Security Technology

By, Trisha Paine, Head of Cloud Marketing Programs Speed and cloud complexity makes security for modern application development increasingly challenging. Many organizations are now developer-centered, incentivizing developers to move fast. The time difference between when a piece of code is written and when it runs is shortening. In fact, nearly 60% of companies report deploying… The post With Developers Moving Fast, DevSec Needs Automation to Keep Up with Application Security appeared first on Check Point Software . from Check Point Software https://ift.tt/2NH3xm2

A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal websites devoted to facilitating payment card fraud, computer hacking, and other crimes. Aleksei Yurievich Burkov, 30, pleaded guilty in January this year to two of the five charges against him for credit card fraud—one count of access from The Hacker News https://ift.tt/3g5sXGc

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites. "We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes from The Hacker News https://ift.tt/31DC5hx

Hackers desenvolveram um novo método para roubar dados de cartões de crédito mesmo em compras virtuais, em um golpe chamado de "chupa-cabra virtual" por pesquisadores de segurança do Malwarebytes . Chupa-cabra de cartão, como são popularmente conhecidos os "skimmers" no Brasil, são pequenos dispositivos instalados por criminosos em caixas eletrônicos ou maquininhas de pagamento e que são capazes de roubar os dados do cartão que é inserido. O golpe é conhecido e bastante aplicado, mas só funciona em compras físicas. Agora, um novo esquema detectado pelos pesquisadores da Malwarebytes lembra bastante o chupa-cabra, mas atua em transações online. Os hackers estariam inserindo códigos maliciosos aos metadados EXIF de arquivos de imagens, que depois seriam executados em lojas virtuais comprometidas. Para chegar a lojas sem que seus responsáveis participem do golpe, os hackers escondiam esses códigos maliciosos em arquivos enviados pelo plugin WooCommerce, do WordPr...

Apple's browser is getting serious about security protections. If you can't or won't switch, don't worry: you don't have to fall behind. from Security Latest https://ift.tt/3ibpyaQ

Because the relevant Supreme Court precedents predate the smartphone era, the courts are divided on how to apply the Fifth Amendment. from Security Latest https://ift.tt/2YDhwQb

Plus: Evil Corp hacking, an anti-encryption bill, and more of the week's top security news. from Security Latest https://ift.tt/2BEZfZL

Você pode nem lembrar disso, mas quando você copia algum texto no seu celular, ele é registrado na área de transferência do seu smartphone. No iOS, essa área pode ser acessada por qualquer app, e alguns deles abusam dessa permissão para coletar informação sobre o usuário. Com o iOS 14 , o TikTok , o app que tem disparado em popularidade, acabou pego em um comportamento considerado suspeito pelos usuários. Com o iOS 14, o sistema revela quando aplicativos acessam a área de transferência, e os desenvolvedores que começaram a testar o sistema perceberam um comportamento preocupante. Como relata um usuário no Twitter, a cada tecla pressionada no app, o TikTok puxa os dados do que foi copiado anteriormente. Hey @tiktok_us , why do you paste from my clipboard every time I type a LETTER in your comment box? Shout out to iOS 14 for shining a light on this HUGE invasion of privacy. inb4 they say it was a "bug" pic.twitter.com/MHv10PmzZS — Maxel 🐺 (@MaxelAmador) June 25, 2020 ...

  On Thursday, June 25, Trend Micro hosted our Perspectives 2-hour virtual event . As the session progressed, we asked our attendees, composed of +5000 global registrants, two key questions. This blog analyzes those answers.   First, what is your current strategy for securing the cloud? Rely completely on native cloud platform security capabilities (AWS, Azure, Google…) 33% Add on single-purpose security capabilities (workload protection, container security…) 13% Add on security platform with multiple security capabilities for reduced complexity 54%   This result affirms IDC analyst Frank Dickson’s observation that most cloud customers will benefit from a suite offering a range of security capabilities covering multiple cloud environments. For the 15% to 20% of organizations that rely on one cloud provider, purchasing a security solution from that vendor may provide sufficient coverage. The quest for point products (which may be best-of-breed, as well) introduce...

