Zimperium said the code was part of an existing campaign previously discovered by K7 Security Labs

Read More

The role of a security practitioner is difficult. From operational workflow changes to accommodating the latest application requirement impacting policies, it’s a relentless wave of actions to ensure that users, environments, and data are protected as effectively as possible. After all, that’s management of the attack surface.

This role becomes even more daunting when selecting a new technology to deploy in your network environment. If every product and technology your organization considered worked equally well, choosing a new technology would be more straightforward. However, some technology decisions are made based on too few data points, too little input, and, worst of all, no definitive proof that this thing you are buying works as promised.

To read this article in full, please click here

Read More

Law enforcement agencies in the United States, UK, Netherlands, Poland, and Germany have brought down the most popular DDoS-for-hire services on the internet, responsible for tens of millions of attacks against websites.

Read more in my article on the Tripwire State of Security blog.

Read More

Drug dealers come unstuck while using the Encrochat encrypted-messaging app, and we put the Lensa AI’s avatar-generation tool under the microscope.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Plus – don’t miss our featured interview with Rico Acosta, IT manager at Bitwarden.

Read More

CIS has partnered with Trailhead to release a new trail that helps enterprises implement the CIS Controls using the CIS Risk Assessment Method (RAM).[…]

Read More

F5 on Thursday announced the launch of F5 Distributed Cloud Services App Infrastructure Protection (AIP), expanding its SaaS-based security portfolio. The new release is a cloud workload protection solution that will provide application observability and protection to cloud-native infrastructures. 

AIP is built using technology acquired with Threat Stack and will be a part of the F5 Distributed Cloud Services portfolio, launched earlier this year. 

AIP will complement F5’s API Security

F5 already has a service called API Security, which helps organizations discover and map APIs, block unwanted connections, and prevent data leakage. AIP goes one step further and provides telemetry collection and intrusion detection for cloud-native workloads. 

To read this article in full, please click here

Read More

Last week, members of the US House of Representatives and Senate reconciled their versions of the annual must-pass National Defense Authorization Act (NDAA). Each year the NDAA contains a wealth of primarily military cybersecurity provisions, delivering hundreds of millions, if not billions, in new cybersecurity funding to the federal government. This year’s bill is no exception.

Titled the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, the legislation clocks in at over 4,408 pages. The entire package is worth $858 billion, an increase of 10.3%, or $80.4 billion, over FY2022 NDAA’s topline with a good chunk of that amount going to cybersecurity efforts.

To read this article in full, please click here

Read More