What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-24 02:00:00 | Why patching quality, vendor info on vulnerabilities are declining (lien direct) | Those who apply security patches are finding that it's becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren't fixed right or variant bugs that could have been patched the first time.Childs also pointed out that vendors are not providing good information about the Common Vulnerability Scoring System (CVSS) risk to easily analyze whether to patch. The vendor might give a high CVSS risk score to a bug that wouldn't be easily exploited. I am having to dig more into details of a bug to better understand the risk of not applying an update immediately. Vendors are adding obscurity to bug information and making it harder to understand the risk.To read this article in full, please click here | Vulnerability Patching | ||
|
2022-08-23 14:51:00 | BrandPost: 5 Signs the World Isn\'t Paying Enough Attention to 5G Security (lien direct) | With each successive generation, advances in mobile technology have trained us to expect ever-faster mobile speeds and the ability of the signal to transport ever-greater loads of data.Increased data transfer rates enabled 3G to handle larger capacities, and that generation was the first to have serious broadband capabilities. As 4G LTE rolled out, mobile signals could now support interactive multimedia, voice, and video with greater speed and efficiency.Therefore, it's not surprising that 5G is characterized mostly by its ability to download very large data files in the blink of an eye and to carry broader sets of data, such as HD video streaming, virtual reality applications, and massive IoT implementations.To read this article in full, please click here | |||
|
2022-08-23 13:26:00 | BrandPost: Securing Critical Applications Running in the Cloud (lien direct) | Digital acceleration depends on making critical applications and services available to every user and device, whether on-premises, at home, or somewhere in-between. And increasingly powerful endpoint devices and more pervasive and agile cloud environments have created a development feedback loop to support the demand for faster, richer, and more collaborative user experiences. As a result, according to the 2022 Cloud Security Report, 40% of enterprises now run more than half of their workloads in the cloud. And that percentage is expected to increase to nearly 60% by 2024.To read this article in full, please click here | |||
|
2022-08-23 11:44:00 | True crime shows might be the biggest educational tool for cybercrime awareness (lien direct) | A survey of U.S. and UK residents conducted by Censuswide and commissioned by identity verification vendor Onfido released today said that popular culture – specifically, true-crime shows and movies – are having an outsized effect on the public's understanding of cybercrime.Two out of three survey respondents said that shows like Inventing Anna and documentaries like The Tinder Swindler have changed the way they view fraud in the modern day. Almost 60% of respondents also said that they're cautious about trusting other people online due to cultural depictions of fraud.Onfido CEO Mike Tuchen said in a press release that such programs have had a major impact on the public's view of fraud and cybercrime. “True crime and fraud-related entertainment stories have become widespread and popular. This is having a very real impact on how society views and perceives the prevalence and severity of fraud as a crime,” he said. “As a result, consumers are growing increasingly wary of online interactions, amid concerns over fraudster tactics and the security of their identities.”To read this article in full, please click here | Tool | ||
|
2022-08-23 09:47:00 | BrandPost: Decryption Is Key for Enhanced Security and Monitoring (lien direct) | In Part 1 of my series on Transport Layer Security (TLS) decryption, I went over a few basics of encryption, discussed TLS 1.2, and concluded by outlining the improvements TLS 1.3 provided. In this second installment, I dive into TLS decryption in versions TLS 1.2 and 1.3.TLS DecryptionTo decrypt TLS sessions, there are a few requirements. One of the options is to be either on the client or on the server. The client and server must be able to decrypt the session at some point to use the information. For some scenarios, this may be all that is needed, but this, unfortunately will not scale well.To read this article in full, please click here | |||
|
2022-08-22 09:57:00 | Oracle sued over \'worldwide surveillance machine\' by privacy rights activists (lien direct) | A class action lawsuit filed last week in the Northern District of California accused Oracle of running a “worldwide surveillance machine” and violating the fundamental privacy rights of hundreds of millions of people. The suit alleges that Oracle has violated California's state constitution by compiling and selling off personal data and makes a common law tort claim for intrusion upon seclusion, along with five further causes of action ranging from state data protection laws to the federal wiretap act.Lawsuit claims Oracle created profiles without consent The plaintiffs in the suit are two privacy rights activists in the U.S. and one in Ireland, all of whom assert that they have data to show that Oracle has created profiles of them without their consent. The amount of relief sought isn't specified, but the suit – in addition to asking for certification as a class action – demands a halt to Oracle's data collection activities, as well as restitution of profits made from data collected without consent.To read this article in full, please click here | |||
