What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-16 09:48:00 | BrandPost: Visibility Is Key to Preventing Outbound and Cross-bound DDoS Attacks (lien direct) | Network operators worldwide have rushed to upgrade network infrastructure to meet increased demand for bandwidth and throughput driven by remote work and education. In many cases, this has resulted in service providers accelerating timelines for 5G and other high-bandwidth access technologies.The constant evolution of the internet and global network topology has forced adversaries and defenders to adapt. Changes in attack vectors and methodology allow distributed denial-of-service (DDoS) attackers to circumvent defenses and countermeasures. Meanwhile, security practitioners must constantly adapt their defense posture to mitigate this evolving threat.To read this article in full, please click here | ★ | ||
|
2023-02-16 06:15:00 | Evolving cyberattacks, alert fatigue creating DFIR burnout, regulatory risk (lien direct) | The evolution of cybercrime is weighing heavily on digital forensics and incident response (DFIR) teams, leading to significant burnout and potential regulatory risk. That's according to the 2023 State of Enterprise DFIR survey by Magnet Forensics, a developer of digital investigation solutions.The firm surveyed 492 DFIR professionals in North America and Europe, the Middle East, and Africa working in organizations in industries such as technology, manufacturing, government, telecommunications, and healthcare. Respondents described the current cybercrime landscape as one that is evolving beyond ransomware and taking a toll on their ability to investigate threats and incidents, Magnet Forensics said.To read this article in full, please click here | Ransomware Guideline | ★★ | |
|
2023-02-16 03:08:00 | BEC groups are using Google Translate to target high value victims (lien direct) | Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide. The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish, the researchers noted.While attacking targets across various regions and using multiple languages is not new, in the past, these attacks were perpetrated mainly by sophisticated organizations with bigger budgets and more advanced resources, Crane Hassold, director of Threat Intelligence at Abnormal Security, wrote in his research. To read this article in full, please click here | Threat | ★★ | |
|
2023-02-16 02:00:00 | How automation in CSPM can improve cloud security (lien direct) | With the rapid growth and increasing complexity of cloud environments, organizations are increasingly at risk from various security threats. Cloud security posture management (CSPM) is a process that helps organizations continuously monitor, identify, and remediate security risks in the cloud. The use of automation in CSPM is crucial to ensuring the security and compliance of an organization's cloud infrastructure.A key component of CSPM is the automation of its core tasks: continuous monitoring, remediation of issues, compliance management, and alerts and notifications. The integration of robotic process automation (RPA) in CSPM helps to reduce the need to perform repetitive and mundane tasks, making it a powerful tool for organizations to secure and streamline their cloud environment, support the overall security posture, and manage security risks more efficiently.To read this article in full, please click here | Tool | ★★ | |
|
2023-02-15 15:13:00 | Security tool adoption jumps, Okta report shows (lien direct) | A report from identity and access management (IAM) vendor Okta says that zero trust and new types of security tooling are in increasingly widespread use, as businesses tackle a changing security landscape. | Tool | ★★ | |
|
2023-02-15 11:50:00 | BrandPost: The Future of Machine Learning in Cybersecurity (lien direct) | Machine learning (ML) is a commonly used term across nearly every sector of IT today. And while ML has frequently been used to make sense of big data-to improve business performance and processes and help make predictions-it has also proven priceless in other applications, including cybersecurity. This article will share reasons why ML has risen to such importance in cybersecurity, share some of the challenges of this particular application of the technology and describe the future that machine learning enables.Why Machine Learning Has Become Vital for Cybersecurity The need for machine learning has to do with complexity. Many organizations today possess a growing number of Internet of Things (IoT) devices that aren't all known or managed by IT. All data and applications aren't running on-premises, as hybrid and multicloud are the new normal. Users are no longer mostly in the office, as remote work is widely accepted.To read this article in full, please click here | ★ | ||
|
2023-02-15 08:49:00 | China-based cyberespionage actor seen targeting South America (lien direct) | China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft's Security Intelligence team. The initiative is “a notable expansion of the group's data exfiltration operations that traditionally targeted gov't agencies and think tanks in Asia and Europe,” the team tweeted on Monday. DEV-0147's attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance and lateral movement, and the use of Cobalt Strike - a penetration testing tool - for command and control and data exfiltration, Microsoft wrote in its tweet. To read this article in full, please click here | Tool | ★★ | |
