsoft authentication compromise appeared first on SC Media.

January 11, 2021

SolarWinds hack is the perfect foreword to new book on history’s biggest breaches

SC Media spoke to author and former CISO Neil Daswani about his upcoming new book "Big Breaches: Cybersecurity Lessons for Everyone."

The post SolarWinds hack is the perfect foreword to new book on history’s biggest breaches appeared first on SC Media.