|
2022-08-22 06:06:00 | Lloyd\'s of London to exclude state-backed attacks from cyber insurance policies (lien direct) | Insurance marketplace Lloyd's of London is set to introduce cyber insurance exclusions to coverage for “catastrophic” state-backed attacks from 2023. In a market bulletin published on August 16, 2022, Lloyd's stated that whilst it “remains strongly supportive of the writing of cyberattack cover” it recognizes that “cyber-related business continues to be an evolving risk.” Therefore, the company will require all its insurer groups to apply a suitable clause excluding liability for losses arising from any state-backed cyberattack in accordance with several requirements. The move is reflective of a maturing and quickly evolving cyber insurance market.Nation-state attacks pose systemic risk to insurers In its bulletin, Lloyd's of London wrote that it consistently emphasizes that underwriters need to be clear in their wordings as to the cover they are providing, with clarity surrounding cyberattacks involving state-backed actors of particular importance. “When writing cyberattack risks, underwriters need to take account of the possibility that state-backed attacks may occur outside of a war involving physical force. The damage that these attacks can cause and their ability to spread creates a similar systemic risk to insurers.”To read this article in full, please click here | |||
|
2022-08-22 03:00:00 | Identity management difficulties continue to plague IT departments (lien direct) | A survey released Monday by Gartner and identity management vendor Radiant Logic indicates that most companies are suffering from complicated credential and identity issues, but few are taking steps to address it.The issue, according to Radiant Logic, is what it calls “identity sprawl”-businesses require identification and credentialling for an increasingly large number of systems these days, meaning that a given user might have one login for the HR system, another for one set of shared assets on the company network, another still for an official Microsoft account, and so on.To read this article in full, please click here | |||
|
2022-08-22 02:00:00 | 7 critical steps for successful security onboarding (lien direct) | Jerich Beason, CISO, Commercial Bank at Capital One, equates the Great Resignation with the great onboarding.“If you are a cyber leader, you are likely onboarding new talent this year. My experience is that the first week onboard sets the tone for that person's tenure,” he writes in an online post. “Don't take this opportunity lightly. You only have one chance to make a first impression.”[ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. | Sign up for CSO newsletters. ] He says critical tasks to handle during onboarding include providing an overview of the security vision, mission, and core values as well as walking new employees through the security strategy and roadmap.To read this article in full, please click here | Guideline | ||
|
2022-08-22 02:00:00 | 6 best practices for blue team success (lien direct) | Cybersecurity team conversations these days can feel like a rainbow, with mentions of red, blue and even purple teams. While each team has its unique perspective and tasking, the blue team is trusted with arguably the most critical mission of all: protecting organizations from cybersecurity threats and vulnerabilities.To do this, the blue team must be aware of the organization's business/mission needs, relevant threats, digital footprint, and the associated vulnerabilities. From there, the team can bolster the security posture of the organizations by implementing security controls and mitigations to address the most pressing threats and vulnerabilities.To read this article in full, please click here | |||
|
2022-08-19 02:00:00 | Five things security pros want from CNAPP (lien direct) | According to new research from ESG and the Information Systems Security Association (ISSA), 58% of organizations are consolidating or considering consolidating the number of security vendors they do business with.Security technology consolidation is bigger than simply winnowing down vendor count. Organizations are shifting from traditional best-of-breed security technologies to tightly integrated security technology platforms. The research illustrates this point: While 24% of respondents say their organization tends to continue to purchase best-of-breed security technologies, 38% say they purchase integrated security technology platforms, while 15% are transitioning purchases from best-of-breed products to security technology platforms (note: the remainder responded “don't know”).To read this article in full, please click here | |||
|
2022-08-18 12:29:00 | BrandPost: Staging a Cyberattack Can be as Easy as Using DDoS-for-hire Services (lien direct) | If you partake in fairly current movies, television shows, games, and books, it's likely you've seen (and maybe even believed?) the stereotypes often associated with threat actors. They're often portrayed as antisocial/awkward geniuses (think “Mr. Robot” and “The Girl with the Dragon Tattoo”), super-sleuth law enforcement types (think “Untraceable”), and even groups formed to take down/assist government organizations (think “Homeland” and “24”).And although those entertainment options sometimes provide interesting, enjoyable or ridiculous narratives, the reality is that cyberattacks can be launched with much less effort via underground DDoS-for-hire services.To read this article in full, please click here | Threat | ||
