What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-01 13:30:00 | Ragnar Locker continues trend of ransomware targeting energy sector (lien direct) | The recent attack on Greece's largest natural gas transmission operator DESFA by ransomware gang Ragnar Locker is the latest on a growing list of incidents where ransomware groups attacked energy companies. This gang seems to prefer critical infrastructure sectors, having targeted over 50 such organizations in the U.S. over the past two years.According to a new analysis by researchers from Cybereason, Ragnar Locker is a growing threat that uses layers of encryption to hide instructions in its binary and kills various processes associated with remote login and support.To read this article in full, please click here | Ransomware Threat | ||
|
2022-09-01 07:36:00 | BrandPost: Foundational Cloud Security with CIS Benchmarks (lien direct) | Cloud service providers (CSPs) have changed the way organizations of all sizes architect and deploy their IT environments. CSPs now make it possible for organizations to rapidly implement new technologies with greater levels of ease and scalability.As with any new opportunity, leveraging cloud technology also introduces new forms of risk. Industry standards provide organizations guidance to create policies and plans as well as to manage their cloud environments. Organizations that do not use industry standards to harden their environments leave themselves open to cyber attacks and misconfigurations.Cloud environments evolve and change, and CSPs are constantly adding new functional services that come with unique configuration and security tools to manage them. However, organizations cannot be solely dependent on the CSP for security. The Shared Responsibility Model requires that organizations ensure security "in" the cloud by in the very least protecting their data.To read this article in full, please click here | |||
|
2022-09-01 07:31:00 | BrandPost: Free Trials of Hardened VMs in AWS Marketplace (lien direct) | Organizations challenged with a shortage of IT resources or little time to harden their systems know how difficult it can be to stay secure in a world where cyber threats are ever-present. In fact, organizations saw 50% more weekly cyber-attacks in 2021, according to Check Point Software.By computing on Amazon Web Services (AWS), you will benefit from AWS data centers and a network architected to protect your information, identities, applications, and devices. But if your organization is unfamiliar with or new to utilizing cloud services, you may need help understanding what your security responsibilities are. This blog will discuss what those duties are and how you can fulfill them.To read this article in full, please click here | |||
|
2022-09-01 06:15:00 | BrandPost: How to Meet STIG Compliance and Achieve OS Security (lien direct) | Organizations tasked with meeting regulatory framework compliance know (at least some of) the difficulties they will face along their compliance journeys. On top of the resource hours, for instance, it can be costly to ensure compliance.Public sector organizations as well as their contractors and consultants understand the importance of Defense Information Security Agency Security Technical Implementation Guide, or "DISA STIG," compliance. These configuration standards apply to DoD Information Assurance (IA) and IA-enabled devices/systems.The Center for Internet Security (CIS) builds CIS Benchmarks and CIS Hardened Images mapped to these guides to more easily assist with DISA STIG compliance.To read this article in full, please click here | |||
|
2022-09-01 06:15:00 | BrandPost: CIS Hardened Images Built on Google Cloud\'s Shielded VMs (lien direct) | Today, attackers use various types of malware to target organizations' cloud environments. Those threats include rootkits and bootkits. According to Malwarebytes, rootkits are tools through which cyber threat actors (CTAs) can achieve root (i.e. the highest level) permissions on an infected system for conducting reconnaissance, moving laterally to other network devices, and/or stealing sensitive information. Bootkits are similar to rootkits, noted Positive Technologies, the major difference being that bootkits activate before an operating system (OS) and, by extension, its various security mechanisms finish booting up.To read this article in full, please click here | Malware Threat | ★★ | |
|
2022-09-01 06:14:00 | BrandPost: What You Need to Know About Hybrid Cloud Environments (lien direct) | What does your cloud configuration look like? In many organizations, moving workloads to the cloud creates a more elastic technology infrastructure. That's why hybrid cloud environments are a popular solution. A hybrid cloud computing environment requires orchestration between two types of platforms: On-premises, private cloud: Computing services offered to select users over the internet or a private internal network. Public cloud: Services offered by third-party providers, known as cloud service providers (CSPs), to anyone over the public internet. Each environment has unique advantages that help organizations stay flexible and secure. CISOs, directors, solution architects, and other technology experts are taking notice; Infrastructure-as-a-service (IaaS) and Desktop-as-a-service (DaaS) are expected to grow in 2022 by 30.6% and 26.6% respectively, according to Gartner. So, what else do you need to know about this growing trend?To read this article in full, please click here | ★★★★★ | ||
|
2022-09-01 06:14:00 | (Déjà vu) BrandPost: Five Tips to Harden your OS On-Prem or in the Cloud (lien direct) |
