What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-09 02:00:00 | 7 best reasons to be a CISO (lien direct) | The job of the CISO can be tough with its share of challenges, difficulties and complications. A CISO's trials and tribulations include responsibility for protecting a business's most valuable asset (its data) from an evolving cyberthreat landscape, traversing complex and strict regulatory requirements, balancing security with critical business needs, and juggling a security skills and talent shortage.These are just a few of the things that keep CISOs up at night. However, it is far from all doom and gloom. There's plenty to be optimistic about if you are building or seeking a career as a CISO. Here are the seven best things about being a CISO according to those currently in the job.To read this article in full, please click here | |||
|
2022-08-09 02:00:00 | How OKRs keep security programs on track (lien direct) | When Michael Gregg joined the State of North Dakota as a security leader, he brought with him a concept he liked to use for keeping his security program on track: identifying objectives and key results (OKRs) and tracking progress against them.He says they had worked for him in the past, and he believed that introducing their use to the state's security program could be equally useful.“It was a good way for the security team to stay focused. It helps give me and the teams priorities, it gives alignment between the teams, and we get the tracking and accountability,” says Gregg, who was named the state's CISO in late 2021 after working in the position as an interim and prior to that as director of state cyber operations.To read this article in full, please click here | Guideline | ||
|
2022-08-08 10:05:00 | Ransomware, email compromise are top security threats, but deepfakes increase (lien direct) | While ransomware and business email compromise (BEC) are leading causes of security incidents for businesses, geopolitics and deepfakes are playing an increasing role, according to reports from two leading cybersecurity companies.VMware's 2022 Global Incident Threat Response Report shows a steady rise in extortionary ransomware attacks and BEC, alongside fresh jumps in deepfakes and zero-day exploits.To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-08-08 06:22:00 | BrandPost: Transforming Digital Healthcare Through Video Vital Sign Analysis (lien direct) | Global events over the past few years have disrupted how healthcare professionals approach the measurement and monitoring of a patient's vital signs. New regulations around sanitation and the use of personal protection equipment pose a challenge to healthcare providers who require new methods to safely measure a patient's vital signs, or to triage patients in an emergency room situation faster.Today, innovations in sensors, signal and image processing, and machine learning allow providers to use video analysis to measure vital signs such as heart rate, oxygenation, and respiratory rate. New methods for unlocking data from video are available, providing insights beyond what the eye can see, but also reducing the need for healthcare equipment such as wearable devices, thermometers, and other physical vital sign measurement gear.To read this article in full, please click here | |||
|
2022-08-08 02:00:00 | AWS, Google Cloud, and Azure: How their security features compare (lien direct) | CISOs trying to determine which of the three major cloud service providers (CSPs) offers the best security need to break that question down into two parts: Which one does the best job securing its own infrastructure, and which one does the best job helping you to secure your data and applications?To read this article in full, please click here | |||
|
2022-08-08 02:00:00 | SBOM formats SPDX and CycloneDX compared (lien direct) | Software bills of materials (SBOMs) are becoming a critical component of vulnerability management. Many organizations, however, are still wrestling with understanding fundamental topics in the SBOM discussion, such as the differences among the SBOM formats.What are SBOM formats? SBOM formats are standards for defining a unified structure for generating SBOMs and sharing them with end users or customers. They describe the composition of software in a common format that other tools can understand.The leading SBOM formats are Software Package Data Exchange (SPDX), Software Identification (SWID) Tagging, and CycloneDX. Only SPDX and CycloneDX are being adopted for security use cases. SWID is primarily focused on licensing and is therefore out of scope for this discussion. As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and others have stated, we will have multiple SBOM formats for some time.To read this article in full, please click here | Vulnerability Guideline | ||
|
2022-08-04 14:35:00 | (Déjà vu) Palo Alto debuts Unit 42 team for managed detection and response (lien direct) | Palo Alto Networks this week announced the immediate availability of Unit 42 Managed Detection and Response (MDR), a service providing on-call cybersecurity specialists to track and respond to security threats in real time.The idea is to back Palo Alto's existing automated Cortex extended detection and response (XDR) platform with human expertise, dedicating members of the company's threat response team and others to minimizing unnecessary alerts and prioritizing those from serious threats. It's a response, the company said in a statement, to an increasingly advanced and complicated threat environment-as well as an in-house security landscape that, in many cases, hasn't matured to match.To read this article in full, please click here | Threat | ||
