↩ back to the box


Read on for the latest Help Net Security articles.
------------------------------------------------------------
https://us2.campaign-archive.com/?e=4f68c0accf&u=f76e9593a7d90f4024574218d&id=9b854c3c14


** Help Net Security daily news
------------------------------------------------------------

Security Analyst Salary Survey (https://www.surveymonkey.com/r/skills_and_salary_survey) - Exabeam is conducting an annual survey to understand skills and compensation trends among SOC and security analysts. One participant will be randomly selected to win a DJI Phantom 3 Advanced drone.
------------------------------------------------------------




** Passwordless enterprise authentication on Windows 10 and Azure AD
Posted on Apr 17, 2018 01:16 pm
------------------------------------------------------------
Yubico announced that the new Security Key by Yubico supporting FIDO2 will be supported in Windows 10 devices and Microsoft Azure Active Directory (Azure AD). The feature is currently in limited preview for Microsoft Technology Adoption Program (TAP) customers. This means that organizations will soon have the option to enable employees and customers to sign in to an Azure AD joined device with no password, simply by using the Security Key by Yubico to get … More → (https://www.helpnetsecurity.com/2018/04/17/passwordless-enterprise-authentication-on-windows-10-and-azure-ad/)

The post Passwordless enterprise authentication on Windows 10 and Azure AD (https://www.helpnetsecurity.com/2018/04/17/passwordless-enterprise-authentication-on-windows-10-and-azure-ad/) appeared first on Help Net Security (https://www.helpnetsecurity.com) .
Read in browser » (https://www.helpnetsecurity.com/2018/04/17/passwordless-enterprise-authentication-on-windows-10-and-azure-ad/)
http://twitter.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F04%2F17%2Fpasswordless-enterprise-authentication-on-windows-10-and-azure-ad%2F&text=Passwordless+enterprise+authentication+on+Windows+10+and+Azure+AD&count=none https://us2.campaign-archive.com/?fblike=fblike-4b7e1c8e&e=[UNIQID]&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Df76e9593a7d90f4024574218d%26id%3D9b854c3c14%26url%3Dhttps%253A%252F%252Fwww.helpnetsecurity.com%252F2018%252F04%252F17%252Fpasswordless-enterprise-authentication-on-windows-10-and-azure-ad%252F%26title%3DPasswordless%2520enterprise%2520authentication%2520o...&u=f76e9593a7d90f4024574218d&id=9b854c3c14




** Devs know application security is important, but have no time for it
Posted on Apr 17, 2018 01:10 pm
------------------------------------------------------------
Sonatype polled 2,076 IT professionals to discover practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions, and the results of the survey showed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014. This follows on from Sonatype’s findings earlier in the year, which showed that 1 in 8 open source components downloaded by developers in the UK contained a known security vulnerability. Yet despite … More → (https://www.helpnetsecurity.com/2018/04/17/devsecops-investment/)

The post Devs know application security is important, but have no time for it (https://www.helpnetsecurity.com/2018/04/17/devsecops-investment/) appeared first on Help Net Security (https://www.helpnetsecurity.com) .
Read in browser » (https://www.helpnetsecurity.com/2018/04/17/devsecops-investment/)
http://twitter.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F04%2F17%2Fdevsecops-investment%2F&text=Devs+know+application+security+is+important%2C+but+have+no+time+for+it&count=none https://us2.campaign-archive.com/?fblike=fblike-d4c39c98&e=[UNIQID]&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Df76e9593a7d90f4024574218d%26id%3D9b854c3c14%26url%3Dhttps%253A%252F%252Fwww.helpnetsecurity.com%252F2018%252F04%252F17%252Fdevsecops-investment%252F%26title%3DDevs%2520know%2520application%2520security%2520is%2520import...&u=f76e9593a7d90f4024574218d&id=9b854c3c14




** Enterprise-grade security for midmarket organizations
Posted on Apr 17, 2018 12:59 pm
------------------------------------------------------------
To simplify how customers protect their organizations, FireEye is launching three core subscription solutions plus one comprehensive suite at RSA Conference 2018. FireEye Endpoint Security is designed to provide comprehensive defense on the endpoint, combining endpoint protection to stop common malware and endpoint detection and remediation to find, block and remove advanced targeted attacks. FireEye Network Security is designed to protect against all types of threats, from commodity breaches to the most advanced, targeted attacks, … More → (https://www.helpnetsecurity.com/2018/04/17/security-midmarket-organizations/)

