What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-27 03:55:00 | Sophisticated UEFI rootkit of Chinese origin shows up again in the wild after 3 years (lien direct) | A sophisticated rootkit that's able to insert itself into the lowest levels of Windows computers -- the motherboard firmware -- has been making victims since 2020 after disappearing from the radar for around three years. The rootkit, dubbed CosmicStrand by researchers from Kaspersky Lab, is stealthy and highly persistent since its code is stored deep in the UEFI, outside the detection scope of most security programs.The Unified Extensible Firmware Interface (UEFI) is the modern equivalent to the BIOS. It's the firmware that contains the necessary drivers to initialize and configure all hardware components of a computer before the main operating system starts and takes over. While BIOS rootkits used to be a relatively common occurrence many years ago, the UEFI has better security protections, so UEFI malware is relatively rare.To read this article in full, please click here | Malware | ||
|
2022-07-27 02:00:00 | 5 trends making cybersecurity threats riskier and more expensive (lien direct) | Since the pandemic the cyber world has become a far riskier place. According to the Hiscox Cyber Readiness Report 2022, almost half (48%) of organizations across the U.S. and Europe experienced a cyberattack in the past 12 months. Even more alarming is that these attacks are happening despite businesses doubling down on their cybersecurity spend.Cybersecurity is at a critical inflection point where five megatrends are making the threat landscape riskier, more complicated, and costlier to manage than previously reported. To better understand the evolution of this threat landscape, let's examine these trends in more detail.To read this article in full, please click here | Threat | ||
|
2022-07-27 02:00:00 | Best practices for recovering a Microsoft network after an incident (lien direct) | Whenever I am dealing with cloud services or remote consultants, the one thing that gives me the greatest pause is keeping track of and protecting credentials. Doing so requires multiple backups, cloud resources, and tested backup and recovery processes.We have our normal password management processes, password storage tools, and encryption processes. Then disaster strikes. Your servers are hit with ransomware or hacked. A device with critical passwords is stolen. A multi-factor authentication device is lost. All these disasters could cause you or someone in your firm to be less than secure in how they handle the transfer and recovery of servers and key operations. How often do you or your consultants test to see if they can handle the recovery process under stress?To read this article in full, please click here | Ransomware | ||
|
2022-07-26 13:16:00 | New Facebook malware targets business accounts (lien direct) | Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts.The company said that it has “high confidence” that a Vietnamese threat actor is behind the attacks, which aim malicious messages at LinkedIn users who are likely to have admin access to their companies' Facebook accounts. The threat actor also targets email addresses of potential victims directly.What makes the attack unique, according to WithSecure, is the infostealer malware component, which is designed specifically to gain access to Facebook Business accounts. Previous attacks targeting Facebook did not target Facebook Business accounts in particular. If a victim can be induced to open a malicious link, the malware scans the infected computer for browsers and extracts cookies that indicate authenticated Facebook sessions for use in gaining access to those accounts. Command and control is handled via the Telegram messaging service, using the Telegram Bot system, and private data is also sent back to the hacker in this way.To read this article in full, please click here | Malware Threat | ||
|
2022-07-26 11:20:00 | BrandPost: The CIS Benchmarks: What They Are and How to Use Them (lien direct) | When the Center for Internet Security (CIS) was formed in 2000, the IT and cybersecurity industries identified a clear need to understand how to secure IT systems and data. This need highlighted a lack of hardening recommendations, particularly prescriptive and industry-recognized standards. Subsequently, CIS began working with the IT and cybersecurity industries to create secure configuration guidelines. They are now known collectively as the CIS Benchmarks.What are the CIS Benchmarks? The CIS Benchmarks are secure configuration recommendations for hardening specific technologies in an organization's environment. They are a key component of an organization's overall security against cyber attacks, and each CIS Benchmark recommendation maps to the CIS Critical Security Controls (CIS Controls). There are more than 100 CIS Benchmarks across 25+ vendor product families available through free PDF download for non-commercial use. CIS Benchmarks coverage includes security guidelines that are applicable to cloud provider platforms and cloud services, containers, databases, desktop software, server software, mobile devices, network devices, and operating systems.To read this article in full, please click here | |||
|
2022-07-26 11:12:00 | BrandPost: Five Questions to Ask When Creating a Cybersecurity Plan (lien direct) |
Creating a cybersecurity plan is the first step in starting secure and staying secure. Consider this when planning a budget, getting support from staff, and creating company goals. Here are the five essential "W's" for getting started. CIS
WHY should you add a cybersecurity plan to your budget?