|
2022-08-04 14:35:00 | Palo Alto debuts Unit 42 team for on-demand cybersecurity (lien direct) | Palo Alto Networks this week announced the immediate availability of Unit 42 Managed Detection and Response (MDR), a service providing on-call cybersecurity specialists to track and respond to security threats in real time.The idea is to back Palo Alto's existing automated Cortex extended detection and response (XDR) platform with human expertise, dedicating members of the company's threat response team and others to minimizing unnecessary alerts and prioritizing those from serious threats. It's a response, the company said in a statement, to an increasingly advanced and complicated threat environment-as well as an in-house security landscape that, in many cases, hasn't matured to match.To read this article in full, please click here | Threat | ||
|
2022-08-04 08:39:00 | (Déjà vu) Microsoft boosts threat intelligence with new Defender programs (lien direct) | Drawing from last year's acquisition of RiskIQ, Microsoft is adding two new threat-intelligence applications to its Defender product family, and separately offering new detection and response capabilities for SAP ERP systems to its Sentinel SIEM (security information and event management) product.Combining intelligence from the security research team at RiskIQ with existing in-house security findings, Microsoft has developed Microsoft Defender Threat Intelligence, a standalone library of raw adversary data. Microsoft says it is offering the library for free, accessible directly by all users, or from within its existing Defender family of security products, according to a blog post from Vasu Jakkal, a Microsoft vice president for security, compliance, identity, and management.To read this article in full, please click here | Threat | ||
|
2022-08-04 08:39:00 | Microsoft bolsters threat intelligence security portfolio with two new products (lien direct) | Drawing from last year's acquisition of RiskIQ, Microsoft is adding two new threat-intelligence applications to its Defender product family, and separately offering new detection and response capabilities for SAP ERP systems to its Sentinel SIEM (security information and event management) product.Combining intelligence from the security research team at RiskIQ with existing in-house security findings, Microsoft has developed Microsoft Defender Threat Intelligence, a standalone library of raw adversary data. Microsoft says it is offering the library for free, accessible directly by all users, or from within its existing Defender family of security products, according to a blog post from Vasu Jakkal, a Microsoft vice president for security, compliance, identity, and management.To read this article in full, please click here | Threat | ||
|
2022-08-04 07:43:00 | The Secret Service\'s missing text messages: Lessons for IT security (lien direct) | The U.S. Secret Service (USSS) has been under intense political fire since mid-July when the Department of Homeland Security (DHS) Inspector General's office told Congress that the text messages surrounding the important events of January 6 had been permanently deleted for twenty-four key agents. The USSS currently operates under DHS.The facts of this high-stakes national drama are unclear, and conflicts between lawmakers and DHS and DHS and the Secret Service further muddy the waters. But in essence, the Secret Service claims that it lost the texts in January 2021 after it reset its mobile phones to factory settings as part of a pre-planned, three-month system migration that entailed instructing agents to back up their phones.To read this article in full, please click here | |||
|
2022-08-04 06:46:00 | Deep Instinct\'s Prevention for Applications detects malicious files in transit (lien direct) | Cybersecurity vendor Deep Instinct has announced the launch of Deep Instinct Prevention for Applications, a new antimalware software product that detects and stops malicious files in transit.Prevention for Applications is deployed via a container within a customer's environment and does not require cloud access, with device and system agnostic flexibility that allows it to be implemented to protect any application. It advances threat protection beyond the endpoint with in-transit file scanning via API.Karen Crowley, Director of Product Solutions at Deep Instinct, tells CSO that PDF and Office files remain a large attack target as they are so widely used. “PDF documents can contain text, images, and codes that can be weaponized with hidden scripts that won't be detected and endanger the organization,” she says. “These files could open a backdoor and allow cybercriminals to access devices and then pivot to other areas of the network.”To read this article in full, please click here | Threat | ||
|
2022-08-04 04:04:00 | (Déjà vu) BrandPost: Real-World Applications of Security Service Edge (lien direct) | This article is the second in a three-part series covering security service edge (SSE). Our first blog explored what SSE is as a platform, and the third installment explains what features you should be looking for when selecting an SSE platform.To read this article in full, please click here | |||