|
2023-02-15 07:02:00 | Cybersecurity startup Oligo debuts with new application security tech (lien direct) | Israel-based startup Oligo Security is exiting stealth mode with the public launch of its namesake software, offering a new wrinkle in library-based application security monitoring, observability, and remediation. Utilizing a technology called extended Berkeley Packet Filter (eBPF), it is able to provide agentless code security coverage.Given the prevalence of open source code in modern software - Oligo contends that it accounts for something like 80% or 90% - there is a need for software composition analysis solutions that can check code for potential vulnerabilities. The current generation of solutions, however, is “noisy,” according to Oligo. It tends to produce a lot of false positives, and doesn't contextualize alerts within a given runtime. The latter tendency is unhelpful for setting remediation priorities.To read this article in full, please click here | ★ | ||
|
2023-02-15 06:22:00 | 5 biggest risks of using third-party services providers (lien direct) | As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It's often more efficient and less expensive to contract out work that would otherwise require significant effort and potentially drain in-house resources to those who can do it for you.The use of third-party services can also come with significant-often unforeseen-risks. Third parties can be a gateway for intrusions, harm a company's reputation if a service malfunctions, expose it to financial and regulatory issues, and draw the attention of bad actors from around the world. A poorly managed breakup with a vendor can also be perilous, resulting in the loss of access to systems put in place by the third party, loss of custody of data, or loss of data itself.To read this article in full, please click here | ★★ | ||
|
2023-02-15 05:45:00 | BrandPost: Resolving the Data Protection Challenge Across Cloud and Remote Devices (lien direct) | By David Richardson, Vice President of Product at LookoutAs IT operations migrated to the cloud, it became easier to support remote and hybrid workers. The problem is that it has also complicated the infrastructure IT and security teams are tasked to protect.Organizations far and wide have expanded their use of cloud and SaaS apps, especially over the last couple of years, to empower their users to stay productive and collaborate from anywhere. Many, though, have struggled to ensure their security strategies keep pace in this mode of operation, where users, endpoints, apps, and data now largely reside outside of the traditional enterprise perimeter. To read this article in full, please click here | ★ | ||
|
2023-02-15 05:00:00 | Descope launches authentication and user management SaaS (lien direct) | Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant.The Descope platform aims to make it easier to build passwordless authentication, according to the company. Descope says the new product allows organizations to: Create authentication flows and user-facing screens using a visual workflow designer. Seamlessly add a variety of passwordless authentication methods to apps such as magic links, biometrics and passkeys (based on WebAuthn), authenticator apps, and social logins. Validate, merge, and manage identities across the user journey. Get business apps enterprise-ready with single sign-on (SSO), access control, tenant management, and automated user provisioning. Enhance user protection by easily enabling multi-factor authentication (MFA), step-up, or biometric authentication within applications. Descope's platform offers different integration options: a no-code workflow builder and screen editor, a set of client and backend SDKs, and comprehensive REST APIs.To read this article in full, please click here | ★ | ||
|
2023-02-15 02:00:00 | Defending against attacks on Azure AD: Goodbye firewall, hello identity protection (lien direct) | Not too long ago, guarding access to the network was the focal point of defense for security teams. Powerful firewalls ensured that attackers were blocked on the outside while on the inside things might get “squishy,” allowing users fairly free rein within. Those firewalls were the ultimate defense-no one undesirable got access.Until they did. With the advent of cloud computing, the edge of a network is no longer protected by a firewall. In fact, the network no longer has an edge: in our work-from-anywhere environment in which any data center is now a boundary, we can no longer rely on traditional protection mechanisms. Security has become more about protecting identity rather than the network itself.To read this article in full, please click here | ★★ | ||
|