Don't wait until there is a problem to start thinking about a cybersecurity plan. A company may not consider cybersecurity in their budgeting. When there is an attack, the costs – both to the bottom line and to your reputation – can be substantial. When creating a budget, consider allowing for investments in strengthening your cybersecurity. It could be for outside support, tools and services, or upgrades to hardware. In the long run, it may be less expensive to consider these preventative measures now than to deal with the fallout of a costly attack later.To read this article in full, please click here |
|||
|
2022-07-26 07:26:00 | CrowdStrike enhances container visibility and threat hunting capabilities (lien direct) | Cloud-native security provider CrowdStrike has launched a cloud threat hunting service called Falcon Overwatch, while also adding greater container visibility capabilities to its Cloud Native Application Protection Platform (CNAPP).Falcon Overwatch includes agent and agentless threat hunting Falcon Overwatch is a standalone threat hunting service that uses CrowdStrike's cloud-oriented indicators of attack to gain visibility into evolved and sophisticated cloud threats across the entire control plane, which includes the network components and functions used for cloud workloads.The service leverages both of the CrowdStrike CNAPP's agent-based (Falcon cloud workload protection) and agentless (Falcon Horizon cloud security posture management) solutions, to provide greater visibility across multiple clouds, including Amazon Web Services, Azure, and Google Cloud.To read this article in full, please click here | Threat | ||
|
2022-07-26 02:00:00 | How a sex worker became a defense contractor employee -- and an insider threat (lien direct) | The headline read, “How an unqualified sex worker allegedly infiltrated a top Air Force lab” and our eyes immediately rolled as we read the bizarre case of Dr. James Gord. He maneuvered a 32-year-old sex worker into a position of trust within Spectral Energies, a government contractor associated with the U.S. Air Force Research Laboratory located at Wright Paterson Air Force Base. His motivation? He wished to keep his sexual liaison sub rosa.Stuff right out of Ripley's Believe It or Not. While we sit and smirk at the ridiculousness of the situation, a deeper dive gives CISOs and their organizations food for thought as we dissect how Gord was able to manipulate his business partner and others to successfully place an individual within his company who had no business being there. Specifically, it underscores the value of background checks on individuals being placed into sensitive roles.To read this article in full, please click here | Threat | Yahoo | |
|
2022-07-26 02:00:00 | What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security (lien direct) | ISAC and ISAO definition [Editor's note: This article, originally published on July 3, 2019, has been updated with a directory of ISACs and ISAOs.]An Information Sharing and Analysis Center (ISAC) is an industry-specific organization that gathers and shares information on cyber threats to critical infrastructure. ISACs also facilitate the sharing of data between public and private sector groups.[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ] ISACs were established under a presidential directive in 1998 to enable critical infrastructure owners and operators to share cyber threat information and best practices. Besides being sector specific, most ISACs are comprised of large companies with a different set of priorities and challenges than a vast majority of smaller organizations and entities, according to Michael Echols, CEO of the International Association of Certified ISAO's (IACI) at the Kennedy Space Center.To read this article in full, please click here | Threat | ||
|
2022-07-25 14:16:00 | Kyndryl launches recovery retainer service for cyberattack response (lien direct) | Kyndryl is now offering a “recovery retainer service,” providing its own expert personnel as on-the-ground help to businesses recovering from ransomware and other types of cyberattacks.The service starts work before attacks happen, however-part of the offering is expert review and remediation of cyberattack preparedness, ensuring that organizations aren't making easy targets of themselves. If an attack does occur, Kyndryl can provide live expert advice, either virtually or physically at the client's facilities, to help ensure that critical data can be recovered and systems brought back online with a minimum of fuss.To read this article in full, please click here | |||
|
2022-07-25 02:00:00 | 9 tips to prevent phishing (lien direct) | Phishing, in which an attacker sends a deceptive email tricks the recipient into giving up information or downloading a file, is a decades-old practice that still is responsible for innumerable IT headaches. Phishing is the first step for all kinds of attacks, from stealing passwords to downloading malware that can provide a backdoor into a corporate network.The fight against phishing is a frustrating one, and it falls squarely onto IT's shoulders.To read this article in full, please click here | |||