Cloud security is just as vital as on-premises security. Hundreds of security recommendations may exist to harden your operating systems (OS). That's why it's important to use industry-recognized guidelines to harden your OS.Guideline for hardening your cloud-based OS
To illustrate the importance of using trusted guidelines for achieving security in the cloud, CIS pulled recommendations from the CIS Benchmark for Microsoft Windows Server 2019. Let's explore these below. CIS
Security configuration 1: Disconnect after hours
Your organization's workforce probably adheres to a specific work schedule. Even though operating cloud-based systems means you can theoretically work from anywhere (and at any time), it's unlikely most employees would need to log on at 2:00 A.M.To read this article in full, please click here |
★★ | ||
|
2022-09-01 06:14:00 | BrandPost: How to Avoid Cloud Misconfigurations (lien direct) | Organizations with cloud workloads need to protect themselves against a variety of risks. While most organizations focus on security against attackers, breaches resulting from simple misconfigurations can be just as commonplace.For instance, the 2022 Verizon Data Breach Investigation Report (DBIR) found that cloud misconfigurations pose an ongoing threat to organizations. Error, especially misconfigured cloud storage, factored in 13% of data breaches analyzed by Verizon this year.To read this article in full, please click here | Data Breach Threat | ||
|
2022-09-01 06:14:00 | BrandPost: Four Reasons to Use Hardened VMs for Your Cloud Migration (lien direct) | Ensuring that your organization's IT environment is not only secure but also patched regularly can be challenging. Migrating to the cloud can help address these challenges in unique ways. For example, CIS Hardened Images – virtual machine (VM) images built to defend against cyber threats – can help. CIS builds these pre-configured VMs to the secure configuration guidelines of the CIS Benchmarks.To read this article in full, please click here | |||
|
2022-09-01 06:13:00 | BrandPost: How Hardened VMs Can Help with Cloud Security (lien direct) | Regardless of whether you're operating in the cloud or on-premises, it's important to harden your system by taking steps to limit potential security weaknesses. Most operating systems and other computer applications are developed with a focus on convenience over security. Implementing secure configurations can help harden your systems by disabling unnecessary ports or services, eliminating unneeded programs, and limiting administrative privileges. By working with cybersecurity experts around the world, the Center for Internet Security (CIS) leads the development of secure configuration settings for over 100 technologies and platforms. These community-driven secure configuration guidelines (called CIS Benchmarks) are available to download for free in PDF format.To read this article in full, please click here | Guideline | ||
|
2022-09-01 06:13:00 | BrandPost: Five Reasons to Work in the Cloud (lien direct) | What are the benefits of cloud computing? Many organizations find that cloud service providers (CSPs) can meet their needs while providing a number of additional benefits. Cloud infrastructure makes sense for both small organizations and large enterprises interested in taking advantage of modern security solutions and flexible computing power.Keep reading for five cloud computing benefits that prove why it's smart for your organization to work in the cloud. 1. Match cloud resources to your evolving needs A major benefit of cloud computing is scalability. Unlike buying additional hardware at on-premises datacenters, public cloud services can rapidly scale up as needed. Conversely, as the need for a certain resource (such as disk space or central processing units) decreases, your organization can easily scale back. This scale up/down model ensures organizations have the resources they need when they need them. CSPs also quickly introduce new cloud services and solutions and bring these to market faster, an added benefit of cloud computing. What used to take months now takes just a few days.To read this article in full, please click here | |||
|
2022-09-01 06:13:00 | (Déjà vu) BrandPost: Getting to Know the CIS Benchmarks (lien direct) | When the Center for Internet Security (CIS) was formed in 2000, the IT and cybersecurity industries identified a clear need to understand how to secure IT systems and data. This need highlighted a lack of hardening recommendations, particularly prescriptive and industry-recognized standards. Subsequently, CIS began working with the IT and cybersecurity industries to create secure configuration guidelines. They are now known collectively as the CIS Benchmarks.What Are the CIS Benchmarks? The CIS Benchmarks are secure configuration recommendations for hardening specific technologies in an organization's environment. They are a key component of an organization's overall security against cyber attacks, and each CIS Benchmark recommendation maps to the CIS Critical Security Controls (CIS Controls). There are more than 100 CIS Benchmarks across 25+ vendor product families available through free PDF download for non-commercial use. CIS Benchmarks coverage includes security guidelines that are applicable to cloud provider platforms and cloud services, containers, databases, desktop software, server software, mobile devices, network devices, and operating systems.To read this article in full, please click here | |||
|