|
2022-08-04 02:00:00 | China, Huawei, and the eavesdropping threat (lien direct) | In the world of espionage and intrigue, China has always played the long game, planning far beyond the next quarter, looking over the horizon at the next generation. For this reason, it should come as no surprise that China and Chinese government-supported companies like Huawei will look at every avenue to advance the long-term goals of the Chinese Communist Party (CCP).With this in mind, CNN's exclusive report on the FBI's investigation into how Huawei's equipment could be used to disrupt and listen to U.S. nuclear arsenal communications should not have come as a surprise.To read this article in full, please click here | Threat | ★★★ | |
|
2022-08-04 02:00:00 | 11 stakeholder strategies for red team success (lien direct) | Red teams are a necessary evil – literally – in today's cyber threat landscape. Motivations for engaging in offensive testing activities can vary from regulatory requirements to certification aspirations. Truly proactive and progressive security programs incorporate offensive operations almost immediately as security is built and defined.Most organizations start with vulnerability scanning and then move into penetration testing (pentesting), taking the vulnerability scan one step farther from guessing a vulnerability could be exploited to proving exactly how it can be. Red team programs are often, incorrectly, synonymously associated with pentesting, but it is a very different function.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-08-03 13:16:00 | Thoma Bravo snares Ping Identity in $2.8 billion go-private deal (lien direct) | In the latest move in a series of security-company acquisitions, private equity firm Thoma Bravo announced Wednesday that it has reached an arrangement to acquire IAM (identity and access management) firm Ping for a total sale price of $2.8 billion.Ping Identity's flagship product is its PingOne Cloud Platform, which acts as an underlying framework to orchestrate the company's own security products for each step of the identity management process, as well as a way to centrally manage third-party identity solutions.Thoma Bravo partner Seth Boro said in the announcement that Ping's products make it well-suited to address the fast-changing needs of companies using identity management technology.To read this article in full, please click here | |||
|
2022-08-03 07:19:00 | Qualys adds external attack management capability to cloud security platform (lien direct) | Cloud security and compliance software company Qualys on Wednesday announced it is adding external attack surface management (EASM) capabilities to the Qualys Cloud Platform.The new capability will be integrated into Qualys CSAM (cybersecurity asset management) 2.0, an inventory monitoring and resolution tool to help security teams gain visibility into previously unknown internet-facing assets.“Achieving full asset visibility remains one of cybersecurity's most elusive goals,” said Sumedh Thakar, Qualys CEO, in a press release. ”CyberSecurity Asset Management 2.0 solves this by providing both the holistic, external attacker-level and internal view of the attack surface to address the increased threat landscape comprehensively.”To read this article in full, please click here | Tool Threat | ||
|
2022-08-03 02:00:00 | Tips to prevent RDP and other remote attacks on Microsoft networks (lien direct) | One long-favored way that ransomware enters your system is through Microsoft's Remote Desktop Protocol (RDP) attacks. Years ago when we used Microsoft's Terminal Services (from which RDP evolved) for shared remote access inside or outside of an office, attackers would use a tool called TSGrinder. It would first review a network for Terminal Services traffic on port 3389. Then attackers would use tools to guess the password to gain network access. They would go after administrator accounts first. Even if we changed the administrator account name or moved the Terminal Services protocol to another port, attackers would often sniff the TCP/IP traffic and identify where it was moved to.To read this article in full, please click here | Ransomware Tool | ||
|
2022-08-03 02:00:00 | 5 best practices for secure collaboration (lien direct) | The landscape around collaboration and communication security has changed in recent years, spurred by the shift to remote work as companies scrambled to bring video and team collaboration tools online.That rapid change in how teams communicate internally as well as with partners, suppliers, and customers introduced new security challenges, says Irwin Lazar, president and principal analyst at market research firm Metrigy.At CSO's recent InfoSec Summit, Lazar shared his research into what companies that are successfully implementing emerging collaboration technologies are doing to ensure that they are secure. What follows are edited excerpts of that presentation. For more insights, watch the full session video embedded here:To read this article in full, please click here | |||
|
