As a valued subscriber, we'd like to better understand your needs and challenges. Complete our 15 minute survey for a chance to win a $100 gift card and to allow us to learn how we can better serve you.
Today developers largely outnumber security engineers by 100:1 and there are few people with access to security expertise. Turning to ethical hackers for knowledge to bolster security toolboxes is a growing trend in the community. Detectify CEO Rickard Carlsson discusses how security startups are challenging conventional cybersecurity solutions using the speed of automation and hacker expertise, and how these game changers are involving developers with security. View the full discussion.
Exchange Server updates. SolarWinds victim list "solidified." AFCEA and Shell disclose third-party breaches. MangaDex down.
Microsoft Exchange Server patching has gone “extraordinarily well,” the Record reports, and the one-click tool Redmond has made available has been downloaded more than twenty-five-thousand times since its release last week, Fortune writes.
Patching isn’t sufficient: potentially affected organizations must do some threat hunting and remediation before they can consider themselves in the clear. According to CyberScoop, CISA’s acting Director yesterday cautioned that “Patching is not sufficient. There are literally thousands of compromised servers that are currently patched. And these system owners, they believe they are protected.”
Computing reports that BlackKingdom ransomware operators are among those exploiting Exchange Server ProxyLogon vulnerabilities. Attackers also continue scanning for unpatched servers. F-Secure is seeing a “significant” number of attempted hacks. ZDNet quotes F-Secure as saying “They're being hacked faster than we can count.”
Acting CISA Director Wales also said that the list of SolarWinds victims had “solidified,” FCW reports, and that he doesn’t expect many (if any) new victims to come forward.
AFCEA yesterday emailed its members to notify them that Spargo, a third-party vendor who handles registration for AFCEA events, had sustained a ransomware attack, and that some member personal information may have been compromised. Financial data are believed to be unaffected.
Shell disclosed yesterday that it has discovered personal data the company held was affected by the Accellion breach. The authorities and affected individuals have been contacted.
Sorry otaku: MangaDex, the manga fan site, says it's been hacked in an apparent extortion attempt. MangaDex has taken its site down for remediation.
Today's issue includes events affecting China, the European Union, India, the Democratic Peoples Republic of Korea, Nigeria, Poland, Russia, Slovenia, and the United States.
In a remote work world, managing and securing endpoints has never been more important. Tanium, provider of endpoint management and security built for the world's most demanding IT environments, published a report with PSB Insights on the new security challenges facing organizations as a result of the COVID-19 pandemic. IT Leads the Way: How the Pandemic Empowered IT features intelligence from 500-senior level IT decision makers. Visit tanium.com/EmpowerIT to download the full report.