2023-02-14 14:41:00 | Attacks on industrial infrastructure on the rise, defenses struggle to keep up (lien direct) | The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that's capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% of impacted environments lacked visibility into ICS traffic and half had network segmentation issues and uncontrolled external connections into their OT networks."A number of the threats that Dragos tracks may evolve their disruptive and destructive capabilities in the future because adversaries often do extensive research and development (R&D) and build their programs and campaigns over time," the Dragos researchers said in a newly released annual report. "This R&D informs their future campaigns and ultimately increases their disruptive capabilities."To read this article in full, please click here | Malware Industrial | ★★ | |
|
2023-02-14 09:36:00 | (Déjà vu) BrandPost: Protection Groups within NETSCOUT\'s Omnis Cyber Intelligence secure your most valuable assets. (lien direct) | When using any security tool, it is vitally important for it to help you to find a threat quickly. For most tools, there is a learning curve before you can use the tool effectively, as well as a period during which the tool is tuned for the specific environment in which it is installed. In an ideal world, these processes would take a short period of time to complete, and the tool would then be effective in finding security issues on the installed network. In reality, this is an ongoing process, with the user continually learning how to operate the tool more effectively and tuning it to better detect threats.NETSCOUT's Omnis Cyber Intelligence (OCI) product helps to streamline the tuning process by providing many ways to categorize systems on your network. One of these ways is the idea of a protection group.To read this article in full, please click here | Tool Threat | ★ | |
|
2023-02-14 09:36:00 | BrandPost: A Faster, Better Way to Detect Network Threats (lien direct) | When using any security tool, it is vitally important for it to help you to find a threat quickly. For most tools, there is a learning curve before you can use the tool effectively, as well as a period during which the tool is tuned for the specific environment in which it is installed. In an ideal world, these processes would take a short period of time to complete, and the tool would then be effective in finding security issues on the installed network. In reality, this is an ongoing process, with the user continually learning how to operate the tool more effectively and tuning it to better detect threats.NETSCOUT's Omnis Cyber Intelligence (OCI) product helps to streamline the tuning process by providing many ways to categorize systems on your network. One of these ways is the idea of a protection group.To read this article in full, please click here | Tool Threat | ★ | |
|
2023-02-14 06:00:00 | EnterpriseDB adds Transparent Data Encryption to PostgreSQL (lien direct) | The new Transparent Data Encryption (TDE) feature will be shipped along with the company's enterprise version of its database. | ★★ | ||
|
2023-02-14 05:30:00 | Open Systems launches Ontinue MDR division, new MXDR service Ontinue ION (lien direct) | Managed security services provider Open Systems has announced the launch of Ontinue, a new managed detection and response (MDR) division. It has also unveiled a new managed extended detection and response (MXDR) service, Ontinue ION, along with a new add-on service called Managed Vulnerability Mitigation (MVM).Ontinue ION offers advanced capabilities that enable faster detection and response, a deeper understanding of a customer's environment and the ability to maximize Microsoft security investments for greater efficiency, according to the firm. MVM helps customers reduce risk by highlighting the vulnerabilities that pose the greatest threats via intelligence and understanding of users' environments, Open Systems added.To read this article in full, please click here | Vulnerability | ★★ | |
|
2023-02-14 04:04:00 | Pepsi Bottling Ventures suffers data breach (lien direct) | Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees.The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees. “As a precautionary measure, we are writing to make you aware of an incident that may affect the security of some of your personal information,” the company wrote in its incident report. It said that as of now it is not aware of any kind of identity theft or fraud involving the leaked personal data. To read this article in full, please click here | Data Breach Threat | ★ | |
|
2023-02-14 03:34:00 | Expel announces MDR for Kubernetes with MITRE ATT&CK framework alignment (lien direct) | Security operations provider Expel has announced the general availability of Expel managed detection and response (MDR) for Kubernetes. The firm said the product enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. It has also been designed to align with the MITRE ATT&CK framework to help teams remediate threats and improve resilience, Expel added.Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling, and management of applications, usually in a cloud environment. Over time, it has become the de facto operating system of the cloud, but can also pose significant security risks and challenges for businesses.To read this article in full, please click here | Uber | ★ | |