2022-09-01 06:10:00 | California bill would tighten privacy protections for minors (lien direct) | A proposed California law which passed the state senate this week could drastically boost online privacy protection for minors, but major platforms like Google and Meta have called the bill “too broad,” warning that the work involved in complying with the law would be onerous and have unintended consequences.The essence of the bill, called the California Age-Appropriate Design Code Act, is that tech companies that collect data on children would be required to treat that data differently than data on other users, and to enact a range of other safeguards designed to protect children's privacy when using online platforms.To read this article in full, please click here | |||
|
2022-09-01 05:56:00 | Remediant wants to move beyond PAM to secure enterprise networks (lien direct) | Security software provider Remediant wants to move beyond basic privileged access management (PAM) to help CSOs secure enterprise networks.It's adopting a new approach it calls PAM+, aimed at helping enterprises protecting access to their systems and build on Zero Trust initiatives.Tim Keeler, CTO and co-founder of Remediant, set out the need for the new strategy: “Organizations' inability to properly manage identities and privileges across the enterprise has left a large number of attack surfaces unprotected and vulnerable to cyberattacks that result in ransomware. A majority of today's cybercriminals are able to accomplish their mission by leveraging privilege (or admin) account sprawl - a very large and highly exploited attack surface.” To read this article in full, please click here | |||
|
2022-09-01 03:46:00 | Dashlane launches integrated passkey support for password manager with new in-browser passkey solution (lien direct) | Password management vendor Dashlane has announced the introduction of integrated passkey support in its password manager, unveiling an in-browser passkey solution to help tackle the issue of stolen/misused passwords. The launch comes as the “passwordless authentication” era edges closer with tech giants Apple, Google and Microsoft set to bring it to millions of smartphone and laptop users in accordance with recommendations from the Fast IDentity Online (FIDO) Alliance.Passkey support includes secure sharing, access control, multi-device sync capabilities In a blog post, Dashlane wrote that the launch of passkey support in its password manager is the natural evolution of its offerings and is tied to its mission of making security simple for organizations and their people. “Today's biggest security issue stems from stolen logins – over 80% of breaches occur as a result,” it added. Passwordless authentication takes a powerful step towards addressing this problem, it claimed.To read this article in full, please click here | ★★★★★ | ||
|
2022-09-01 02:00:00 | Intro to MongoDB\'s queryable encryption (lien direct) | Queryable encryption was the main attraction at MongoDB World 2022, for understandable reasons. It introduces a unique capability to reduce the attack surface for confidential data in several use cases. In particular, data remains encrypted at insert, storage, and query. Both queries and their responses are encrypted over the wire and randomized for resistance to meta analysis.The outcome of this is that applications can support use cases that require searching against classified data while never exposing it as plaintext in the data store infrastructure. Datastores that hold private information are a main target of hackers for obvious reasons. MongoDB's encrypted fields means that this information is cryptographically secure at all times in the database, but still usable for searching. In fact, the database does not hold the keys for decrypting the data at all. That means that even a complete breach of DB servers will not result in loss of private information. To read this article in full, please click here | |||
|
2022-09-01 02:00:00 | Social media\'s role in spreading U.S. election disinformation in the spotlight (lien direct) | We have discussed election security for many years, perhaps more so within the last ten years with the documented confirmation of interference by nation states (Russia, China and Iran). Until recently, however, domestic election interference that leverages the power of social networks wasn't recognized and, frankly, didn't exist. The power of social media to influence elections has now been thrust into the spotlight again with the whistleblower allegations of Twitter's former CISO.History of social media influence on U.S. elections The 2008 and 2012 election campaigns of President Barack Obama displayed the power of social networks in delivering platform points and energizing the electorate. Pundits and technical analysts at that time (including me) characterized the effort as Obama's campaign smoking their opponents on the social network landscape. This success was achieved through a better understanding of the social network medium the amplification provided through viral messaging.To read this article in full, please click here | |||
|
2022-08-31 13:26:00 | BrandPost: Taking an Agile, Customer-Centered Approach to Data Dashboards (lien direct) | Everyone wants to be a data-driven company today, and for good reason. We know that data - good, relevant data - is critical for making informed business decisions. In fact, nearly six out of 10 (57%) executives say that insights from data have enabled them to accelerate the release of new products. And on a larger scale, McKinsey found that data-driven companies are 23 times more likely to acquire other companies than those that aren't data-driven. To read this article in full, please click here | |||
|
2022-08-31 11:23:00 | BrandPost: Attackers are Launching Successful Application-layer Attacks Using Encryption (lien direct) | As we have said many times before, threat actors are always looking for ways to improve on their attack strategies. This nefarious behavior is clearly seen in the ways attackers are utilizing application-layer DDoS attacks, as detailed in the 2H 2021 Threat Intelligence Report.To read this article in full, please click here | Threat | ||