|
2022-08-18 09:01:00 | Google Cloud blocks largest HTTPS DDoS attack ever (lien direct) | Google Cloud has claimed to have blocked the largest Layer 7 (HTTPS) DDoS attack to date after a Cloud Armor customer was targeted by a series of attacks that peaked at 46 million requests per second (rps). Google stated the attack, which occurred on June 1, was at least 76% larger than the previously reported HTTPS DDoS record and showed characteristics that link it to the Mēris attack family.The tech giant said Cloud Armor Adaptive Protection was able to detect and analyze the traffic early in the customer's attack lifecycle, blocking the attack while ensuring the customer's service stayed online. The attack comes amid increasing DDoS activity targeting organizations as attackers employ ever more infrastructure and diversity in campaigns.To read this article in full, please click here | |||
|
2022-08-18 04:44:00 | BrandPost: Zscaler Security Service Edge: Why it Just Works (lien direct) | Today's forward-looking organizations are enabling better productivity and agility by adopting a globally-delivered cloud platform that provides unified threat prevention, data protection, and zero trust remote access.Legacy network security offerings cannot support the requirements of a cloud-first world. Data is now distributed outside the data center in cloud applications, and users are off the corporate network accessing content that is also off-network. Gartner has developed a new framework that defines the security services needed to support this new reality: Security Service Edge (SSE).Zscaler SSE key capabilities A cloud-first architecture: The Zscaler SSE architecture helps accelerate cloud adoption by removing IT friction through consolidating and simplifying security services. Without the need for appliance management, Zscaler offers a unified platform for risk reduction that helps secure all users on- or off-network and reduces IT cost and complexity.To read this article in full, please click here | Threat | ||
|
2022-08-18 04:07:00 | NIST CSF 2.0 Workshop emphasizes global appeal, metrics and assessment (lien direct) | The U.S. National Institute of Standards and Technology (NIST) hosted its first workshop yesterday on the Cybersecurity Framework (CSF) 2.0, an update to the CSF 1.1 released in 2018, which was itself an update to the original CSF released in 2014. Many cybersecurity professionals, and some NIST experts, consider the framework to be the "Rosetta stone" for managing all organizations' cybersecurity risks.Heading into the workshop, NIST issued a request for information, asking commenters to answer questions about bringing the CSF up-to-speed on some emerging developments that were only partially covered in the first two versions or not referenced at all. Comments submitted to NIST reflected a wide range of considerations, encouraging NIST to make several improvements including a greater emphasis on measurements and metrics related to the CSF, beefing up supply chain security sections, and offering more implementation guidance on how to adopt the framework. Overall, commenters praised the effort as valid and valuable.To read this article in full, please click here | |||
|
2022-08-18 02:00:00 | How ABM built a cohesive security program around zero trust (lien direct) | When Stephanie Franklin-Thomas joined facility management provider ABM Industries in early 2021 as the company's first CISO, she says she found a security approach that had a lot of the right components.That was a plus.But Franklin-Thomas says those components weren't fully assembled, and that was a negative-one that created a less-than-optimal security posture for the company.[ Learn what it takes to build a zero trust network. | Sign up for CSO newsletters. ] “I do believe everyone wants to do a good job, but there wasn't a program. There were pieces of a program, they just weren't tied together; it wasn't holistic,” she says.To read this article in full, please click here | |||
|
2022-08-17 12:10:00 | New Deep Instinct partner program targets MSSPs fighting ransomware (lien direct) | Cybersecurity firm Deep Instinct has rolled out a new partner program to provide its endpoint and application protection software to managed security service providers (MSSPs), the company announced Wednesday.The Stratosphere program was initially announced in April, and designed as a simplified channel program that focuses on expected partner margins, instead of set discounts on the product. Volume-based recognition and “medallion tiers” for sales are out. Instead, the company is offering “loyalty points” for achieving a range of different sales-related goals-like creating leads, getting customers certified, or completing business plans.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-08-17 12:09:00 | Universal database of device vulnerability information launched (lien direct) | A universal database of agentless devices currently being used on enterprise networks has been announced by DeviceTotal. The new repository allows the company's customers to identify the accurate security posture for each device in their organization, according to the maker of a security platform for connected devices."It's difficult to get information on agentless devices because every vendor publishes their data the way they want to do it," explains DeviceTotal founder and CEO Carmit Yadin. "There's no standardization. There's no one place you can go today and identify the risk of a device on your network or that you want to purchase. That's why we created this repository."To read this article in full, please click here | Vulnerability | ||