|
2023-02-14 02:00:00 | Measuring cybersecurity: The what, why, and how (lien direct) | A core pillar of a mature cyber risk program is the ability to measure, analyze, and report cybersecurity threats and performance. That said, measuring cybersecurity is not easy. On one hand business leaders struggle to understand information risk (because they usually are from a non-cyber background), while on the other, security practitioners get caught up in too much technical detail which ends up confusing, misinforming, or misleading stakeholders.In an ideal scenario, security practitioners must measure and report cybersecurity in a way that senior executives understand, find useful, satisfy curiosity, and lead to actionable outcomes.What can be measured in cybersecurity? To read this article in full, please click here | Guideline | ★★ | |
|
2023-02-13 14:23:00 | PLC vulnerabilities can enable deep lateral movement inside OT networks (lien direct) | Threat groups who target operational technology (OT) networks have so far focused their efforts on defeating segmentation layers to reach field controllers such as programmable logic controllers (PLCs) and alter the programs (ladder logic) running on them. However, researchers warn that these controllers should themselves be treated as perimeter devices and flaws in their firmware could enable deep lateral movement through the point-to-point and other non-routable connections they maintain to other low-level devices.To exemplify such a scenario and highlight the risks, researchers from security firm Forescout used two vulnerabilities they discovered in Schneider Modicon PLCs to move deeper into a simulated OT architecture of a movable bridge and bypass all safety mechanisms to cause physical damage.To read this article in full, please click here | ★★★ | ||
|
2023-02-13 02:42:00 | Hackers attack Israel\'s Technion University, demand over $1.7 million in ransom (lien direct) | Israel's Technion University on Sunday suffered a ransomware attack, which has forced the university to proactively block all communication networks. A new group calling itself DarkBit has claimed responsibility for the attack. “The Technion is under cyber attack. The scope and nature of the attack are under investigation,” Technion University, Israel's top public university in Haifa wrote in a Tweet. Established in 1912, the Technion University has become a global pioneer in fields such as biotechnology, stem cell research, space, computer science, nanotechnology, and energy. Four Technion professors have won Nobel Prizes. The university has also contributed for the growth of Israel's high-tech industry and innovation, including the country's technical cluster in Silicon Wadi.To read this article in full, please click here | Ransomware | ★★ | |
|
2023-02-13 02:00:00 | Plan now to avoid a communications failure after a cyberattack (lien direct) | Responses to recent cyber breaches suggest organizations can struggle to get the message right in the midst of an incident. While managing the communications around an incident is outside the direct purview of the CISO, having an existing communications plan in place is an essential element of cyber preparedness.“Communications are a critical component of a good cyber strategy, and it should be prepared and practiced in organizations before an incident occurs,” says Eden Winokur, head of cyber at Hall & Wilcox, which helps companies with cyber incident management among other things.Cyber preparedness should include a communication plan Winokur's advice is to err on the side of transparency, while ensuring accuracy when it comes to responding to a cyber incident. “Cyber is not just an IT risk. It really is an enterprise risk, and a key part of cyber preparedness includes a communication strategy within the organization and with external stakeholders.”To read this article in full, please click here | ★★ | ||
|
2023-02-10 10:45:00 | Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks (lien direct) | It's common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial wireless IoT devices, increase the attack surface of OT networks and can provide remote attackers with a shortcut into previously segmented network segments that contain critical controllers.Industrial cybersecurity firm Otorio released a report this week highlighting the attack vectors these devices are susceptible to along with vulnerabilities the company's researchers found in several such products. "Industrial wireless IoT devices and their cloud-based management platforms are attractive targets to attackers looking for an initial foothold in industrial environments," the Otorio researchers said in their report. "This is due to the minimal requirements for exploitation and potential impact."To read this article in full, please click here | Industrial | ★★★ | |
|