|
2022-08-31 05:15:00 | Palo Alto adds new SaaS compliance, threat prevention, URL filtering features to Prisma solution (lien direct) | Cybersecurity vendor Palo Alto Networks has announced new updates to its Prisma Secure Access Service Edge (SASE) platform that introduce new Software as a Service (SaaS) security and compliance support for customers, along with enhanced threat prevention and URL filtering capabilities. The firm has also released a new native artificial intelligence for IT operations (AIOps) solution for SASE to help simplify networking and security operations. The launches come as the hybrid working era persists with organizations increasingly implementing and relying on SaaS applications, introducing new and complex security challenges.New Prisma features address SaaS security and compliance challenges, help prevent phishing, ransomware, C2 attacks In a press release, Palo Alto estimated that the average business now uses more than 115 SaaS applications. With vast amounts of sensitive data typically stored in SaaS apps, security misconfigurations pose serious threats to organizations. Its latest features are therefore partly designed to help customers improve their SaaS security and risk management positions, along with enhancing other key elements of modern cyber resilience.To read this article in full, please click here | Threat | ||
|
2022-08-31 02:05:00 | Women in cybersecurity form non-profit organization The Forte Group (lien direct) | A group of over 90 women working in cybersecurity roles have formed The Forte Group, a non-profit organization for the education and advocacy of women in the cybersecurity industry.The voluntary group is headquartered in California but is offering a global membership. The group was formed informally earlier during the pandemic. Members would meet once a month to share their experiences, and also use their collective voice as a means for change. “Over time, we have seen the collective power of this group. Officially forming a non-profit allows us to raise and deploy funds to further our mission. We've heard from companies and organizations who want to contribute to the work we are doing, and we felt like it was a missed opportunity without the structure in place to partner with these folks,” said Zenobia Godschalk, vice chair of the Forte Group.To read this article in full, please click here | |||
|
2022-08-31 02:00:00 | Resolving conflicts between security best practices and compliance mandates (lien direct) | So, you read a great tip on the internet and think it would improve your security posture. Before you bring that tip to management, it's wise to determine if it's allowed by your security compliance requirements or can become an acceptable exception to your compliance templates.Many of you work for firms that have multiple compliance mandates. The larger and more international your corporation, the more alphabet soup of technology compliance regulations need to be followed: the European Union's General Data Protection Regulation (GDPR), the American Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), the guidance by the National Institute of Standards and Technology (NIST), the Federal Information Security Management Act (FISMA), and the Center for Internet Security (CIS) controls to name a few.To read this article in full, please click here | |||
|
2022-08-31 02:00:00 | Stuxnet explained: The first known cyberweapon (lien direct) | What is Stuxnet? Stuxnet is a powerful computer worm designed by U.S. and Israeli intelligence that to disable a key part of the Iranian nuclear program. Targeted at an air-gapped facility, it unexpectedly spread to outside computer systems, raising a number of questions about its design and purpose.Stuxnet exploited multiple previously unknown Windows That description should probably make it clear that Stuxnet was a part of a high-level sabotage operation waged by nation-states against their adversaries.To read this article in full, please click here | |||
|
2022-08-30 21:01:00 | Traceable AI debuts API testing product for its security platform (lien direct) | Traceable AI today announced the general availability of xAST, an API security testing solution, as part of its API Security Platform. The new feature set, after extensive beta testing with some of the company's larger customers, is available for immediate use, and builds on the Traceable's existing visibility and risk analysis features.The idea is to reduce the impact of potential API vulnerabilities early in the software development process, by making it easy to actively test an API that has made it through development but before it goes into production. Traceable uses an “in-app” approach to API testing, which means it's observing the behavior of software while it's actually running, as opposed the “contract” model, which merely analyzes which behaviors an API should exhibit.To read this article in full, please click here | |||
|
2022-08-30 11:39:00 | Nvidia partners with Dell and VMware for faster AI systems (lien direct) | New vSphere paired with Nvidia DPUs will speed up data center performance. | |||
|