|
2022-08-17 05:00:00 | (Déjà vu) Google updates Chronicle with enhanced threat detection (lien direct) | Google Cloud Wednesday announced the general availability of what it calls “curated detection” for its Chronicle security analysis platform. The new detection feature leverages the threat intelligence that Google gains from protecting its own user base into an automated detection service that covers everything from ransomware, infostealers and data theft to simple misconfigured systems and remote access tools.The new product will integrate authoritative data sources like MITRE ATT&CK to help organizations contextualize and better understand potential threats, as well as providing constantly updated threat information from Google's own security team.To read this article in full, please click here | Threat | ||
|
2022-08-17 05:00:00 | Google updates Chronicle to climb on managed detection and response train (lien direct) | Google Cloud Wednesday announced the general availability of what it calls “curated detection” for its Chronicle security analysis platform, placing the company into the ranks of the contenders in the fast-growing managed detection and response market (MDR).Chronicle's new curated detection feature leverages the threat intelligence that Google gains from protecting its own user base into an automated detection service that covers everything from ransomware, infostealers and data theft to simple misconfigured systems and remote access tools.To read this article in full, please click here | Threat | ||
|
2022-08-17 02:00:00 | Ransomware safeguards for small- to medium-sized businesses (lien direct) | The Institute for Security and Technology (IST) recently released a “Blueprint for Ransomware Defense.” The guide includes recommendations of defensive actions for small- and medium-sized businesses (SMBs) to protect against and respond to ransomware and other common cyberattacks. It focuses on the identify, protect, respond, and recover format that aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework. IST's guidelines do not include one item from the NIST framework: the detect function. The authors recommends that SMBs should work with a cybersecurity services provider for that function.To read this article in full, please click here | Ransomware | ||
|
2022-08-17 02:00:00 | What is zk-SNARK? (lien direct) | Zk-SNARK, which stands for zero-knowledge succinct non-interactive argument or knowledge, is the most popular zero-knowledge protocol. This a space of increasing importance, as zero knowledge systems are an area of active development that stand to disrupt how authentication works. While the math is intense, the overall ideas are not hard to understand. What is zero knowledge? Zero knowledge is the attempt to use the smallest amount of information possible when verifying a statement. It works to devise proofs that avoid transfer of extra data.Ground zero for this field is the paper Knowledge Complexity of Interactive Proof Systems, which appeared in a few editions during the 1980's. As the name implies, the paper undertakes to get an understanding of how knowledge behaves in proving statements between interacting systems. To read this article in full, please click here | |||
|
2022-08-16 14:11:00 | "Evil PLC Attack" weaponizes PLCs to infect engineering workstations (lien direct) | Most attack scenarios against industrial installations, whether in manufacturing or in critical infrastructure, focus on compromising programmable logic controllers (PLCs) to tamper with the physical processes they control and automate. One way to get malicious code running on PLCs is to first compromise a workstation that engineers use to manage and deploy programs on them, but this can be a two-way street: A hijacked PLC can also be used to compromise engineering workstations, and this opens the door to powerful lateral movement attacks.In a new paper released over the weekend, researchers from industrial control systems (ICS) cybersecurity firm Claroty documented proof-of-concept "Evil PLC Attacks" against engineering software from seven ICS manufacturers: Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson.To read this article in full, please click here | |||
|
2022-08-16 05:30:00 | Safe Security debuts two free risk assessment tools for businesses (lien direct) | Cybersecurity risk assessment company Safe Security on Tuesday rolled out two new online risk assessment tools for businesses to use, in order to help them understand their vulnerability to cyberattacks and the costs of insuring against them.Both tools-an interactive cost calculator for cyberattacks and a cyberinsurance assessment app-are available as free-to-use web pages, created by Safe Security and based on the company's institutional knowledge and in-house research into cybersecurity risk factors.Risk tools measure financial impact of cyberthreats The cost calculator for cyberattacks takes into account general data-like revenue, number of employees, vertical, headquarters location and the types of records stores-to arrive at an “annual loss expectancy” figure, according to vice president of AI and cyber insurance at Safe Security, Pankaj Goyal. This measures the likelihood of an attack against the potential financial impact, breaking the potential harms down by the type of attack-currently ransomware, data breach, and business email compromise, but with more types on the way, according to Goyal.To read this article in full, please click here | Vulnerability | ||
