Docker Hub Suffers a Data Breach, Asks Users to Reset Password

Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company's single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker...

Partner Perspectives: Blending Analytics with Endpoint Detection and Response Better Defends the Modern Worker

Ryan Stolte is the co-founder and CTO for Bay Dynamics. There are clearly many reasons why Endpoint Detection and Response EDR has materialized into such a hotbed of interest, investment and emerging best practices - endpoint security must continually evolve within the context of threats and...

Critical RCE Bug in Cisco WebEx Browser Extensions Faces 'Ongoing Exploitation'

A critical vulnerability in Cisco WebEx browser extensions that could allow unauthenticated remote code-execution RCE on targeted machines is being actively exploited in the wild. The news comes just days after Cisco issued a flurry of 24 different patches for its IOS XE operating system and warn...

Securing Your Direct Internet Access Connections

With the rapid uptake in SaaS applications and the ease of moving enterprise applications from the data center to the cloud, many global companies are transforming the way they connect branch offices. In the past, the conventional approach was to connect all of your locations over an MPLS Wide Ar...

Are hackers gonna hack anymore? Not if we keep reusing passwords

Enterprises have a password problem, and it’s one that is making the work of hackers a lot easier. From credential stuffing to brute force and password spraying attacks, modern hackers don’t have to do much hacking in order to compromise internal corporate networks. Instead, they log in using wea...

Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing

Introduction Malware authors attempt to evade detection by executing their payload without having to write the executable file on the disk. One of the most commonly seen techniques of this "fileless" execution is code injection. Rather than executing the malware directly, attackers inject the...

Call for Papers | Microsoft BlueHat Shanghai 2019

The Microsoft Security Response Center MSRC recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented...

Vanilla Forums 2.x Open Redirection

Exploit Title : VanillaForums 2.x Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 11/03/2019 Vendor Homepage : open.vanillaforums.com Software Information Link : vanillaforums.com/en/software/ open.vanillaforums.com/addon/vanilla-core Software...

Carbon Black + VMware at RSA2019: Working Together to Secure the Digital Workspace

VMware and Carbon Black have a strong history of working together to fundamentally change the model for securing the virtualized data center, a concept that is resounding with attendees here at RSA2019 in San Francisco. A little more than a year ago, we announced a jointly developed, integrated...

Google Launches Backstory — A New Cyber Security Tool for Businesses

Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory , a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential...

On the Security of Password Managers

There's new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? Al...

Payroll Provider Gives Extortionists a Payday

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company's customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the...

Why Our Customers Love the PSC

As the cybersecurity world advances, organizations are starting to embrace cloud-based security platforms. More and more Carbon Black customers are moving to the CB Predictive Security Cloud PSC, an extensible cloud platform that consolidates security and provides you everything needed to secure...

SpeakUp Linux Backdoor Sets Up for Major Attack

LAS VEGAS — A backdoor trojan dubbed “SpeakUp” has been spotted exploiting the Linux servers that run more than 90 percent of the top 1 million domains in the U.S. It uses a complex bag of tricks to infect hosts and to propagate, which analysts say could indicate that it’s poised for a major...

CVE-2018-5560 Guardzilla All-In-One Video Security System Hard-Coded Credential

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device...

CVE-2018-5560

The CVE-2018-5560 issue affects Practecol’s Guardzilla All‑In‑One Video Security System. A static, hard‑coded credential in the device’s cloud‑based storage (embedded S3 credentials) allows an attacker to view the private data of all users. The vulnerability stems from hard‑coded AWS S3 access ke...

#OTTuesday: Who Wins in a Format War - A Chat with Encoding.com

If you asked anyone 10 years ago who the winner would be in the over online video formats, you would have heard some strong opinions -- and some incorrect predictions. Video standards and formats will continue to change as long as users demand new ways to view content. AkamaiTV's Nelson Rodriguez...

Dirt-Cheap, Legit, Windows Software: Pick Two

Buying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition. But purchasing steeply discounted licenses for cloud-based subscription products like recent versions of Microsoft Office can be an extremely risky transaction,...

Zero Trust Security Protects Businesses while Enabling Growth

Many companies have their own applications, internal domains, and local area network LAN. But when it comes to business applications, organizations are increasingly dependent on cloud-based resources. These may include email servers, customer relationship management CRM software, or other...

SNDBOX: AI-Powered Online Automated Malware Analysis Platform

Looking for an automated malware analysis software? Something like a 1-click solution that doesn't require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and...