2022-08-30 05:00:00 | FTC files lawsuit against Kochava for harvesting and selling geolocation data (lien direct) | The Federal Trade Commission (FTC) flexed its muscle on August 29, 2022, when it filed a lawsuit against Kochava, Inc., for harvesting, aggregating, collating, and then selling the “precise geolocation data” of millions of individuals in violation of the FTC Act.FTC complaint: Data allows tracing individuals to and from sensitive locations The FTC explains that Kochava acquires the location data, which originated from individuals' mobile devices, from an array of data brokers. Kochava then creates customized data feeds and markets these feeds to commercial clients. Their client's rationale for paying up to $25,000 per feed, according to the FTC, is to “know where consumers are and what they are doing.” Kochava is “then selling of geolocation data from hundreds of millions of mobile devices that can be used to trace the movements of individuals to and from sensitive locations.” The FTC identified “reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities” as the type of locations that could be identified as having been visited by individuals.To read this article in full, please click here | |||
|
2022-08-30 03:37:00 | Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger (lien direct) | Researchers have discovered a new multi-stage malware delivery campaign that relies on legitimate application installers distributed through popular software download sites. The malicious payload delivery, which includes a cryptocurrency mining program, is done in stages with long delays that can add up to almost a month."After the initial software installation, the attackers delayed the infection process for weeks and deleted traces from the original installation," researchers from security firm Check Point Software Technologies said in a new report. "This allowed the campaign to successfully operate under the radar for years."To read this article in full, please click here | Malware | ||
|
2022-08-30 02:00:00 | Key takeaways from the Open Cybersecurity Schema Format (lien direct) | One of the most pervasive challenges in the current cybersecurity environment is an overabundance of tooling vendors, all of which produce telemetry or data, often in their own native or nuanced schema or format. As cybersecurity's visibility has risen in organizations, so has the number of cybersecurity vendors and tools that teams need to integrate, implement and govern. Cybersecurity professionals must spend time getting tools to work together as a cohesive portfolio, which detracts from their efforts to identify and address cybersecurity vulnerabilities and threats.The problem isn't going unnoticed. Recently Amazon Web Services (AWS) along with other leaders such as Splunk, CrowdStrike, Palo Alto, Rapid7, and JupiterOne announced the release of the Open Cybersecurity Schema Framework (OCSF) project. The announcement acknowledges the problem of security professionals needing to wrestle with proprietary data formats and outputs rather than their actual roles of risks and threats. This is problematic given the industry is already facing significant workforce challenges, burnout and fatigue. By standardizing on security product schemas and formats, security practitioners can spend more time addressing threats that pose risks to organizations.To read this article in full, please click here | Guideline | ||
|
2022-08-29 06:31:00 | BrandPost: Detecting Suspicious Activity on AWS Using Cloud Logs (lien direct) | AWS offers a large spectrum of services and compute. The “shared responsibility” model in cloud presents a simplified structure of organization responsibilities and cloud provider responsibilities. Generally, identity and access management (IAM), applications, and data form the dividing line, but lines blur depending on the given cloud service the organization is consuming. This is true of all cloud providers, including the AWS Shared Responsibility Model.Deployment mistakes, misconfigurations, use of vulnerable AMI or container images, or other changes made to AWS service configurations create security problems for organizations, exposing it to possible security incidents or breaches. We've seen no shortage of stories about ransomware attacks, privilege escalation, system compromise, data exfiltration, malicious cryptomining, and other negative outcomes.To read this article in full, please click here | Ransomware | ||
|
2022-08-29 05:59:00 | BrandPost: New Data: Charting Security Decision-Makers\' Progress on Zero Trust (lien direct) |
Chris Niggel, Regional CSO, Americas at Okta
The central tenet of the Zero Trust security model is “never trust, always verify” - and while there may be a range of methods to accomplish that mantra, the key is identity and access management (IAM). There's no denying the importance of having a Zero Trust security strategy in place; implementing that strategy is another story.To read this article in full, please click here |
|||
|
2022-08-29 04:19:00 | Facebook agrees to settle class action lawsuit related to Cambridge Analytica data breach (lien direct) | Facebook parent Meta Platforms agreed Friday to settle a class action lawsuit seeking damages for allowing British political consulting firm Cambridge Analytica access to the private data of tens of millions of Facebook users. The settlement will spare CEO Marc Zuckerberg an embarrassing court appearance to defend his company.Lawyers acting for the plaintiffs and for Facebook filed a joint request with the US District Court for the Northern District of California on Friday, asking the judge to put the class action on hold for sixty days while the two parties finalized a written settlement for an as-yet undisclosed amount. The high profile lawsuit has been running for over four years and claims that Facebook shared data of millions of US voters with Cambridge Analytica.To read this article in full, please click here | Data Breach | ||
|