|
2022-08-16 04:15:00 | BrandPost: Cybersecurity Alphabet Soup: SASE vs. SSE (lien direct) | When it comes to the cybersecurity space, there is no shortage of acronyms. With DLP, CASB, SSL, IPS, ATP, CIEM, ZTNA, CSPM, ML, SWG, and many others, the alphabet soup can become too much to consume. However, each acronym typically corresponds to technologies or frameworks that address unique challenges that must be solved if an enterprise is to maintain a robust security posture. Therefore, when a new phrase is coined, IT teams need to understand what it refers to, why (or perhaps if) it matters, and whether they need to change the way they go about security.To read this article in full, please click here | ★★★★ | ||
|
2022-08-16 03:52:00 | Exposed VNCs threatens critical infrastructure as attacks spike (lien direct) | New research from threat intelligence and cybersecurity company Cyble has identified a peak in attacks targeting virtual network computing (VNC) – a graphical desktop-sharing system that uses the Remote Frame Buffer (RFB) protocol to control another machine remotely – in critical infrastructure sectors. By analyzing the data from its Global Sensor Intelligence (CGSI), Cyble researchers noticed a spike in attacks on port 5900 (the default port for VNC) between July 9 and August 9, 2022. Most attacks originated from the Netherlands, Russia, and Ukraine, according to the firm, and highlight the risks of exposed VNC in critical infrastructure.Exposed VNC putting ICS at risk, assets frequently distributed on cybercrime forums According to a blog posting detailing Cyble's findings, organizations that expose VNCs over the internet by failing to enable authentication broaden the scope for attackers and increase the likelihood of cyber incidents. It detected more than 8,000 exposed VNC instances with authentication disabled. Cyble also found that exposed assets connected via VNCs are frequently sold, bought, and distributed on cybercrime forums and market.To read this article in full, please click here | Threat | ||
|
2022-08-16 02:00:00 | The 12 biggest data breach fines, penalties, and settlements so far (lien direct) | Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don't properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. Now, the Equifax fine has been eclipsed by the $1.19 billion fine levied against the Chinese firm Didi Global for violating that nation's data protection laws, and by the $877 million fine against Amazon last year for running afoul of the General Data Protection Regulation (GDPR) in Europe.To read this article in full, please click here | Data Breach | Equifax Equifax | |
|
2022-08-16 02:00:00 | Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable (lien direct) | The fallout of the SolarWinds cybersecurity incident, coupled with Cybersecurity Executive Order (EO) put the topic of software supply chain security, and by association, software bills of material (SBOM) center stage in the security dialog. Coupled with the Log4j vulnerability and impact that left countless organizations scrambling to determine the impact, SBOMs are now a critical component of modern cybersecurity vulnerability programs. To read this article in full, please click here | Vulnerability | ||
|
2022-08-15 02:00:00 | 3 ways China\'s access to TikTok data is a security risk (lien direct) | The short-video platform TikTok has come under fire in recent months. Both lawmakers and citizens in the U.S. have questioned its data collection practices and potential ties to the Chinese state. The concerns have deepened after Buzzfeed published a report saying that data of some American users had been repeatedly accessed from China.TikTok's parent company, Beijing-based ByteDance, denied that it shared information with the Chinese government and announced that it had migrated its U.S. user traffic to servers operated by Oracle. Still, it was not enough to clear the air, and security and privacy experts continued to be worried.To read this article in full, please click here | |||
|
2022-08-15 02:00:00 | Top 5 security risks of Open RAN (lien direct) | When a cell phone or other mobile device connects to the nearest cell tower, the communication takes place over something called a RAN -- a radio access network. From the cell tower, the signal is then routed to a fiber or wireless backhaul connection to the core network. RANsRANs are proprietary to each equipment manufacturer. Open RAN, on the other hand, allows for interoperability that allows service providers to use non-proprietary subcomponents from a choice of vendors. That adds complexity to the network and changes the risk landscape for wireless communications.What is RAN and Open RAN? With 4G, the RAN signal was based for the first time on the Internet Protocol (IP). Previously, it used circuit-based networks, where phone calls and text messages traveled on dedicated circuits. RAN has also evolved to support video and audio streaming, and more types of devices, including vehicles and drones.To read this article in full, please click here | |||
