#cybersecurity | #infosec | Smashing Security podcast: A buttock of biometrics

LastPass Enterprise makes password security effortless for your organization. LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families…

read more

November 2019 Patch Tuesday fixes 13 critical flaws and one zero day – Naked Security

November’s Patch Tuesday arrived this week to plug 73 CVE-level vulnerabilities across Microsoft’s software products, including 13 given the top billing of ‘critical’. Fortunately, only one of this month’s flaws is known to be exploited, CVE-2019-1429, a scripting engine vulnerability in Internet Explorer reported independently by a trio of researchers….

read more

#infosec | Multi-Party Cyber-Incidents Cost 13x More Than Single-Party Incidents

A new study has found that the financial losses caused by cyber-incidents affecting multiple parties are vastly more devastating than those that stem from any single-party incident.  According to the Ripples Across the Risk Surface study, published today by Cyentia Institute, when compared to losses triggered by a single-party incident, the ripple effect…

read more

#infosec | Microsoft Patches IE Zero-Day Bug

Microsoft released fixes for 75 vulnerabilities during this month’s patch update round, including one zero-day flaw in Internet Explorer. The bug in question, CVE-2019-1429, exists in the way the scripting engine handles objects in memory in the browser, corrupting memory so an attacker can execute arbitrary code, according to Microsoft….

read more

#infosec | Orvis Passwords Leaked Twice on Pastebin

Internal passwords belonging to American retailer Orvis were twice leaked online in a double data breach.  Credentials belonging to the luxury fishing equipment purveyor were posted on the website Pastebin.com last month, according to investigative reporter Brian Krebs.  A swathe of plaintext usernames and passwords relating to everything from firewalls and routers to…

read more

#infosec | Aqua Security Acquires CloudSploit – Infosecurity Magazine

CloudSploit has been acquired by Aqua Security for an undisclosed sum. Aqua Security, the leading platform provider for securing container-based, serverless, and cloud native applications, announced the acquisition of security auditing and monitoring tool CloudSploit today.  The American company said the addition of CloudSploit will enable them to expand into cloud…

read more