2023-02-10 02:00:00 | Top cybersecurity M&A deals for 2023 (lien direct) | Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the world's biggest tech companies as predictions of recession loomed and war in Ukraine dragged on with no end in sight.Global concern over cybersecurity has never been higher, with attacks coming fast and furious and in ever-growing numbers, and 65% of organizations planned to increase cybersecurity spending in 2023. That means CISOs may be pressured to do more with what they have as budgets shrink even as demand for security increases. And they should be aware of what could change if one of their vendors is acquired in this climate.To read this article in full, please click here | Prediction | ★★ | |
|
2023-02-09 13:24:00 | BrandPost: Security Trends to Watch in 2023 (lien direct) | It's that time of year again when many of your favorite security professionals and vendors roll out their predictions for the coming year. Although not all of us have clairvoyant abilities, seasoned pros can spot a trend early and inform the rest of us before we're caught off guard. Because adversaries continually adapt and change, security practitioners must also adapt their thinking, understanding, and defenses to combat innovation by using tools such as threat intelligence, threat hunting, and proactive suppression. In this spirit, we have identified a few trends to look out for before it's too late. Geopolitical unrest Although distributed denial-of-service (DDoS) attacks have steadily increased over the past 20 years, recent data firmly establishes the reality that network operators need to understand, prepare for, and expect attacks related to politics, religion, and ideology. Nation-state actors often directly target internet infrastructure to take out critical communications, e-commerce, and other vital infrastructure dependent on internet connectivity. This, of course, means targeting internet service provider (ISP) networks to hobble internet connectivity.To read this article in full, please click here | Threat Prediction | ★ | |
|
2023-02-09 08:46:00 | BrandPost: Embrace This Opportunity to Attract New Cybersecurity Talent (lien direct) | Ask nearly any security leader whether they have adequate resources to protect their organization effectively and consistently, and you'll likely hear an emphatic "No.” Given that an estimated 3.4 million people are needed to fill the global cybersecurity workforce gap, it's no surprise that CISOs feel that they need more staff to safeguard their networks, let alone focus on more strategic priorities. And nearly 70% of leaders say this skills gap creates additional cyber risks for their business. To read this article in full, please click here | Guideline | ★ | |
|
2023-02-09 08:04:00 | UK/US cybercrime crackdown sees 7 ransomware criminals sanctioned (lien direct) | A UK/US campaign to tackle international cybercrime has seen Seven Russian cybercriminals linked to notorious ransomware group Trickbot exposed and sanctioned. The sanctions were announced today by the UK's Foreign, Commonwealth and Development Office (FCDO) alongside the US Department of the Treasury's Office of Foreign Assets Control (OFAC). This follows a lengthy investigation by the National Crime Agency (NCA) into the crime group behind Trickbot malware, as well as the Conti and RYUK ransomware strains, among others, a NCA posting read.To read this article in full, please click here | Ransomware | ★ | |
|
2023-02-09 07:58:00 | HTML smuggling campaigns impersonate well-known brands to deliver malware (lien direct) | Trustwave SpiderLabs researchers have cited an increased prevalence of HTML smuggling activity whereby cybercriminal groups abuse the versatility of HTML in combination with social engineering to distribute malware. The firm has detailed four recent HTML smuggling campaigns attempting to lure users into saving and opening malicious payloads, impersonating well-known brands such as Adobe Acrobat, Google Drive, and the US Postal Service to increase the chances of users falling victim.HTML smuggling uses HTML5 attributes that can work offline by storing a binary in an immutable blob of data (or embedded payload) within JavaScript code, which is decoded into a file object when opened via a web browser. It is not a new attack method, but it has grown in popularity since Microsoft started blocking macros in documents from the internet by default, Trustwave SpiderLabs wrote. The four malware strains that have recently been detected using HTML smuggling in their infection chain are Cobalt Strike, Qakbot, IcedID, and Xworm RAT, the firm added.To read this article in full, please click here | Malware | ★★ | |
|
2023-02-09 02:00:00 | How to unleash the power of an effective security engineering team (lien direct) | Security teams are comprised primarily of operations, compliance, and policy-related roles. Security engineering teams, on the other hand, are builders. They build services, automate processes, and streamline deployments to support the core security team and its stakeholders. Security engineering teams are typically made up of software and infrastructure engineers, architects, and product managers.The collective security/security engineering team mindset is also that of a builder, quite different from that of a penetration tester or third-party risk management assessor. This presents a challenge to security leaders. As security engineering teams continue to grow in prominence, CISOs need to be intentional with their structure and development.To read this article in full, please click here | Guideline | ★★ | |
