ZINC weaponizing open-source software

In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.
The post ZINC weaponizing open-source software appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Vulnerability in TikTok Android app could lead to one-click account hijacking

Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users’ accounts with a single click.
The post Vulnerability in TikTok Android app could lead to one-click account hijacking appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Palo Alto Networks bulks-up its SASE portfolio

Palo Alto Networks is reinforcing the security and operational features of its Prisma secure-access service edge (SASE) package.New features include the ability to adjust security settings for multiple software-as-a-service-based apps, new security capabilities, and AIOPs support. In addition the company is expanding its family of Ion SD-WAN security devices to provide additional configuration options.

[ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here READ MORE HERE…

Read more

Uncovering a ChromeOS remote memory corruption vulnerability

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
The post Uncovering a ChromeOS remote memory corruption vulnerability appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

IBM bolsters quantum cryptography for z16 mainframe

While the need for it may be years away, IBM has added additional mainframe protection against future quantum-based security attacks.When Big Blue rolled out the newest iteration of its mainframe – the z16—in April, one of its core design pillars was a promise to protect organizations from anticipated quantum-based security threats. Specifically, the z16 supports the Crypto Express8S adapter to deliver quantum-safe APIs that will let enterprises start developing quantum-safe cryptography along with classical cryptography and to modernize existing applications and build new applications, IBM stated.To read this article in full, please click here READ MORE HERE…

Read more

5 mistakes to avoid when implementing zero-trust

Interest in zero-trust security has heightened significantly over the past two years among organizations looking for better ways to control access to enterprise data in cloud and on-premises environments for remote workers, contractors and third parties.Several factors are driving the trend, including increasingly sophisticated threats, accelerated cloud adoption and a broad shift to remote and hybrid work environments because of the pandemic. Many organizations have discovered that traditional security models where everything inside the perimeter is implicitly trusted, does not work in environments where perimeters don’t exist and enterprise data and the people accessing it are increasingly distributed and decentralized.To read this article in full, please click here READ MORE HERE…

Read more

Cisco puts app-performance tools in the cloud

Cisco is taking aim at better controlling the performance and development of core applications with a new AppDynamics cloud service and open-source development tools.AppDynamics Cloud is a cloud-native service designed to let enterprises observe applications and take action to remediate performance problems.  
[ Get regularly scheduled insights by signing up for Network World newsletters. ]
Available by the end of June, the service is built to observe distributed and dynamic cloud-native applications at scale, wrote chief marketing officer of Cisco AppDynamics, Eric Schou in a blog about the new offering.To read this article in full, please click here READ MORE HERE…

Read more

RSA: Cisco launches SASE, offers roadmap for other cloud-based services

Cisco made a variety of security upgrades at the RSA Conference designed to move security operation to the cloud, improve its Secure Access Service Edge offering and offer new simplified security end point control.The biggest piece of the Cisco roll out was a new overarching security platform called the Cisco Security Cloud will include unified management and policies, and offer open APIs to help grow a multivendor security ecosystem. Cisco defines the  Security Cloud as a “multi-year strategic vision for the future of security.” It is an ongoing journey that began several years ago and Cisco will continue delivering upon the key tenets of this vision with a consistent roadmap. The cloud will be made up of existing products like Umbrella and offerings from Duo, other features will be developed in the future.To read this article in full, please click here READ MORE HERE…

Read more