|
2022-08-12 13:00:00 | New exploits can bypass Secure Boot and modern UEFI security protections (lien direct) | Two teams of researchers have revealed vulnerabilities this week in Unified Extensible Firmware Interface (UEFI) implementations and bootloaders that could allow attackers to defeat the secure boot defenses of modern PCs and deploy highly persistent rootkits.Researchers from firmware and hardware security firm Eclypsium published a report on vulnerabilities they found in three third-party bootloaders that are digitally signed by Microsoft's root of trust. They can be deployed on PCs as a replacement for the OS bootloader to support pre-boot capabilities for specialized enterprise software such as PC hardware diagnostics, disk rollback, or full disk encryption.To read this article in full, please click here | |||
|
2022-08-11 14:17:00 | Top cybersecurity products unveiled at Black Hat 2022 (lien direct) | Zero trust security management, extended detection and response (XDR), and a host of other threat and vulnerability management offerings were among the top products and services launched at Black Hat USA 2022 this week in Las Vegas.Black Hat is an annual global conference of security professionals, enthusiasts and vendors, serving as a stage for innovation in the cybersecurity field. The exhibition and conference is conducted annually in locations in the US, Europe, Asia and the Middle East, with Las Vegas typically being the biggest event. Here below are some of the more interesting product announcements that took place at the show this week.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-08-11 13:25:00 | FTC begins sweeping commercial surveillance and lax data security rulemaking process (lien direct) | Data breaches exposing consumers' sensitive information continue unabated even as organizations amass and sell vast sets of consumers' personal, financial, and location data to a thriving data broker industry. Concerns over the use of the growing stockpile of sensitive personal data have reached a fevered pitch in the wake of the Supreme Court's decision to overturn Roe v. Wade, which raises the specter of law enforcement weaponization of widely available digitized content against American citizens.To read this article in full, please click here | |||
|
2022-08-11 11:25:00 | BrandPost: Security Service Edge (SSE) Coming In HOT! (lien direct) | Predicting future technological performance is tricky business - we anticipate linear growth, but experience something different. So, as much as we might like to, we can't predict the future by extrapolating from a straight line. Unfortunately for us forecasters, the dichotomy between expectation and reality makes it difficult to anticipate the exponential nature of technological progress, and that holds us back as change accelerates.Futurists frequently apply Moore's Law - which suggests that processing power doubles every two years - to technological advancements. For example, in April 2020, Zscaler announced that the cloud-based Zscaler Zero Trust Exchange was processing more than 100 billion daily transactions. Eighteen months later, the Zscaler Zero Trust Exchange is processing more than 200 billion transactions daily. (Thanks, Gordon!) For context, it's estimated that there are between 7 to 10 billion Google searches and around 5 billion YouTube videos viewed daily. So 200 billion for Zscaler is truly remarkable.To read this article in full, please click here | |||
|
2022-08-11 10:58:00 | Network mistakes, misconfigurations cost companies millions (lien direct) | Network misconfigurations cost companies an average of 9% of annual revenues, according to a study released Wednesday by a network security and compliance company. The research by Titania based on a survey of 160 senior cybersecurity decision makers across a broad array of government and industrial verticals also warned that misconfigurations that leave a business vulnerable to cyberattacks could be sitting on networks for months or years because of infrequent audits of connected devices.To read this article in full, please click here | |||
|
2022-08-11 07:48:00 | What happened to the Lapsus$ hackers? (lien direct) | [Editor's note: This article originally appeared on the CSO Germany website on July 29.]Claire Tills, senior research engineer at Tenable, describes the methods of the hacking group Lapsus$ as bold, illogical and poorly thought out. The criminals attacked renowned companies such as Microsoft, Samsung, Nvidia, Vodafone, Ubisoft and Okta. They stole data and sometimes used ransomware to extort their victims.To read this article in full, please click here | Ransomware | ||
|
2022-08-11 03:53:00 | Cisco admits hack on IT network, links attacker to LAPSUS$ threat group (lien direct) | IT, networking, and cybersecurity solutions giant Cisco has admitted suffering a security incident targeting its corporate IT infrastructure in late May 2022. On August 10, the firm stated that an employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized. Bad actors published a list of files from this security incident to the dark web, Cisco added.“The incident was contained to the corporate IT environment and Cisco did not identify any impact to any Cisco products or services, sensitive customer data or employee information, Cisco intellectual property, or supply chain operations,” the company said. Cisco claimed it took immediate action to contain and eradicate the bad actor, which it has linked to notorious threat group LAPSUS$. It also said that it has taken the decision to publicly announce the incident now as it was previously actively collecting information about the bad actor to help protect the security community.To read this article in full, please click here | Hack Threat | ||