2022-08-29 02:00:00 | Sorting zero-trust hype from reality (lien direct) | It seems as if everyone is playing “buzzword bingo” when it comes to zero trust and its implementation, and it starts with government guidance. The White House's comments in January on the Office of Management and Budget's (OMB's) Federal Zero Trust Strategy for all federal agencies and departments were both pragmatic and aspirational. Their observation, citing the Log4j vulnerability as an example, sums it up nicely: “The zero-trust strategy will enable agencies to more rapidly detect, isolate, and respond to these types of threats.”To read this article in full, please click here | Vulnerability | ||
|
2022-08-29 02:00:00 | How Carrier\'s product security team delivers the \'right support for the right product\' (lien direct) | John Deskurakis had a green field opportunity when he stepped into the role of chief product security officer in April 2020 at Carrier Global Corp.United Technologies, which had spun off Carrier, took the existing product security function with it. That gave Deskurakis the chance to build an entirely new program-one that could meet the unique security needs of each of Carrier's product lines.[ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. | Sign up for CSO newsletters. ] “We didn't want to replicate what United Technologies was doing, because it was focused on aerospace. We wanted to focus more on our specific areas because our products are different, our customers are different, they have different needs than aerospace,” he says. “So we decided to rebuild the capabilities to suit the diverse needs of our Carrier customers, to think about what's the best outcome for the end users.”To read this article in full, please click here | |||
|
2022-08-26 13:34:00 | Password manager LastPass reveals intrusion into development system (lien direct) | LastPass, maker of a popular password management application, revealed Thursday that an unauthorized party gained access to its development environment through a compromised developer account and stole some source code and proprietary technical information. An initial probe of the incident has revealed no evidence that customer data or encrypted password vaults were accessed by the intruder, CEO Karim Toubba stated in a company blog post.Toubba explained that the master passwords of the company's users are protected by a zero-knowledge architecture, which prevents LastPass from knowing or accessing those passwords.To read this article in full, please click here | LastPass | ||
|
2022-08-25 11:15:00 | BrandPost: How Can CISOs Tackle the SOC Talent Shortage? (lien direct) | Security operations centers – the units that manage overall cybersecurity within an organization – have been getting a workout during COVID-19. Many organizations moved their SOC staff to remote work within days of coronavirus being declared a pandemic.This shift to remote work has put a spotlight on three inter-related issues for business and cybersecurity leaders in modernizing SOCs to meet the needs of today's workplace. These include The need for more extensive automation Expanding the use of machine learning and artificial intelligence Adapting practices for hiring, training, and retaining cybersecurity personnel Keeping the SOC properly staffed is a challenge in the best of times because of the ongoing cybersecurity skills gap. With the pandemic affecting corporate profits, CISOs are worried about maintaining staffing levels and ensuring that management continues to make the SOC a top priority.To read this article in full, please click here | Guideline | ||
|
2022-08-25 11:03:00 | BrandPost: Is Your Mobile Network\'s Security Always On? (lien direct) | The focus on security for communications service providers (CSPs) has been changing over the last few years. 5G technology has enabled and mandated new business-critical, mission-critical, and security-critical revenue-generating services. However, the benefits of 5G's higher-speed communications come with corresponding increases in the range of threats to mobile networks.Distributed denial-of-service (DDoS) attacks are nothing new, but they are increasing in complexity, disrupting key systems, and causing major business losses. And recently, the barriers to entry for attackers have been eliminated. DDoS-for-hire services now allow users to test basic DDoS attacks before purchasing.To read this article in full, please click here | |||
|
2022-08-25 09:24:00 | BrandPost: Beyond the Cyber Buzzwords: What Executives Should Know About Zero Trust (lien direct) | Invented in 2010 by Forrester Research, Zero Trust is a cybersecurity model enterprises can leverage to remove risky, implicitly trusted interactions between users, machines and data. The Zero Trust model provides a process for organizations to protect themselves from threats no matter what vector the threat originates from-whether from across the world or from Sandy down the hall. The three main principles to follow to realize the benefits of this model were: Ensure that all resources are accessed securely, regardless of location. Adopt a least-privileged strategy and strictly enforce access control. Inspect and log all traffic. After 11 years, these ideas and principles have matured in the face of growing digital transformation, remote work, and bring-your-own-device proliferation. New principles have developed in light of the U.S. Federal Government mandating Zero Trust, codified in the NIST 800-207 with further details in the NCCoE's Zero Trust Architecture. Those principles are:To read this article in full, please click here | Threat | ||
|
2022-08-25 07:06:00 | Up to 35% more CVEs published so far this year compared to 2021 (lien direct) | A new report from Trustwave SpiderLabs has revealed that the number of CVEs published so far this year could be as much as 35% higher than in the same period in 2021. The findings come from the security firm's 2022 Telemetry Report. While organizations appear to be exhibiting greater awareness of effective patch management compared to last year, if current trends continue, the total number of CVEs published in 2022 will exceed that of 2021. The report also examined several high severity vulnerabilities and the extent to which they remain prevalent.To read this article in full, please click here | |||