|
2023-02-09 02:00:00 | Yes, CISOs should be concerned about the types of data spy balloons can intercept (lien direct) | The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may write this off as geopolitical shenanigans by China and nothing to fret about, I submit that it is emblematic of a nation-state using all resources available to acquire pieces of information and fill in the blanks on the mosaic they are building about a potential adversarial nation.The physical threat posed by this balloon and the collection platform that dangled below it was negligible unless the balloon fell from the sky and landed in a populated area. It did not. When it met its demise, it was shot down by a US F-22 Raptor and fell into US territorial waters off the coast of South Carolina.To read this article in full, please click here | Threat | ★★ | |
|
2023-02-08 11:13:00 | Threat group targets over 1,000 companies with screenshotting and infostealing malware (lien direct) | Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of infected computers.Tracked as TA866 by researchers from security firm Proofpoint, the group's tooling seems to have similarities to other campaigns reported in the past under different names going as far back as 2019. Even though this latest activity appears to be financially motivated, some of the possibly related attacks seen in the past suggest that espionage was also a motivation at the time.To read this article in full, please click here | Malware Threat | ★★★ | |
|
2023-02-08 07:01:00 | Growing number of endpoint security tools overwhelm users, leaving devices unprotected (lien direct) | Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group.Between the ongoing influence of remote work and IoT, the number and diversity of devices that have to be managed by endpoint security tools is on the rise. As a consequence, the number of available tools to manage them has also risen.An ESG survey of 380 security professionals in North America, commissioned by cybersecurity company Syxsense, showed that companies using larger numbers of different tools to manage their endpoints had larger proportions of unmanaged endpoints, compared to those with fewer. Put simply, the complexity of the current-day device environment is leading to worse security, according to the research.To read this article in full, please click here | Guideline | ★★ | |
|
2023-02-08 06:00:00 | Cohesity Data Cloud 7.0 enhances privileged access authentication, ransomware recovery (lien direct) | Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack surface reduction via AWS GovCloud support, Cohesity added.Cohesity 7.0 focuses on a “data-centric” approach to cyber resilience In a press release, Cohesity explained that the 7.0 software release helps businesses take a more data-centric approach to cyber resilience including data immutability, data isolation (or cyber vaulting), and recovery at scale. “Organizations are facing significant challenges with managing and securing their data estate across cloud and on-premises, with ransomware and data theft as their number one concern,” commented Chris Kent, VP product and solutions marketing, Cohesity. “Cohesity Data Cloud 7.0 adds a new layer of protection and recovery to organizations' most critical data.”To read this article in full, please click here | Ransomware | ★★★ | |
|
2023-02-08 05:08:00 | BrandPost: How Do You Protect Your Data in the Age of Hybrid Work? (lien direct) | By Sundaram Lakshmanan, Chief Technology Officer, Lookout We live in an age where hybrid work and bring-your-own-device (BYOD) programs have become the norm. The result is that you're tasked with protecting your data in an environment that's far more complex than in the past. To read this article in full, please click here | Guideline | ★ | |
|
2023-02-08 03:49:00 | Surge of swatting attacks targets corporate executives and board members (lien direct) | At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would harm first responders, too.Groveland police chief Jeffrey Gillen summoned the police, fire, and emergency mutual aid of the nearby towns of Ipswich, Rowley, Topsfield, and Haverhill. Police evacuated neighboring homes around the house on Marjorie Street but soon found out that the call was a hoax, a "swatting" incident designed to draw significant police presence to a targeted location. So far, no arrests have been made.To read this article in full, please click here | ★★ | ||
|
2023-02-07 02:00:00 | What CISOs need to know about the renewal of FISA Section 702 (lien direct) | In our hyperconnected world, multinational organizations operate within and across multiple nation-states. Those who do business within the United States will want to keep their eye on the status of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which sets out procedures for physical and electronic surveillance and collection of foreign intelligence.Section 702 specifically addresses how the US government can conduct targeted surveillance of foreign persons located outside the US, with the compelled assistance of electronic communication service providers, to acquire foreign intelligence information. Note that the act does not apply to US citizens-only foreign nationals abroad.To read this article in full, please click here | Legislation | ★★★ | |