|
2022-08-11 02:00:00 | How a Venezuelan disinformation campaign swayed voters in Colombia (lien direct) | Ever since the Kremlin's troll farm, the Internet Research Agency, targeted the American electorate during the 2016 U.S. presidential election with social media disinformation campaigns, nation-states across the globe have jumped into their own weaponized information campaigns to influence elections.In 2019, the U.S. State Department issued a report addressing the rise of state-sponsored disinformation that looked at not only Russian influence campaigns but also Chinese, Iranian and North Korean disinformation efforts. According to the report, a growing number of nation-states, in pursuing geopolitical ends, “are leveraging digital tools and social media networks to spread narratives, distortions, and falsehoods to shape public perceptions and undermine trust in the truth."To read this article in full, please click here | |||
|
2022-08-11 02:00:00 | Black Basta: New ransomware threat aiming for the big league (lien direct) | Many ransomware gangs have risen to the top over the years only to suddenly disband and be replaced by others. Security researchers believe many of these movements in the ransomware space are intentional rebranding efforts to throw off law enforcement when the heat gets too high. This is also the suspicion for Black Basta, a relatively new ransomware operation that saw immediate success in several months of operation. Some believe it has splintered off from the infamous Conti gang.To read this article in full, please click here | Ransomware Threat | ||
|
2022-08-11 02:00:00 | 37 hardware and firmware vulnerabilities: A guide to the threats (lien direct) | In January 2018, the entire computer industry was put on alert by two new processor vulnerabilities dubbed Meltdown and Spectre that defeated the fundamental OS security boundaries separating kernel and user space memory. The flaws stemmed from a performance feature of modern CPUs known as speculative execution and mitigating them required one of the biggest patch coordination efforts in history, involving CPU makers, device manufacturers and operating system vendors.Meltdown and Spectre were certainly not the first vulnerabilities to result from a hardware design decision, but their widespread impact sparked the interest of the security research community into such flaws. Since then, many researchers, both from academia and the private sector, have been studying the low-level operation of CPUs and other hardware components and have been uncovering more and more issues.To read this article in full, please click here | |||
|
2022-08-10 13:10:00 | Sensitive data in the cloud gets new automated remediation tool from BigID (lien direct) | Data intelligence company BigID announced this week at the Black Hat conference in Las Vegas that it has rolled out new features for its privacy and data protection platform, allowing users to programmatically restrict access to sensitive cloud-based information when it's under threat.BigID's core product, its Data Intelligence platform, already boasts numerous capabilities focused on the privacy, organization and discovery of a company's data. The new features announced this week build on that framework, allowing IT staff to automatically lock down access to sensitive information tagged as having open or overprivileged access in the big three public cloud platforms.To read this article in full, please click here | Tool | ||
|
2022-08-10 07:37:00 | Microsoft urges Windows users to run patch for DogWalk zero-day exploit (lien direct) | Despite previously claiming the DogWalk vulnerability did not constitute a security issue, Microsoft has now released a patch to stop attackers from actively exploiting the vulnerability. | Vulnerability | ||
|
2022-08-10 05:00:00 | CrowdStrike adds AI-powered indicators of attack to Falcon platform (lien direct) | Cybersecurity vendor CrowdStrike has added new AI-powered indicators of attack (IoA) functionality to its Falcon platform. Announced at the Black Hat USA 2022 Conference, the enhancement leverages AI techniques to create new IoAs at machine speed and scale to help organizations stop emerging attack techniques and enable them to optimize detection and response, the firm said.AI IoAs trained on real-world adversary behavior, rich threat intelligence In a press release, CrowdStrike stated that Falcon now allows organizations to find emerging attack techniques with IoAs created by AI models trained on real-world adversary behavior and rich threat intelligence. Brian Trombley vice president product management, endpoint security at CrowdStrike, tells CSO that the AI-powered IoAs leverage intelligence from the CrowdStrike Security Cloud, where the firm collects over one trillion security events per day from its customer base.To read this article in full, please click here | Threat | ||
|