2022-08-02 09:58:00 | Axis adds automation, onboarding features to Atmos ZTNA network access software (lien direct) | Axis Security, a provider of cybersecurity services focused on zero trust, has announced a set of new features on Atmos ZTNA (zero trust network access), the software-defined network access module within its cloud-native SSE (security service edge) platform, Atmos.Additionally, the company has revealed a suite of tools to help companies migrate from traditional ZTNA to Atmos' ZTNA service.To read this article in full, please click here | ★★★★★ | ||
|
2022-08-02 07:05:00 | Opsera\'s GitCustodian detects vulnerable data in source code (lien direct) | DevOps orchestration platform provider Opsera has announced the launch of GitCustodian, a new Software-as-a-Service (SaaS) product that detects and reports vulnerable data in code repositories including Gitlab, Github, and Bitbucket.GitCustodian scans the code repositories for vulnerable data and alerts security and DevOps teams so that they can prevent vulnerabilities from leaking into production, protecting software development pipelines. Once vulnerabilities are found, the solution automates the remediation process for any uncovered secrets or other sensitive artifacts, Opsera says.The release comes at a time of heightened awareness around data leaks in source code repositories. In April, GitHub revealed that attackers had used stolen authorization tokens to download private data stored on the platform.To read this article in full, please click here | ★★★★★ | ||
|
2022-08-02 06:03:00 | BrandPost: Security Leaders Share 5 Steps to Strengthening Cyber Resilience (lien direct) | With new threat actors emerging every day and a growing number of cyber attacks making headlines, cybersecurity has become a critical business imperative. Security leaders face the dual challenge of needing to stay competitive in a rapidly evolving business landscape while also defending against increasingly serious cyber threats, reducing complexity, and facilitating their organization's digital transformation.To better understand emerging security trends and top concerns among Chief Information Security Officers (CISOs), Microsoft Security conducted a survey of more than 500 security professionals. Based on the responses we received, we developed five steps organizations can take to improve their cyber resilience in the process. Keep reading to uncover our insights.To read this article in full, please click here | Threat Guideline | ||
|
2022-08-02 02:00:00 | How OpenSSF Scorecards can help to evaluate open-source software risks (lien direct) | Everyone knows the phrase “software is eating the world” by Marc Andreessen from over a decade ago. Software powers and touches nearly every aspect of modern society, both personally and professionally, and is critical to the modern economy and national security.It can also be said that open-source software (OSS) has eaten the software industry. The Linux Foundation and other groups have estimated that free and open-source software (FOSS) constitutes 70% to 90% of any modern software product. Not only is modern software largely composed of OSS components, but IT leaders are more likely to work with vendors who also contribute to the OSS community.To read this article in full, please click here | Guideline | ★★★★★ | |
|
2022-08-02 02:00:00 | Why UnionDigital Bank invests in an AI-driven approach to cybersecurity (lien direct) | The data-reliance of digital banking means an AI-driven approach to cybersecurity and risk management is integral to success, UnionDigital Bank CISO Dominic Grunden tells CSO. For him and his team, this took on greater significance given the speed at which UnionDigital Bank was created to empower the Philippines' digital economy. The bank enables the Filipino people, communities, businesses, problem solvers, and regulators to leverage digital banking, fintech, blockchain, and open-finance technologies. It was established in just five months, a timescale unheard of in the banking industry, Grunden says.From the get-go, Grunden recognized the need to adopt an AI-first security policy to keep pace with both the unprecedented growth of the company and the complexities of the digital banking sphere. Key to achieving this has been a seamless relationship with the firm's Chief Data Officer (CDO), Dr. David R. Hardoon. Working together, the two used autonomous technology to instill a “truly holistic” AI-enhanced security and risk management strategy.To read this article in full, please click here | ★★★★ | ||
|
2022-08-01 21:01:00 | Traceable AI adds eBPF to security platform for deeper API observability and visibility (lien direct) | API security firm Traceable AI has announced the addition of extended Berkeley Packet Filter (eBPF) data to its platform to enhance API observability and visibility. eBPF is a technology that makes it possible to run special programs deep inside the Linux operating system in an isolated way.A variant of BPF, it has become a universal in-kernel virtual machine that allows teams to collect data from Linux applications and network resources more easily and efficiently. By adding eBPF data to its platform, Traceable AI said it is helping CISOs, DevSecOps, and DevOps teams improve API security postures without the need to change kernel source code or add instrumentation.To read this article in full, please click here | |||
|