|
2022-08-25 06:15:00 | BrandPost: How to Mitigate Data Protection Woes with SSE (lien direct) | The outdated security approaches of yesterday are no longer acceptable for protecting today's data. These traditional security tactics were centered around the data center, but users, apps, data, and even infrastructure (in the form of IaaS), have left the building for good.Consequently, backhauling traffic no longer makes sense in today's dynamic, work-from-anywhere world.The rise of SSE offeringsSSE, or security service edge, is a framework for integrating complementary security technologies to provide consistent, consolidated, and easily manageable data protection that follows users away from the corporate network, applying security policy at every step. A true SSE solution successfully integrates CASB, SWG, ZTNA, DLP, and other future-forward security technologies.To read this article in full, please click here | |||
|
2022-08-25 06:00:00 | DNS data indicates increased malicious domain activity, phishing toolkit reuse (lien direct) | New research from cybersecurity vendor Akamai has revealed that 12.3% of monitored devices communicated with domains associated with malware or ransomware at least once during the second quarter of 2022. This represented a 3% increase compared to Q1 2022, the firm stated, with phishing toolkits playing a key role in malicious domain-related activity. The findings are based on DNS data and Akamai's visibility into carrier and enterprise traffic across different industries and geographies.Increased malware, phishing, C2 domain activity detected in Q2 2022 In a blog post detailing its research, Akamai stated that, in addition to the devices it detected communicating with domains associated with malware/ransomware, a further 6.2% of devices accessed phishing domains with 0.8% accessing command-and-control (C2)-associated domains (both small increases on Q1 2022). “While this number might seem insignificant, the scale here is in the millions of devices,” the firm wrote. “When this is considered, with C2 being the most malignant of threats, this is not only significant, it's cardinal.”To read this article in full, please click here | Ransomware Malware | ||
|
2022-08-25 02:00:00 | Why SBOMs alone aren\'t enough for software supply chain security (lien direct) | It seems like just yesterday that the mad scramble following the SolarWinds compromise elevated supply chain security to the forefront of every entity, regardless of sector. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), formed the Information and communications technology (ICT) Supply Chain Risk Management task force in an effort to unite public and private entities with the goal of developing an actionable strategy to enhance supply chain security.From the CISO perspective, a recent industry report from Coalfire on Software Supply Chain Risk hit the nail on the head: “Managing risk within software supply chains and product development lifecycles has become as important as protecting traditional, physical inventories and equipment supply lines.” Their survey, conducted with CyberRisk Alliance, highlighted how 52% of managers are concerned about software exposed to attack.To read this article in full, please click here | |||
|
2022-08-24 23:23:00 | BrandPost: Beyond the Cyber Buzzwords: What Executives Should Know About SASE (lien direct) | Coined in late 2019 by Neil MacDonald and Joe Skorupa of Gartner®, SASE (secure access service edge) describes a strategy that converges cybersecurity and WAN edge networking to address challenges that organizations are facing now. Specifically, organizations need to manage an ever-growing technology stack across an increasingly dynamic “service edge” that now includes branches, mobile users, SaaS applications, and shifts in data centers between on-premises and the cloud.Individual cybersecurity technologies, like SD-WAN, WAN optimization, NGFW, ZTNA, SWG, CASB, and more, frequently lead to scalability problems if left as separate services. This scaling issue is compounded if these technologies must also be self-managed, upgraded, and maintained.To read this article in full, please click here | Guideline | ||
|
2022-08-24 22:54:00 | BrandPost: Doing More with Less: The Case for SOC Consolidation (lien direct) | The traditional security operations center (SOC) is based on a model that has persisted for decades, yet it's no longer effective. Too much has shifted in organizations and in the threat landscape for the “old ways” to work.Now is the time for a change to enable a modern SOC-taking on SOC consolidation to achieve better outcomes, with faster remediation, reduced risk and an overall stronger security posture.So, what exactly has changed for SOCs? In legacy SOCs, IT security staff are seated shoulder-to-shoulder in close proximity, looking at screens loaded with myriad details, providing views and data from dozens of security tools delivering a never-ending stream of alerts. This traditional SOC model was always about trying to keep up in a race against alerts and resource constraints that could never really be won.To read this article in full, please click here | Threat | ||
|