2022-08-10 04:58:00 | Chinese APT group uses multiple backdoors in attacks on military and research organizations (lien direct) | Since early this year, a known APT group of Chinese origin has been targeting military industrial complex enterprises and public institutions in Ukraine, Russia and Belarus, as well as in other parts of the world like Afghanistan. The group, tracked in the past as TA428, has an interesting approach where it deploys up to six different backdoors on compromised targets, likely to achieve persistence and redundancy.The targets included industrial plants, design bureaus, research institutes, and government ministries, agencies, and departments, according to researchers from antivirus vendor Kaspersky Lab, which investigated the attack campaign."The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions," the researchers said in a report. "An analysis of information obtained while investigating the incidents indicates that cyberespionage was the goal of this series of attacks."To read this article in full, please click here | |||
|
2022-08-10 04:08:00 | OPSWAT launches new malware analysis capabilities for ICS, OT networks (lien direct) | Critical infrastructure cybersecurity vendor OPSWAT has announced new malware analysis capabilities for IT and operational technology (OT). Revealed at the Black Hat USA 2022 Conference, enhancements include OPSWAT Sandbox for OT with detection of malicious communications on OT network protocols and support for open-source third-party tools in OPSWAT's MetaDefender Malware Analyzer platform, the firm stated. The release comes amid increasing cyberthreats surrounding OT networks in industrial control systems (ICS).To read this article in full, please click here | Malware | ||
|
2022-08-10 02:00:00 | How harm reduction can more effectively reduce employee risky behavior (lien direct) | Most cybersecurity professionals know that training employees to follow good cybersecurity practices, such as phishing simulations that find employees at fault for falling for convincing phony lures, is frequently a frustrating proposition. One recent experiment conducted at Baylor University found evidence that phishing tests can harm relationships between a company and its employees, causing feelings of betrayal and making them view cybersecurity as harmful.To read this article in full, please click here | |||
|
2022-08-10 02:00:00 | 8 tips to secure printers on your network (lien direct) | I recently introduced a Ricoh IM 6500 printer on the office network, and it reminded me that we need to treat printers like computers. These devices should be given the same amount of security resources, controls, processes and isolation as need for any other computer in your network.Focus on these eight areas to keep you printers from being a point of entry for attackers:1. Limit access privileges to printers Like any other technology, limit printer access to only those who need it. Define the network IP addresses of the devices with permission to access each printer.2. Disable unused protocols Disable unused protocols that are active on each device. Only set up those protocols that are needed. Ensure that you review this process regularly as the needs for your network changes.To read this article in full, please click here | |||
|
2022-08-10 02:00:00 | U.S. Federal Court breach reveals IT and security maturation issues (lien direct) | In late July 2022, Politico ran a story detailing how the U.S. Department of Justice was investigating a recent data breach of the federal court system, which dated back to early 2020. The chair of the House Judiciary Committee, Jerrold Nadler (D-NY), described the breach as a “system security failure of the U.S. Courts' document management system.”On the same day, July 28, 2022, the U.S. Government Accountability Office (GAO) published the report GAO-22-105068 “U.S. Courts: Action Needed to Improve IT Management and Establish a Chief Information Officer.” The GAO report described systemic shortcomings in the administration of the U.S. court system, including the lack of a CIO, to oversee the substantive infrastructure.To read this article in full, please click here | Data Breach | ||
|
2022-08-09 11:50:00 | BrandPost: Is MFA the Vegetable of Cybersecurity? (lien direct) | Like it or not, vegetables are good for us. Chowing down on some broccoli or kale can help us build strong bones, reduce our risk of chronic diseases, and deliver the vitamins our bodies need. And yet, the CDC reports that only 10% of American adults eat enough veggies - even though they likely know they should.[1] Companies are the same when it comes to security. Cybercrime is predicted to cost the world $10.5 trillion annually by 2025, up from $3 trillion a decade ago and $6 trillion in 2021.[2] There are 921 password attacks every second - almost double what we saw a year ago. There is one simple action businesses can take to protect against 98% of attacks, but 38% of large companies and 62% of small to mid-size companies don't do it.[3] In fact, across industries, only 22% of customers using Microsoft Azure Active Directory (Azure AD), Microsoft's Cloud Identity Solution, had implemented strong identity authentication protection as of December 2021.To read this article in full, please click here | |||
|
2022-08-09 06:00:00 | BrandPost: Choosing the Right Security Service Edge Platform (lien direct) | This is the third installment of our security service edge (SSE) blog series. Our first blog explores SSE as a platform, and the second looks at the top use cases. In this article, we'll explore what features you should be looking for when selecting an SSE platform.To read this article in full, please click here |
To see everything:
Our RSS (filtrered)
