Author Archives: Joe Uchill

Firms with exposed IoT have a higher concentration of other security problems

Exposed enterprise IoT devices can be an indicator of security issues to come, with firms sporting exposed devices having a 62% higher density of other security problems, new research shows. For example, companies with exposed IoT are more than 50% more likely to have email security issues, according to a new report and blog post…

The post Firms with exposed IoT have a higher concentration of other security problems appeared first on SC Media.

Continue reading

Posted in IoT, Mobile Security, Network Security, Security News | Comments Off on Firms with exposed IoT have a higher concentration of other security problems

‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions

The analyst from FireEye that discovered the SolarWinds attack and the co-founder of Tenable will join the advisory board of Trinity Cyber – contributing expertise to the company that counts former homeland security adviser Tom Bossert among its top executives.

The post ‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions appeared first on SC Media.

Continue reading

Posted in Corporate News, Featured, Network Security, Security News, Software and solutions | Comments Off on ‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions

‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access

Cybersecurity researchers and the U.S. Cyber Command are warning users about a decade-old buffer overflow bug in sudo that can grant root access to malicious users with low level access to systems. The vulnerability, discovered by Qualys and nicknamed “Baron Samedit,” affects all versions of Linux Qualys has tested against. The glitch allows users, even…

The post ‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access appeared first on SC Media.

Continue reading

Posted in Network Security, Security News | Comments Off on ‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access

Speed of White House cyber appointments should make CISOs ‘a bit more confident’

The appointments and presumed future appointments draw heavily from people with public sector experience, a move that some praise and others criticize as a failure to consider private sector expertise.

The post Speed of White House cyber appointments should make CISOs ‘a bit more confident’ appeared first on SC Media.

Continue reading

Posted in Featured, Government, Regulation, Security News | Comments Off on Speed of White House cyber appointments should make CISOs ‘a bit more confident’

Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs

Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to weaponize network observables against sophisticated attackers.

The post Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs appeared first on SC Media.

Continue reading

Posted in APT, APTs/cyberespionage, Featured, Network Security, Security News, SolarWinds hack, Threat intelligence | Comments Off on Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs

70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw

With public administration apps, the number that went a year with an unpatched security flaw dropped to 67 percent, and nine other sectors ranged between 50 and 60 percent, according to research from WhiteHat Security.

The post 70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw appeared first on SC Media.

Continue reading

Posted in Application Security, Manufacturing, Mobile, Security News | Comments Off on 70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw

Last-minute Trump order adds new security regulation to cloud providers

An eleventh-hour executive order will require infrastructure-as-a-service providers to log the identity of foreign clients. The executive order will stand, unless specifically repealed by new President Joe Biden.

The post Last-minute Trump order adds new security regulation to cloud providers appeared first on SC Media.

Continue reading

Posted in Cloud, Cloud Security, Featured, Regulation, Security News | Comments Off on Last-minute Trump order adds new security regulation to cloud providers

With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge

Washington, D.C. is on high alert, extending a special designation for security that always applies to inaugurations to Jan. 21, and calling in the National Guard. But in the wake of the attack on the Capitol, protection of digital assets is paramount.

The post With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge appeared first on SC Media.

Continue reading

Posted in Breach, Data Breach, Featured, Security News, Security strategy, Vulnerability Management | Comments Off on With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge

Intel unveils ransomware-fighting CPUs

The capability is an easy win for CISOs, which can benefit with limited tweaks to machines.

The post Intel unveils ransomware-fighting CPUs appeared first on SC Media.

Continue reading

Posted in Featured, Ransomware, Security News, Software and solutions | Comments Off on Intel unveils ransomware-fighting CPUs