2022-08-24 12:34:00 | WannaCry explained: A perfect ransomware storm (lien direct) | What is WannaCry? WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.A number of factors made the initial spread of WannaCry particularly noteworthy: it struck a number of important and high-profile systems, including many in Britain's National Health Service; it exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency; and it was tentatively linked by Symantec and other security researchers to the Lazarus Group, a cybercrime organization that may be connected to the North Korean government.To read this article in full, please click here | Ransomware Vulnerability Medical | Wannacry Wannacry APT 38 | |
|
2022-08-24 11:54:00 | How 2023 cybersecurity budget allocations are shaping up (lien direct) | Cybersecurity spending in the coming year may not be recession-proof, but it's likely to be recession-resistant. Still, pressure remains on security leaders to prioritize technologies that generate the most bang for the buck. Forrester released a report Tuesday to help organizations do just that."It's hard to assess what 2023 budgets will look like because most companies are in their budget planning for 2023 now, but I think most companies are taking a cautious approach," says Forrester Vice President and Research Director Merritt Maxim."There might be some growth or flat, with the potential that if there is a more significant downturn next year, then spot cuts may be necessary," Maxim continues. "For now, though, I don't see any immediate slashing of budgets in anticipation of macroeconomic conditions."To read this article in full, please click here | Guideline | ★★★ | |
|
2022-08-24 08:44:00 | Researchers warn of darkverse emerging from the metaverse (lien direct) | The metaverse is seen by many companies as a great business opportunity and for new ways of working. Security provider Trend Micro, however, warns in a recent research report that cybercriminals could misuse the technology for their own purposes.Security researchers predict that a kind of darknet structure could emerge there, similar to today's Internet. The machinations of the cyber gangsters could even take place in protected rooms that can only be reached from a specific physical location and via valid authentication tokens. This would make their underground marketplaces inaccessible to law enforcement agencies. In fact, it could be years before the police can operate effectively in the metaverse.To read this article in full, please click here | |||
|
2022-08-24 05:30:00 | Russia-linked cyberattacks on Ukraine: A timeline (lien direct) | Today is Ukraine Independence day. It's also the six-month anniversary of the official launch of Russia's invasion into Ukraine, with no clear end to the aggression in sight. Despite the widespread fears of cyber war at the outset of the invasion, no highly damaging incidents such as crippling attacks on Ukraine's power grid have yet occurred.As our updated timeline shows, however, the invasion did begin on February 24 with a disturbing assault on Ukraine's communications capabilities via an attack on satellite provider Viasat, attributed to Russia's GRU intelligence arm. Since then, a spate of digital disruptions by Russia, and digital defenses by Ukraine and its allies, point to a steady drumbeat of mostly low-level but steady and robust cyber assaults.To read this article in full, please click here | |||
|
2022-08-24 05:00:00 | Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication (lien direct) | and hackers have developed ways to bypass multi-factor authentication (MFA) on cloud productivity services like Microsoft 365 (formerly Office 365).A BEC attack recently analyzed by cloud incident response company Mitiga used an adversary-in-the-middle (AitM) phishing attack to bypass Microsoft Office 365 MFA and gain access to a business executive's account and then managed to add a second authenticator device to the account for persistent access. According to the researchers, the campaign they analyzed is widespread and targets large transactions of up to several million dollars each.To read this article in full, please click here | |||
|
2022-08-24 03:49:00 | New ransomware HavanaCrypt poses as Google software update (lien direct) | A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application and reusing an open-source password management library for encryption. Dubbed HavanaCrypt by researchers from Cybereason, the new ransomware program features anti-analysis, data exfiltration and privilege escalation mechanisms, but doesn't seem to be dropping a traditional ransom note.HavanaCrypt deployment The researchers don't have a lot of information about the initial access vector because the sample they analyzed was obtained from VirusTotal, a web-based file scanning service, where it was likely uploaded by a victim. What is clear is that the metadata of the malicious executable has been modified to list the publisher as Google and the application name as Google Software Update and upon execution it creates a registry autorun entry called GoogleUpdate. Based on this information, one could assume that the lure used to distribute the ransomware, either via email or the web, is centered around a fake software update.To read this article in full, please click here | Ransomware | ||
|
2022-08-24 03:00:00 | Why business email compromise still tops ransomware for total losses (lien direct) | While businesses are busy trying to protect themselves against ransomware attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques-business email compromise (BEC).Enterprise security has skewed toward ransomware in recent years, but FBI data highlights that enterprises in aggregate are losing 51 times more money through BEC attacks. In 2021, BEC attacks in the US caused total losses of $2.4 billion, a 39% increase from 2020. In contrast, at the same time, companies in the US lost only $49.2 million to ransomware.To read this article in full, please click here | Ransomware Threat |
To see everything:
Our RSS (filtrered)