The post Enterprise-grade security for midmarket organizations (https://www.helpnetsecurity.com/2018/04/17/security-midmarket-organizations/) appeared first on Help Net Security (https://www.helpnetsecurity.com) .
Read in browser » (https://www.helpnetsecurity.com/2018/04/17/security-midmarket-organizations/)
http://twitter.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F04%2F17%2Fsecurity-midmarket-organizations%2F&text=Enterprise-grade+security+for+midmarket+organizations&count=none https://us2.campaign-archive.com/?fblike=fblike-e558e36a&e=[UNIQID]&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Df76e9593a7d90f4024574218d%26id%3D9b854c3c14%26url%3Dhttps%253A%252F%252Fwww.helpnetsecurity.com%252F2018%252F04%252F17%252Fsecurity-midmarket-organizations%252F%26title%3DEnterprise-grade%2520security%2520for%2520midmarket%2520...&u=f76e9593a7d90f4024574218d&id=9b854c3c14




** Qualys brings web application security to DevOps
Posted on Apr 16, 2018 10:02 pm
------------------------------------------------------------
Qualys announced new functionality in its web application security offerings that helps teams automate and operationalize global DevSecOps throughout the Software Development Lifecycle (SDLC), drastically reducing the cost of remediating application security flaws prior to production. Qualys Web Application Scanning (WAS) 6.0 now supports Swagger version 2.0, a new native plugin for Jenkins for automated vulnerability scanning of web applications, and the new Qualys Browser Recorder. New functionality Qualys WAS 6.0 and new capabilities include: … More → (https://www.helpnetsecurity.com/2018/04/16/web-application-security-devops/)

The post Qualys brings web application security to DevOps (https://www.helpnetsecurity.com/2018/04/16/web-application-security-devops/) appeared first on Help Net Security (https://www.helpnetsecurity.com) .
Read in browser » (https://www.helpnetsecurity.com/2018/04/16/web-application-security-devops/)
http://twitter.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F04%2F16%2Fweb-application-security-devops%2F&text=Qualys+brings+web+application+security+to+DevOps&count=none https://us2.campaign-archive.com/?fblike=fblike-b6ec9457&e=[UNIQID]&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Df76e9593a7d90f4024574218d%26id%3D9b854c3c14%26url%3Dhttps%253A%252F%252Fwww.helpnetsecurity.com%252F2018%252F04%252F16%252Fweb-application-security-devops%252F%26title%3DQualys%2520brings%2520web%2520application%2520security%2520t...&u=f76e9593a7d90f4024574218d&id=9b854c3c14




** Rambus launches fully programmable secure processing core
Posted on Apr 16, 2018 09:57 pm
------------------------------------------------------------
At RSA Conference 2018, Rambus announced the availability of the CryptoManager Root of Trust (CMRT), a fully programmable hardware security core built with a custom RISC-V CPU. The secure processing core creates a siloed architecture that isolates and secures the execution of sensitive code, processes and algorithms from the primary processor. This mitigates the risk of critical vulnerabilities like the recent Meltdown and Spectre security flaws and allows designers to optimize the primary processor for … More → (https://www.helpnetsecurity.com/2018/04/16/rambus-launches-fully-programmable-secure-processing-core/)

The post Rambus launches fully programmable secure processing core (https://www.helpnetsecurity.com/2018/04/16/rambus-launches-fully-programmable-secure-processing-core/) appeared first on Help Net Security (https://www.helpnetsecurity.com) .
Read in browser » (https://www.helpnetsecurity.com/2018/04/16/rambus-launches-fully-programmable-secure-processing-core/)
http://twitter.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F04%2F16%2Frambus-launches-fully-programmable-secure-processing-core%2F&text=Rambus+launches+fully+programmable+secure+processing+core&count=none https://us2.campaign-archive.com/?fblike=fblike-09e1b0c5&e=[UNIQID]&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Df76e9593a7d90f4024574218d%26id%3D9b854c3c14%26url%3Dhttps%253A%252F%252Fwww.helpnetsecurity.com%252F2018%252F04%252F16%252Frambus-launches-fully-programmable-secure-processing-core%252F%26title%3DRambus%2520launches%2520fully%2520programmable%2520secur...&u=f76e9593a7d90f4024574218d&id=9b854c3c14




** Third-party and insider threats one of the biggest concerns to IT pros
Posted on Apr 16, 2018 09:06 pm
------------------------------------------------------------
External threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organization’s own network, Bomgar’s 2018 Privileged Access Threat Report reveals. In fact, 50% of organizations claimed to have suffered a serious information security breach or expect to do so in the next six months, due to third-party and insider threats – up from 42% in 2017. Additionally, 66% … More → (https://www.helpnetsecurity.com/2018/04/16/privileged-access-threat/)

