Author Archives: Zeljka Zorz

Diffy: A triage tool for cloud-centric incident response

The Netflix Security Intelligence and Response Team (SIRT) has released Diffy, an open source triage tool that allows digital forensics and incident response teams to quickly pinpoint compromised hosts during a security incident on cloud architectures. The name of the tool comes from its function: it identifies differences between instances that might point to a compromise (an unexpected listening port, a running process with an unusual name, a strange crontab entry, a surprising kernel module, … More

The post Diffy: A triage tool for cloud-centric incident response appeared first on Help Net Security.

Cisco plugs serious flaws in Policy Suite, SD-WAN, and Nexus switches

Cisco has issued another batch of fixes, plugging a number of critical and high severity holes in its Policy Suite, SD-WAN, and Nexus products. Cisco Policy Suite Users of the Cisco Policy Suite should upgrade to Release 18.2.0 as soon as possible, as it implements fixes for four critical vulnerabilities: A vulnerability (CVE-2018-0376) in the Policy Builder interface of the Suite that could be exploited by an unauthenticated, remote attacker to access the Policy Builder … More

The post Cisco plugs serious flaws in Policy Suite, SD-WAN, and Nexus switches appeared first on Help Net Security.

BEC scams and real estate deals: How to protect yourself?

Despite constant warnings by law enforcement and industry organizations, BEC scammers continue to fleece companies. They target small, medium, and large business and personal transactions, but have, in the last few years, shown a notable predilection for targeting companies in the real estate sector. What are BEC scams? Business E-mail Compromise (BEC)/E-mail Account Compromise (EAC) is a type of scam targeting both businesses and individuals performing wire transfer payments, and often starts with the attackers … More

The post BEC scams and real estate deals: How to protect yourself? appeared first on Help Net Security.

Microsoft offers bug bounties for holes in its identity services

Microsoft is asking security researchers to look for and report technical vulnerabilities affecting its identity services and OpenID standards implementations, and is offering bug bounties that can reach as high as $100,000. “Microsoft has invested heavily in the security and privacy of both our consumer (Microsoft Account) and enterprise (Azure Active Directory) identity solutions. We have strongly invested in the creation, implementation, and improvement of identity-related specifications that foster strong authentication, secure sign-on, sessions, API … More

The post Microsoft offers bug bounties for holes in its identity services appeared first on Help Net Security.

Microsoft tops list of brands impersonated by phishers

The number one brand spoofed by phishers in Q2 2018 in North America was Microsoft, says email security company Vade Security. The company credits the surging of adoption of Microsoft Office 365 for this unfortunate statistic. “It’s clear that Office 365 has become the number one target for corporate phishing attacks,” the company explained. “The reason is that it’s highly profitable to compromise an Office 365 account. Hackers see email-based attacks as an easy entry … More

The post Microsoft tops list of brands impersonated by phishers appeared first on Help Net Security.

Do you have what it takes to become a Chief Scientist in the infosec industry?

Igor Baikalov, Chief Scientist at security analytics firm Securonix, is a trained scientist: he spent over 16 year working on various aspects of Structural Biology, developing new methods for determining the structure of basic building blocks of life: proteins, DNA, and their interactions. “A lot of this work had to do with processing and interpreting massive amounts of data and writing tons of code to do that – something I realized I was pretty good … More

The post Do you have what it takes to become a Chief Scientist in the infosec industry? appeared first on Help Net Security.

GitHub adds Python support for security alerts

GitHub has announced that its recently introduced feature for alerting developers about known vulnerabilities in software packages that their projects depend on will now also work for Python packages. About Security Alerts The security alerts service depends on the Dependency Graph, which is turned on by default for every public repository and can be set up for private repositories. “GitHub tracks public vulnerabilities in Ruby gems, NPM and Python packages on MITRE’s Common Vulnerabilities and … More

The post GitHub adds Python support for security alerts appeared first on Help Net Security.

Rain Capital: Venture fund seeks to back cybersecurity companies led by women and minorities

A new venture fund that will focus on providing capital, strategy, critical resources and unique insights to early-stage cybersecurity companies in Silicon Valley has been officially launched last month. Headed by security technologist Dr. Chenxi Wang and with Amena Zhang, a VC with a strong track record of funding successful startups in Asia, as operating partner, Rain Capital has one other goal in mind: to boost funding to companies led by women and minorities. “Two … More

The post Rain Capital: Venture fund seeks to back cybersecurity companies led by women and minorities appeared first on Help Net Security.

Chrome users get Site Isolation by default to ward off Spectre attacks

Site Isolation, the optional security feature added to Chrome 63 late last year to serve as protection against Spectre information disclosure attacks, has been enabled by default for all desktop Chrome users who upgraded to Chrome 67. How Site Isolation mitigates risk of Spectre attacks “In January, Google Project Zero disclosed a set of speculative execution side-channel attacks that became publicly known as Spectre and Meltdown. An additional variant of Spectre was disclosed in May. … More

The post Chrome users get Site Isolation by default to ward off Spectre attacks appeared first on Help Net Security.

Gargoyle: Innovative solution for preventing insider attacks

A group of researchers from UNSW Sydney, Macquarie University, and Purdue University has released a paper on a new and very promising network-based solution for preventing insider attacks. Dubbed Gargoyle, the solution: Evaluates the trustworthiness of an access request context through a set of Network Context Attributes (NCAs) that are extracted from the network traffic Leverages the capabilities of Software-Defined Network (SDN) for both policy enforcement and implementation Takes advantage of the network controller for … More

The post Gargoyle: Innovative solution for preventing insider attacks appeared first on Help Net Security.