|
2023-02-07 01:28:00 | MKS Instruments falls victim to ransomware attack (lien direct) | Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission.MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards.An email sent to MKS Instruments seeking more information about the attack remained unanswered, while the company's website continued to be inaccessible at the time of writing, with a error notification that read, “Unfortunately, www.mks.com is experiencing an unscheduled outage. Please check back again at a later time.” To read this article in full, please click here | Ransomware | ★★★ | |
|
2023-02-06 12:53:00 | BrandPost: Building the Path to Cyber Resilience: Exploring the Microsoft Digital Defense Report (lien direct) | By Microsoft SecurityThe annual Microsoft Digital Defense Report aggregates security data from organizations and consumers across the cloud, endpoints, and the intelligent edge to create a high-level overview of our threat landscape. With insights derived from 43 trillion daily security signals, companies can use this report to strengthen their cyber defenses against the most pressing threats.This year, the report is divided into five sections covering trends in cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. Keep reading for an inside look at section five of the report on cyber resiliency.To read this article in full, please click here | Threat | ★ | |
|
2023-02-06 06:43:00 | BrandPost: Tackling Cyber Influence Operations: Exploring the Microsoft Digital Defense Report (lien direct) | By Microsoft SecurityEach year, Microsoft uses intelligence gained from trillions of daily security signals to create the Microsoft Digital Defense Report. Organizations can use this tool to understand their most pressing cyber threats and strengthen their cyber defenses to withstand an evolving digital threat landscape.Comprised of security data from organizations and consumers across the cloud, endpoints, and the intelligent edge, the Microsoft Digital Defense Report covers key insights across cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. Keep reading to explore section four of the report: cyber-influence operations.To read this article in full, please click here | Tool Threat | ★ | |
|
2023-02-06 05:27:00 | Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition (lien direct) | Cyber insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022.The predictions are a part of the company's Cyber Threat Index, which was compiled using data gathered by the company's active risk management and reduction technology, combining data from underwriting and claims, internet scans, its global network of honeypot sensors, and scanning over 5.2 billion IP addresses.To read this article in full, please click here | Threat | ★★ | |
|
2023-02-06 05:00:00 | OPSWAT mobile hardware offers infrastructure security for the air gap (lien direct) | Infrastructure protection vendor OPSWAT has announced the availability of its new MetaDefender Kiosk K2100 hardware, designed to provide a mobile option for users who want the company's media-scanning capabilities to work in the field.OPSWAT's MetaDefender line of kiosks is designed to address a potential security weakness for critical infrastructure defended by air gaps. In order to patch those systems, audit them, or move data among them, removable media like SD cards, USB sticks and sometimes even DVDs are used by field service personnel.The vulnerability of the removable media is, therefore, a potential problem, according to OPSWAT vice president of products Pete Lund, not least in the sense that that media could be used to move sensitive information off of critical infrastructure.To read this article in full, please click here | Vulnerability | ★★ | |
|
2023-02-06 04:39:00 | Microsoft attributes Charlie Hebdo attacks to Iranian nation-state threat group (lien direct) | Microsoft's Digital Threat Analysis Center (DTAC) has attributed a recent influence operation targeting the satirical French magazine Charlie Hebdo to an Iranian nation-state actor. Microsoft dubbed the threat group, which calls itself Holy Souls, NEPTUNIUM. It has also been identified as Emennet Pasargad by the US Department of Justice.In January, the group claimed to have obtained the personal information of more than 200,000 Charlie Hebdo customers after access to a database, which Microsoft believes was in response to a cartoon contest conducted by the magazine. The information included a spreadsheet detailing the full names, telephone numbers, and home and email addresses of accounts that had subscribed to, or purchased merchandise from, the publication.To read this article in full, please click here | Threat | ★★ | |
|