The post Third-party and insider threats one of the biggest concerns to IT pros (https://www.helpnetsecurity.com/2018/04/16/privileged-access-threat/) appeared first on Help Net Security (https://www.helpnetsecurity.com) .
Read in browser » (https://www.helpnetsecurity.com/2018/04/16/privileged-access-threat/)
http://twitter.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F04%2F16%2Fprivileged-access-threat%2F&text=Third-party+and+insider+threats+one+of+the+biggest+concerns+to+IT+pros&count=none https://us2.campaign-archive.com/?fblike=fblike-0dc6d28b&e=[UNIQID]&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Df76e9593a7d90f4024574218d%26id%3D9b854c3c14%26url%3Dhttps%253A%252F%252Fwww.helpnetsecurity.com%252F2018%252F04%252F16%252Fprivileged-access-threat%252F%26title%3DThird-party%2520and%2520insider%2520threats%2520one%2520of%2520t...&u=f76e9593a7d90f4024574218d&id=9b854c3c14




** Free Qualys services give orgs visibility of their digital certs and cloud assets
Posted on Apr 16, 2018 08:20 pm
------------------------------------------------------------
Qualys announced two new free groundbreaking services: CertView and CloudView. Harnessing the power and scalability of the Qualys Cloud Platform, Qualys CertView and CloudView enable organizations of all sizes to gain such visibility by helping them create a continuous inventory and assessment of their digital certificates, cloud workloads and infrastructure that is integrated into a single-pane view of security and compliance. Qualys CertView CertView helps customers inventory and assess certificates and underlying SSL/TLS configurations and … More → (https://www.helpnetsecurity.com/2018/04/16/digital-certs-cloud-assets-visibility/)

The post Free Qualys services give orgs visibility of their digital certs and cloud assets (https://www.helpnetsecurity.com/2018/04/16/digital-certs-cloud-assets-visibility/) appeared first on Help Net Security (https://www.helpnetsecurity.com) .
Read in browser » (https://www.helpnetsecurity.com/2018/04/16/digital-certs-cloud-assets-visibility/)
http://twitter.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F04%2F16%2Fdigital-certs-cloud-assets-visibility%2F&text=Free+Qualys+services+give+orgs+visibility+of+their+digital+certs+and+cloud+assets&count=none https://us2.campaign-archive.com/?fblike=fblike-8e4ad4b1&e=[UNIQID]&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Df76e9593a7d90f4024574218d%26id%3D9b854c3c14%26url%3Dhttps%253A%252F%252Fwww.helpnetsecurity.com%252F2018%252F04%252F16%252Fdigital-certs-cloud-assets-visibility%252F%26title%3DFree%2520Qualys%2520services%2520give%2520orgs%2520visibilit...&u=f76e9593a7d90f4024574218d&id=9b854c3c14




** Moxa plugs serious vulnerabilities in industrial secure router
Posted on Apr 16, 2018 08:00 pm
------------------------------------------------------------
A slew of serious vulnerabilities in the Moxa EDR-810 series of industrial secure routers could be exploited to inject OS commands, intercept weakly encrypted or extract clear text passwords, expose sensitive information, trigger a crash, and more. Moxa EDR-810 series flaws The existence of the flaws has been revealed when the Cisco Talos team published a post detailing them on Friday. The good news is that they’ve all been fixed, and Moxa is urging users … More → (https://www.helpnetsecurity.com/2018/04/16/moxa-industrial-secure-router-vulnerability/)

The post Moxa plugs serious vulnerabilities in industrial secure router (https://www.helpnetsecurity.com/2018/04/16/moxa-industrial-secure-router-vulnerability/) appeared first on Help Net Security (https://www.helpnetsecurity.com) .
Read in browser » (https://www.helpnetsecurity.com/2018/04/16/moxa-industrial-secure-router-vulnerability/)
http://twitter.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F04%2F16%2Fmoxa-industrial-secure-router-vulnerability%2F&text=Moxa+plugs+serious+vulnerabilities+in+industrial+secure+router&count=none https://us2.campaign-archive.com/?fblike=fblike-eae9afdc&e=[UNIQID]&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Df76e9593a7d90f4024574218d%26id%3D9b854c3c14%26url%3Dhttps%253A%252F%252Fwww.helpnetsecurity.com%252F2018%252F04%252F16%252Fmoxa-industrial-secure-router-vulnerability%252F%26title%3DMoxa%2520plugs%2520serious%2520vulnerabilities%2520in%2520in...&u=f76e9593a7d90f4024574218d&id=9b854c3c14