2022-08-01 10:00:00 | BrandPost: Three Pillars of the Autonomous SOC (lien direct) | Security operations center (SOC) leaders face a difficult balancing act. They need to secure complex infrastructures and applications as organizations shift to the cloud, achieve digital transformation, and manage risk – while attracting and retaining skilled cybersecurity talent in a tight labor market.Add in today's fast-evolving threat landscape with its increased volume of sophisticated attacks, and you have the perfect storm: the lack of visibility into complex operating environments, the inability to analyze cloud-scale volumes of data, and the struggle to enhance team performance. All of which lead to lower productivity and higher security risk.To read this article in full, please click here | Threat Guideline | ||
|
2022-08-01 07:44:00 | (Déjà vu) Average cost of data breaches hits record high of $4.35 million: IBM (lien direct) | The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organizations raised product and services prices due to the breaches.The annual report, conducted by Ponemon Institute and analyzed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. According to the report, about 83% of the organizations have experienced more than one breach in their lifetime, with nearly half of the costs reported to be incurred more than a year after the breach.To read this article in full, please click here | |||
|
2022-08-01 07:44:00 | Global cost of data breach reaches record high of $4.35 million: IBM (lien direct) | The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organizations raised product and services prices due to the breaches.The annual report, conducted by Ponemon Institute and analyzed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. According to the report, about 83% of the organizations have experienced more than one breach in their lifetime, with nearly half of the costs reported to be incurred more than a year after the breach.To read this article in full, please click here | Data Breach | ||
|
2022-08-01 05:07:00 | BrandPost: Solving the Challenges of Remediating Configuration Settings (lien direct) | A data breach can result in catastrophic consequences for any organization. Ensuring that your IT environment is safe from cyber threats can be a real challenge.To keep intruders out of your networks and data, you need more than up-to-date guidance. You also need to continually assess system configurations for conformance to security best practices and harden thousands of individual settings in your environment.But where do you start?Begin with recognized security best Practices The CIS Critical Security Controls (CIS Controls) are a prioritized set of actions that mitigate the most common cyber attacks. They translate cyber threat information into action. The CIS Benchmarks are secure configuration recommendations designed to safeguard systems against today's evolving cyber threats. Both CIS best practices provide organizations of all sizes with specific and actionable recommendations to enhance cyber defenses. Both are also mapped to or referenced by a number of industry standards and frameworks like NIST, HIPAA, PCI DSS, and more.To read this article in full, please click here | Data Breach Threat | ||
|
2022-08-01 05:04:00 | BrandPost: The Key to Regularly Performing Configuration Assessments (lien direct) | There's an old adage in business: "If you're not measuring something, you can't manage it." These days, information technology (IT) and information security professionals know this all too well, especially when it comes to configuration assessments.Network performance requires constant monitoring. Cyber threats demand identification and remediation. Systems need to be securely configured upon implementation and then assessed frequently to ensure they stay that way. What's more, cyber threat actors (CTAs) constantly seek out poorly configured or vulnerable systems. As organizations around the world experienced with the Log4j vulnerability, CTAs are constantly looking for ways try to exploit these weaknesses. After all, when one system is left unsecured, it often means that others are unsecure, as well.To read this article in full, please click here | Threat | ||
|
2022-08-01 02:00:00 | 5 ways to unite security and compliance (lien direct) | As numerous data compliance laws proliferate across the globe, security professionals have become too focused on checking their requirements boxes when they should be focused on reducing risk. Can the two work harmoniously together?The answer depends on how effectively IT security leaders can work with their auditors and speak to their boards, say experts. These are their top five recommendations:1. Focus on data protection It's well-known that compliance is about protecting regulated data, while cybersecurity is focused on keeping bad guys out. From a data protection perspective, the key security measure then is to avoid processing or storing regulated data that isn't needed. If regulated data must be stored, make sure you're using stronger-than-recommended encryption, says James Morrison, national cybersecurity specialist for Intelisys, the infrastructure support division of payment systems company, ScanSource.To read this article in full, please click here | Guideline | ★★★★★ | |
|