2023-02-06 02:00:00 | Will your incident response team fight or freeze when a cyberattack hits? (lien direct) | If there's an intrusion or a ransomware attack on your company, will your security team come out swinging, ready for a real fight? CISOs may feel their staff is always primed with the technical expertise and training they need, but there's still a chance they might freeze up when the pressure is on, says Bec McKeown, director of human science at cybersecurity training platform Immersive Labs.“You may have a crisis playbook and crisis policies and you may assume those are the first things you'll reach for during an incident. But that's not always the case, because the way your brain works isn't just fight or flight. It's fight, flight, or freeze,” she says. “I've heard people say, 'We knew how to respond to a crisis, but we didn't know what to do when it actually happened.'”To read this article in full, please click here | Ransomware | ★★ | |
|
2023-02-03 13:13:00 | Critical vulnerability patched in Jira Service Management Server and Data Center (lien direct) | A critical vulnerability was fixed this week in Jira Service Management Server, a popular IT services management platform for enterprises, that could allow attackers to impersonate users and gain access to access tokens. If the system is configured to allow public sign-up, external customers can be affected as well.The bug was introduced in Jira Service Management Server and Data Center 5.3.0, so versions 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0 are affected. Atlassian has released fixed versions of the software but has also provided a workaround that involves updating a single JAR file in impacted deployments. Atlassian Cloud instances are not vulnerable.To read this article in full, please click here | Vulnerability | ★★★★ | |
|
2023-02-02 13:21:00 | Remote code execution exploit chain available for VMware vRealize Log Insight (lien direct) | VMware published patches last week for four vulnerabilities in its vRealize Log Insight product that, if combined, could allow attackers to take over the log collection and analytics platform. This week, a proof-of-concept exploit chain has been released by security researchers, along with detailed explanations for each vulnerability, meaning in-the-wild attacks could soon follow.“Gaining access to the Log Insight host provides some interesting possibilities to an attacker, depending on the type of applications that are integrated with it,” researchers with penetration testing firm Horizon3.ai said in their analysis of the flaws. “Often logs ingested may contain sensitive data from other services and may allow an attack to gather session tokens, API keys, and PII. Those keys and sessions may allow the attacker to pivot to other systems and further compromise the environment.”To read this article in full, please click here | ★★★ | ||
|
2023-02-02 05:07:00 | NTT, Palo Alto partner for managed SASE with AIOps (lien direct) | Using a managed services provider to deliver SASE can streamline deployment and free up enterprise resources. | ★★ | ||
|
2023-02-02 03:50:00 | Foreign states already using ChatGPT maliciously, UK IT leaders believe (lien direct) | Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. That's according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of respondents see ChatGPT as generally being used for “good” purposes, 72% are concerned by its potential to be used for malicious purposes when it comes to cybersecurity. In fact, almost half (48%) predicted that a successful cyberattack will be credited to the technology within the next 12 months. The findings follow recent research which showed how attackers can use ChatGPT to significantly enhance phishing and business email compromise (BEC) scams.To read this article in full, please click here | Guideline | ChatGPT | ★★★ |
|
2023-02-02 01:00:00 | APT groups use ransomware TTPs as cover for intelligence gathering and sabotage (lien direct) | State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea's Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.At the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that traditionally targeted Israeli companies started going after their foreign subsidiaries. At least one North Korean group that was focused on South Korea and Russia has started using English in its operations. All these operational changes suggest organizations and companies from Western countries are at increased risk from APT activity.To read this article in full, please click here | Ransomware Threat Medical | APT 38 | ★★ |
|
2023-02-01 15:21:00 | BrandPost: Nation-State Threats and the Rise of Cyber Mercenaries: Exploring the Microsoft Digital Defense Report (lien direct) | To illuminate the evolving digital threat landscape and help the cyber community understand today's most pressing threats, we released our annual Microsoft Digital Defense Report. This year's report focuses on five key topics: cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. With intelligence from 43 trillion daily security signals, organizations can leverage the findings presented in this report to strengthen their cyber defenses.To read this article in full, please click here | Threat | ★ |
To see everything:
Our RSS (filtrered)