Development and application teams can be the initial entry point of a cloud migration as they start looking at faster ways to accelerate value delivery. One of the main things they might use during this is “Infrastructure as Code,” where they are creating cloud resources for running their applications using lines of code. In the below video, as part of a NADOG (North American DevOps Group) event, I describe some additional techniques on how your development staff can incorporate the Well Architected Framework and other compliance scanning against their Infrastructure as Code prior to it being launched into your cloud environment. If this content has sparked additional questions, please feel free to reach out to me on my LinkedIn . Always happy to share my knowledge of working with large customers on their cloud and transformation journeys! The post Principles of a Cloud Migration appeared first on . from Trend Micro Simply Security https://ift.tt/2ZbjoPl

Original release date: June 26, 2020 The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-10072 and upgrade to the appropriate version. This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://ift.tt/3dD5uuu

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about two recently detected variants of existing Linux botnet malware types targeting exposed Docker servers. Also, read about a group of vulnerabilities dubbed Ripple20 that have the potential to critically impact millions of IoT devices across many different industries. Read on: The Fear of Vendor Lock-in Leads to Cloud Failures Vendor lock-in, the fear that by investing too much with one vendor an organization reduces their options in the future, has been an often-quoted risk since the mid-1990s. Organizations continue to walk a fine line with their technology vendors. Ideally, you select a set of technologies that not only meet your current needs but that align with your future vision as well. How Do I Select a Mobile Security Solution for My Business? The percentage of companies admitting to suffering a mobile-rela...

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets. According to court documents, from The Hacker News https://ift.tt/2Yz1czS

By Winston Lalgee and Eddie Doyle Not long after the Internet was established, attackers discovered a new way to compromise IT assets. This new exploit was accomplished by finding bugs in enterprise software or in protocols used for communication, such as HTTP, SMTP, FTP, among others. These bugs or vulnerabilities were leveraged to launch sophisticated… The post Check Point IPS and Firewall Core Security – A Layered Security Approach appeared first on Check Point Software . from Check Point Software https://ift.tt/2VmopmP

After releasing over a million hacked law enforcement files, DDoSecrets got banned from Twitter. But it has no plans to slow down. from Security Latest https://ift.tt/2VkZdNs

Recentemente, a Apple  revelou ao mundo o iOS 14 . No entanto, a apresentação focou no novo visual do sistema operacional, mas deixou de lado algumas funcionalidades interessantes. Duas delas são bastante importantes e podem ajudar a melhorar a privacidade dos utilizadores. Em algumas situações, os desenvolvedores de aplicativo podem ir longe demais e coletar mais informações do que o necessário. Para resolver isso, a Apple  trouxe duas funcionalidades: resumo de privacidade e possibilidade de limitar a maneira como as fotos são compartilhadas. A partir de agora, todos os aplicativos instalados pela App Store possuem uma espécie de resumo que mostra informações sobre o desenvolvedor, incluindo dados de como o app pode rastrear o usuário e o que pode ser coletado. Tudo escrito em linguagem simples, para que seja de fácil entendimento. O segundo recurso de privacidade diz respeito ao compartilhamento de fotos dos usuários. Alguns aplicativos solicitam acesso à biblioteca de...

Cada vez mais, a Microsoft  investe em funcionalidades para que o Microsoft Edge se torne competitivo no cenário dos navegadores disponíveis. Desta vez, uma nova opção de segurança foi disponibilizada – e pode ser bem útil. Para ajudar os usuários na proteção de seus dados, o Microsoft  implementou no Edge  um novo sistema para monitorar as senhas salvas no navegador. A função compara as credenciais utilizadas com um grande banco de dados de violações conhecidas. Caso alguma correspondência seja encontrada, o utilizador é avisado imediatamente. Com isso, o Edge se junta ao Google Chrome e Firefox  ao oferecer um sistema que ajuda na proteção das senhas dos usuários que utilizam o navegador. O recurso, conhecido como "Password Monitor", pode ser ativado nas versões Edge Dev e Canary  do software – ambos em fase de testes. Se você já utilizar uma das versões e quiser testar o novo recurso, basta se certificar de que o software está atualizado e seguir os pas...

Many businesses have misperceptions about cloud environments, providers, and how to secure it all. We want to help you separate fact from fiction when it comes to your cloud environment. This list debunks 8 myths to help you confidently take the next steps in the cloud. The post 8 Cloud Myths Debunked appeared first on . from Trend Micro Simply Security https://ift.tt/3g1U6dh

Original release date: June 25, 2020 Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—affecting Cisco IOS XE devices. A remote attacker could exploit this vulnerability to take control of an affected system. The advisory contains workarounds as well as indicators of compromise. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary workarounds. This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://ift.tt/2VjD6Hj

The United States government has filed a superseding indictment against WikiLeaks founder Julian Assange accusing him of collaborating with computer hackers, including those affiliated with the infamous LulzSec and "Anonymous" hacking groups. The new superseding indictment does not contain any additional charges beyond the prior 18-count indictment filed against Assange in May 2019, but it from The Hacker News https://ift.tt/3i2P7uE