2022-08-01 02:00:00 | Data privacy: Collect what you need, protect what you collect (lien direct) | Every time a user opens an app on their device, it seems they are being asked to provide both information necessary to engage with the app and far too often additional information that falls into the nice-to-have or marketing niche. Having CISOs participating in the discussions on what data is necessary for an app to function is table stakes. They should have a say in how that data is parsed to determine how it must be protected to remain in compliance with privacy laws. In addition, CISOs have a role to play in assisting the workforce in remaining safe online as well as protecting their (and the company's) privacy.The risks of data over-collection During a recent conversation with Rob Shavell, founder of DeleteMe, he commented how data over-collection by companies is a rampant problem. The data brokers take what you give them and what they scrape and package and sell it. He notes, “Employers are now helping employees protect their PII [personal identifiable information] as it is in the company's interest to do so.”To read this article in full, please click here | ★★★ | ||
|
2022-07-29 11:25:00 | CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has been investigating attacks exploiting the Log4Shell vulnerability in third-party products like VMware Horizon and Unified Access Gateway (UAG). The agency published indicators of compromise (IOCs) collected from incidents it investigated as recently as June, highlighting the long-lasting impact of this vulnerability that's over six months old."From May through June 2022, CISA provided remote incident support at an organization where CISA observed suspected Log4Shell PowerShell downloads," the agency said in a report this week. "During remote support, CISA confirmed the organization was compromised by malicious cyber actors who exploited Log4Shell in a VMware Horizon server that did not have patches or workarounds applied."To read this article in full, please click here | Vulnerability | ||
|
2022-07-29 09:15:00 | Flashpoint says its VulnDB records vulnerabilities that MITRE CVE missed (lien direct) | Cyberthreat intelligence company Flashpoint said in a report issued this week that it detected a total of 11,860 vulnerabilities in the first half of 2022, with almost a third of them missed or not detailed by the public MITRE CVE (Common Vulnerabilities and Exposures) database.The report, "State of Vulnerability Intelligence," includes disclosures-security vulnerabilities in hardware and software products reported by vendors and cybersecurity experts-collected by Flashpoint's in-house vulnerability intelligence database, VulnDB.Flashpoint said that there were huge discrepancies in the severity and classification of vulnerabilities reported by VulnDB, and those recorded in MITRE's CVE database and the NVD database maintained by NIST (the US National Institute of Standards and Technology). NIST and MITRE coordinate their finding and report similar vulnerabilities. Flashpoint cautioned organizations to depend on more comprehensive and specific sources for a clear underatanding of the vulnerability landscape.To read this article in full, please click here | Vulnerability | ||
|
2022-07-29 02:00:00 | July was a hot month for cybersecurity research (lien direct) | While summer may be vacation season, criminals never take a day off. Researchers are also always busy following their methods and digging into their possible path for exploit. Here are a few interesting research initiatives making headlines this month.Fake Android apps keep popping up in Google Play When folks download mobile applications from a trusted app source, obviously the expectation is the apps with be safe to use. But unfortunately, that is not always the case.While it is not a new issue, recent findings from both Zscaler ThreatLabz and Pradeo reveal that malware-laden Android apps in Google's app store-Google Play-continue to be a problem. The latest findings point to multiple instances of apps with the Joker, Facestealer, and Coper malware families in the marketplace. To read this article in full, please click here | Malware | ||
|
2022-07-28 17:52:00 | BrandPost: Understanding SSE: Components, Process, and Advantages (lien direct) | This article is the first in a three-part series covering a new market category, security service edge (SSE). The second entry highlights the top use cases of SSE, and the third explains what features you should look for when selecting an SSE platform.To read this article in full, please click here | |||
|