** Your Android phone says it’s fully patched, but is it really?
Posted on Apr 16, 2018 06:14 pm
------------------------------------------------------------
How do fully-maintained (i.e., patched) Android phones end up getting exploited? Searching for an answer to that question spurred security researchers to analyze thousands of Android firmwares for the presence of hundreds of patches. Their research led to an unwelcome discovery: most Android vendors regularly forget to include some patches in the security updates provided to users. The research Security Research Labs researchers Jakob Lell and Karsten Nohl explained how they went about making the … More → (https://www.helpnetsecurity.com/2018/04/16/android-patching-issues/)

The post Your Android phone says it’s fully patched, but is it really? (https://www.helpnetsecurity.com/2018/04/16/android-patching-issues/) appeared first on Help Net Security (https://www.helpnetsecurity.com) .
Read in browser » (https://www.helpnetsecurity.com/2018/04/16/android-patching-issues/)
http://twitter.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F04%2F16%2Fandroid-patching-issues%2F&text=Your+Android+phone+says+it%E2%80%99s+fully+patched%2C+but+is+it+really%3F&count=none https://us2.campaign-archive.com/?fblike=fblike-5d0022a8&e=[UNIQID]&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Df76e9593a7d90f4024574218d%26id%3D9b854c3c14%26url%3Dhttps%253A%252F%252Fwww.helpnetsecurity.com%252F2018%252F04%252F16%252Fandroid-patching-issues%252F%26title%3DYour%2520Android%2520phone%2520says%2520it%25E2%2580%2599s%2520fully%2520pat...&u=f76e9593a7d90f4024574218d&id=9b854c3c14




** Security researchers sinkholed EITest infection chain
Posted on Apr 16, 2018 04:12 pm
------------------------------------------------------------
Security researchers have managed to neutralize “EITest,” one of the oldest infection chains and thus preventing as many as two million potential malicious redirects a day. About EITest EITest relied on compromised websites – mostly WordPress-based, but also using other CMSes – to direct users to exploit kit landing pages and social engineering schemes, which then delivered a wide variety of malware. It has been in use, on and off, since at least 2011. “Shortly … More → (https://www.helpnetsecurity.com/2018/04/16/infection-chain-sinkholed/)

The post Security researchers sinkholed EITest infection chain (https://www.helpnetsecurity.com/2018/04/16/infection-chain-sinkholed/) appeared first on Help Net Security (https://www.helpnetsecurity.com) .
Read in browser » (https://www.helpnetsecurity.com/2018/04/16/infection-chain-sinkholed/)
http://twitter.com/share?url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2018%2F04%2F16%2Finfection-chain-sinkholed%2F&text=Security+researchers+sinkholed+EITest+infection+chain&count=none https://us2.campaign-archive.com/?fblike=fblike-15bfb2ca&e=[UNIQID]&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Df76e9593a7d90f4024574218d%26id%3D9b854c3c14%26url%3Dhttps%253A%252F%252Fwww.helpnetsecurity.com%252F2018%252F04%252F16%252Finfection-chain-sinkholed%252F%26title%3DSecurity%2520researchers%2520sinkholed%2520EITest%2520in...&u=f76e9593a7d90f4024574218d&id=9b854c3c14




** More to read:
------------------------------------------------------------

. (http://link.helpnetsecurity.com/hns/daily/)
Follow on Twitter (http://twitter.com/helpnetsecurity)
Forward to a Friend (http://us2.forward-to-friend.com/forward?u=f76e9593a7d90f4024574218d&id=9b854c3c14&e=4f68c0accf)

============================================================
** follow on Twitter (Twitter Account not yet Authorized)
| ** forward to a friend (http://us2.forward-to-friend.com/forward?u=f76e9593a7d90f4024574218d&id=9b854c3c14&e=4f68c0accf)

Copyright © 2018 Help Net Security, All rights reserved.
You are receiving Help Net Security daily security news because you opted in at our web site located on www.net-security.org.

Our mailing address is:
Help Net Security
Jurjenici 43
Kastav 51215
Croatia

** unsubscribe from this list (https://net-security.us2.list-manage.com/unsubscribe?u=f76e9593a7d90f4024574218d&id=520ac2f639&e=4f68c0accf&c=9b854c3c14)
| ** update subscription preferences (https://net-security.us2.list-manage.com/profile?u=f76e9593a7d90f4024574218d&id=520ac2f639&e=4f68c0accf)
| ** view email in browser (https://us2.campaign-archive.com/?e=4f68c0accf&u=f76e9593a7d90f4024574218d&id=9b854c3c14)