433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (727) 493-2351

Sometimes, things do get better for federal employees

At whatever level, most federal employees work under the same few pay, benefits and job governance plans. Although they’ve all been in place for decades, those foundational conditions aren’t static. Sometimes they change for the better.
http://news.poseidon-us.com/SmQYbj

4 strategies to help reduce the risk of DNS tunneling

Domain name system (DNS) tunneling is a pervasive threat that enables hackers to get any data in and out of a company’s internal network while bypassing most firewalls. The domain name system translates numeric internet protocol addresses that browsers can then use to load web pages — threat actors use tunneling to exploit this process and steal data by hiding it inside DNS traffic. Most DNS attacks focus on spoofing or misdirection, where an attacker either feeds false information to DNS servers or convinces other systems to query a hostile DNS server instead of a legitimate one. But DNS tunneling essentially smuggles hostile traffic through DNS ports, which makes these attacks difficult to detect and mitigate. To read this article in full, please click here
http://news.poseidon-us.com/SmQ9gC

DDoS alert traffic reaches record-breaking level of 436 petabits in one day

With over one billion websites worldwide, HTTP/HTTPS application-layer attacks have increased by 487% since 2019, with the most significant surge in the second half of 2022, according to NETSCOUT. The dynamic nature of the DDoS threat landscape Much of the increase comes from the pro-Russian group Killnet and others that explicitly target websites. Attacks of this nature preceded the Ukraine invasion, knocking out critical financial, government, and media sites. “DDoS attacks threaten organizations worldwide and … More → The post DDoS alert traffic reaches record-breaking level of 436 petabits in one day appeared first on Help Net Security.
http://news.poseidon-us.com/SmPmyv

Concentric AI channel partner program enhances partner revenue opportunities

Concentric AI has launched its new channel partner program which is aimed at enabling partners’ growth and success delivering the leading solution in the rapidly expanding AI-powered data risk management market to improve customers’ security posture. With Concentric AI’s partner ecosystem in place, end users are better-positioned to realize the full value of its Semantic Intelligence AI-powered data risk management platform. To support and accelerate partners’ capabilities, Concentric AI is committed to building up their … More → The post Concentric AI channel partner program enhances partner revenue opportunities appeared first on Help Net Security.
http://news.poseidon-us.com/SmPD1H

Cloud Security Alliance opens registration for the CSA Summit at RSAC 2023

The Cloud Security Alliance (CSA) has announced that registration has opened for the CSA Summit 2023: Mission Critical (San Francisco, April 24) held in conjunction with the RSA Conference. Tima Soni, Chief and Head of the Valencia office of the United Nations International Computing Centre’s (UNICC) Cybersecurity division, and New York State’s Chief Cyber Officer Colin Ahern will share their wealth of expertise in two keynote addresses. The event will also feature a special keynote … More → The post Cloud Security Alliance opens registration for the CSA Summit at RSAC 2023 appeared first on Help Net Security.
http://news.poseidon-us.com/SmPD0B

Kodi forum breach: User data, encrypted passwords grabbed

The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a vulnerability. Instead, an unknown attacker used the account of a legitimate but inactive member of the forum admin team to access the MyBB admin console on two occasions: February 16 and 21, 2023. The attacker was able to create backups of databases, which they then … More → The post Kodi forum breach: User data, encrypted passwords grabbed appeared first on Help Net Security.
http://news.poseidon-us.com/SmMTNt

How Microsoft’s Shared Key authorization can be abused and how to fix it

When many of us moved our server and application needs to the cloud, we rejoiced that we no longer had to worry about the drudgery of patching. We didn’t have to monitor servers and their Patch Tuesday deployments; it was all in Microsoft’s hands. But as often occurs with cloud deployments, a solution that means you no longer have to worry about one area can create security issues in others.   Time and again in the handling of any cloud deployment, how we manage identity and authentication needs to be reviewed on a scheduled basis to ensure that the security of cloud assets is being handled according to the latest recommended guidance. In the worst-case scenario, the attackers find out first and don’t inform us to take action. In the best case, researchers find a flaw and work with the vendors to help us all make better security decisions — Orca Security recently pointed out just such a flaw. To read this article in full, please click here
http://news.poseidon-us.com/SmMBcH

Threat hunting programs can save organizations from costly security breaches

Cybersecurity threats to organizations are only increasing, not only in number but in scope, according to Team Cymru. The true cost of cyber breaches Proactive threat hunting helps organizations save money by preventing security breaches and reducing the impact of attacks. For example, a study by IBM found that the average total cost of a breach is $4.35 million. To better understand the perspective of threat hunters who are in the trenches defending their organizations … More → The post Threat hunting programs can save organizations from costly security breaches appeared first on Help Net Security.
http://news.poseidon-us.com/SmLdVL

CISA’s updated zero trust model aims to help agencies walk before they run

The new roadmap gives agencies some easier first steps toward meeting the mandate of a “zero trust” security architecture.
http://news.poseidon-us.com/SmL90K

CISA’s updated zero trust model aims to help agencies walk before they run

The new roadmap gives agencies some easier first steps toward meeting the mandate of a “zero trust” security architecture.
http://news.poseidon-us.com/SmL8Tp