2022-07-28 15:04:00 | BrandPost: CISOs Are Focused on These 3 Trends, Are You? (lien direct) | Security leaders are facing growing pressures in today's rapidly evolving cyber landscape. The rise in remote work means that many organizations are managing a complex web of in-person, online, and hybrid work scenarios while also juggling cloud migration to support their diversified workforce. There's also the increase in the sheer volume of cyber attacks to contend with; between July 2020 and June 2021, there was a 1,070% increase in ransomware attacks alone.[1]For Chief Information Security Officers (CISOs), this has created a variety of new challenges to contend with. Based on our conversations with security leaders, Microsoft has identified the top three focus areas that CISOs are prioritizing today so you can understand what steps your organization should take to guard against ongoing cybersecurity threats.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-07-28 10:08:00 | Attacks using Office macros decline in wake of Microsoft action (lien direct) | Microsoft's decision to turn off Office macros by default has had a significant impact on the use of the mini-programs by hackers, according to enterprise security company Proofpoint. In a blog posted today, the company noted its researchers have found that the use of macro-enabled attachments by threat actors has decreased approximately 66% between October 2021 and June 2022."We've seen them switch their tactics away from leveraging malicious macros into other kinds of attacks like LNK files," says Proofpoint Vice President for Threat Research and Detection Sherrod DeGrippo. "We've seen a 1,600% increase over the past ten months or so around using other tactics aside from malicious Office macros. The threat actors got the message that this is coming and are stifling their use of macros against individuals and organizations."To read this article in full, please click here | Threat | ||
|
2022-07-28 06:44:00 | Microsoft takes top spot as most impersonated brand in phishing (lien direct) | Microsoft toppled Facebook for the top spot in the 25 most impersonated brands by phishers in the first half of 2022, with a total of 11,041 unique phishing URLs, according to Vade's latest Phishers' Favorites report.Facebook, which was the most impersonated company in 2021, followed close behind in the second spot, with 10,448 phishing URLs, according to Vade, which offers an email filtering service for phishing, malware, spear phishing, and spam.To read this article in full, please click here | |||
|
2022-07-28 02:00:00 | Defense in depth explained: Layering tools and processes for better security (lien direct) | What is defense in depth? Defense in depth is a security strategy in which multiple security tools, mechanisms, and policies are deployed in tandem on the assumption that if one fails, another will hold. Rather than, say, relying solely on a firewall to keep hackers out of a corporate network, an organization would also deploy endpoint security software and intrusion detection systems (IDS) to spot any attacker who manages to slip past that firewall. The intention isn't to deploy different tools to face different specific threats: rather, a defense in depth strategy assumes that an attacker manages to defeat or bypass one tool, then other tools will pick up the slack and fight back in a different way.To read this article in full, please click here | |||
|
2022-07-27 12:57:00 | BrandPost: How a Cybersecurity Program Can Counter Configuration Drift (lien direct) | Once your organization is secured, you'll need to ensure that your environment doesn't stray from its protected state. Configuration drift may be inevitable, but you can leverage best practices to minimize its consequences.Why does configuration drift occur? Whether by choice or chance, change happens in IT environments. Software updates roll out, ad hoc decisions take effect, end users change settings, and new systems come in. When these decisions are made in haste, security considerations can be incomplete or missing altogether.Even if systems were secure to start with, the once-hardened IT environments develop “gaps” over time. It's not always easy to keep track of the changes that can lead to configuration drift. You'll need a management tool that provides you with a big (and granular) picture so that your team can effectively monitor and remedy the situation.To read this article in full, please click here | Tool Guideline | ||
|
2022-07-27 12:49:00 | BrandPost: How to Minimize Misconfigurations Across Your Systems (lien direct) | Misconfigurations are one of the most common causes of data breaches. According to the Identity Theft Resource Center (ITRC), configuration mistakes were responsible for a third of data breaches that resulted from human error in 2021. Some of these incidents involved misconfigured firewalls that allowed access to internal systems. Others involved unauthorized access to corporate cloud systems and servers.Misconfigurations and state-sponsored attacks Looking ahead, misconfigurations won't likely diminish in prevalence. In fact, Gartner predicted that 99% of cloud security incidents "will be the customer's fault" as a result of misconfigurations by 2023. Threat actors are just too familiar with misconfigurations to give them up as an attack vector. This holds true even for nation-state actors like those in Russia.To read this article in full, please click here | Threat | ||
|
2022-07-27 12:24:00 | BrandPost: 5 Tips for Hardening Your Operating Systems (lien direct) |
Hundreds of security recommendations may exist to harden your Operating Systems (OS). That's why it's important to use industry-recognized guidelines to harden your OS. To give you a taste, we pulled five recommendations from the CIS Benchmark for Microsoft Windows Server 2019 – objective, consensus-driven security configuration guidelines. CIS
This list contains just a few of the 350+ configuration recommendations for Microsoft Windows Server 2019. Want the full list for this technology? Download the CIS Benchmark for Microsoft Windows Server.
Security configuration 1: Disconnect after hours
Your organization's workforce probably adheres to a specific work schedule. Even though operating cloud-based systems means you can theoretically work from anywhere (and at any time), it's unlikely most employees would need to log on at 2:00 A.M.To read this article in full, please click here |
|||
|
2022-07-27 12:15:00 | BrandPost: Using Security Best Practices via a Centralized Resource Hub (lien direct) | Communities are vital to the work we do at the Center for Internet Security (CIS). For years, expert IT volunteers from around the world have helped us develop, review, edit, and maintain the secure configuration recommendations contained in every CIS Benchmark. They've also helped us create and update the guidance and security best practices of the CIS Critical Security Controls (CIS Controls).Years ago, we realized we needed to provide an official home for these communities and the consensus processes they help to drive. This led us to create CIS WorkBench. Let's explore what this hub is all about.What does CIS WorkBench do, exactly? CIS WorkBench brings together the CIS Controls and CIS Benchmarks Communities, enabling greater collaboration among experts. Discussions range from the most detailed technical configuration settings to broader cybersecurity policies. Integrating these groups on the same platform provides everyone with greater insight into key initiatives, such as how the content in the CIS Benchmarks map to Safeguards within the CIS Controls.To read this article in full, please click here | |||
|
2022-07-27 10:10:00 | BrandPost: Map Your Cybersecurity Program to Security Best Practices (lien direct) | Organizations today need to comply with multiple policy, regulatory, and legal security frameworks. Complying with all of these frameworks can be difficult and time consuming. Your cybersecurity program can work more efficiently when you know how to “map” them all together.Efficiencies for cybersecurity compliance Today's IT and information security professionals can find themselves tasked with satisfying myriad regulatory frameworks. But the primary responsibility for cybersecurity professionals is to keep their organization's assets and data safe from an attack. A truly efficient approach protects the organization while also meeting compliance requirements. This is where the CIS Critical Security Controls (CIS Controls) and CIS Benchmarks can help.To read this article in full, please click here | |||
|
2022-07-27 10:06:00 | BrandPost: How to Improve Your Organization\'s Cyber Hygiene (lien direct) | Essential cyber hygiene is the foundation for any good cybersecurity program. The Center for Internet Security (CIS) defines essential cyber hygiene as Implementation Group 1 (IG1) of the CIS Critical Security Controls (CIS Controls).The CIS Controls are a prescriptive, prioritized, and simplified set of cybersecurity best practices. They are used and developed by thousands of cybersecurity experts around the world. The Safeguards included in IG1 represent essential cyber hygiene for any organization and can help protect organizations from all five of the top attack vectors identified in the CIS Community Defense Model (CIS CDM).To read this article in full, please click here | |||
|
2022-07-27 10:01:00 | BrandPost: Three Key Elements of a Strong Cybersecurity Program (lien direct) | The world relies on technology, so a strong cybersecurity program is more important than ever. The challenge of achieving good cyber hygiene can be especially acute for small- and medium-sized businesses with fully remote or hybrid work environments. Add to the mix limited resources and limited talent focused on cybersecurity, and the challenges can seem overwhelming.Considering this, we've simplified things down to three key elements of a strong cybersecurity program. You need to know how to assess, remediate, and implement security best practices at scale. In more detail, this means: To read this article in full, please click here | |||
|
2022-07-27 06:09:00 | Teleport features passwordless access with new access plane update (lien direct) | Teleport, an open source platform designed to provide zero trust access management applications, has announced the latest version of its unified access plane, Teleport 10, which features passwordless access as a single sign-on (SSO) infrastructure access solution.Teleport's unified access plane is an open source identity-based infrastructure access platform that unifies secure access to servers, Kubernetes clusters, applications and databases.To read this article in full, please click here | Uber | ||
|
2022-07-27 05:00:00 | GitGuardian launches ggcanary project to help detect open-source software risks (lien direct) | Code security platform provider GitGuardian has announced the launch of a new open-source canary tokens project to help organizations detect compromised developer and DevOps environments. According to the firm, security teams can use GitGuardian Canary Tokens (ggcanary) to create and deploy canary tokens in the form of Amazon Web Services (AWS) secrets to trigger alerts as soon as they are tampered with by attackers. The release is reflective of a wider industry trend of emerging standards and initiatives designed to tackle risks surrounding the software supply chain and DevOps tools.ggcanary features “highly sensitive” intrusion detection In a press release, GitGuardian stated organizations' continued adoption of the cloud and modern software development practices is leading to them unknowingly expanding their attack surfaces. Poorly secured internet-facing assets and corporate networks are triggering attackers to turn to components in the software supply chain like continuous integration and continuous deployment (CI/CD) pipelines as entry points, it added.To read this article in full, please click here | Guideline | ||
|
2022-07-27 04:18:00 | Spyware infections continue as the U.S. federal government takes notice (lien direct) | The U.S. House Intelligence Committee is holding a rare open public hearing today to discuss the proliferating and increasingly troublesome threats from foreign spyware. Despite the mounting evidence that invasive spyware apps such as NSO Group's Pegasus software are used somewhat indiscriminately by despotic regimes against political foes, the U.S. government has done little to address this crisis.The evidence is increasingly hard to ignore, which has prompted the Biden administration and Congress to take limited steps to curtail the abuses of foreign spyware.To read this article in full, please click here |
To see everything:
Our RSS (filtrered)