|
2022-07-25 02:00:00 | 8 top SBOM tools to consider (lien direct) | To really secure software, you need to know what's inside its code. That's why a software bill of materials is essential today. It used to be that we didn't worry that much about our code's security. Bad binaries, sure. The code itself? Not so much. We were so foolish.Then came one security slap in the face after another: The SolarWinds software supply chain attack, the ongoing Log4j vulnerability, and the npm maintainer protest code gone wrong have made it clear that we must clean up our software supply chain. That's impossible to do with proprietary software since its creators won't let you know what's inside a program. But with open-source programs, this can be done with a software bill of materials (SBOM), pronounced “s-bomb”.To read this article in full, please click here | |||
|
2022-07-22 11:20:00 | Cybercrime escalates as barriers to entry crumble (lien direct) | An underground economy that mirrors its legitimate ecommerce counterpart is supercharging online criminal behavior, according to a report released Thursday by HP Wolf Security in collaboration with Forensic Pathways. Cybercriminals are now operating on a professional footing with easy-to-launch malware and ransomware attacks being offered on a software-as-a-service (SaaS) basis, allowing people with even rudimentary IT skills to launch cyberattacks at targets of their choosing, the report notes.It found that competition in the underground has driven down the price of malicious tools, making them affordable to anyone. In an analysis of 174 exploits advertised on the dark web, HP Wolf researchers found an overwhelming number (91%) were selling for less than $10. A look at 1,653 malware ads revealed more than three quarters (76%) selling for under $10. And on average, information stealers were selling for $5, remote access Trojans (RATs) for $3, exploits for $2.23, and crypters for $1.To read this article in full, please click here | Ransomware Malware | ||
|
2022-07-21 14:28:00 | BrandPost: Identity-first Security: How to Keep Your Security Team Strategic (lien direct) | The technological arc as we knew it pre-COVID is moving toward a new perimeter. How we work, where we work, and who we work with have all drastically changed in the last three years.Security teams across the globe have been forced to adapt to that change at an incredible pace just to keep up, prioritizing security approaches that align with the evolving threat landscape.That shift in prioritization may have begun as a means to ward off threats and to minimize increased risk, but it has also opened the door for security teams in every organization to play a strategic role in accelerating their businesses. In no area is this opportunity greater than identity.To read this article in full, please click here | Threat | ||
|
2022-07-21 13:39:00 | Ransomware attacks slowing as 2022 wears on (lien direct) | Total ransomware attacks for the second quarter of 2022 totaled 574, representing a 34% slowdown compared to the first quarter of the year, according to a report released Thursday by GuidePoint Research.The most impacted industries were manufacturing and construction, GuidePoint's report said, accounting for 18.3% of all claimed attacks during the quarter. The tech sector was also heavily targeted, as were government agencies. The US was the most-attacked country, according to the report, representing nearly a quarter of all global ransomware victims.To read this article in full, please click here | Ransomware | ||
|
2022-07-21 12:06:00 | BrandPost: Why Proactive DDoS Defense Makes Sense (lien direct) | At Netscout we continuously work with customers to discover the impact our offerings to prevent distributed denial-of-service (DDoS) are having on their ongoing security concerns and challenges. Because it is difficult to get customers to commit to providing the input for a long-term analysis of their DDoS protection efficiency, we decided to conduct a Forrester Total Economic Impact (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Netscout's Omnis Arbor Edge Defense (AED). The purpose of this study was to provide readers with a framework for evaluating the potential financial impact of Omnis AED on their organizations. To read this article in full, please click here | |||
|
2022-07-21 11:38:00 | Deloitte expands its managed XDR platform (lien direct) | Deloitte announced an update this week to its Managed Extended Detection and Response platform. The upgrade boosts the platform's capabilities to collect intelligence, hunt for threats, and secure mobile devices. Among the new modules added to Deloitte's MXDR offering: Cyber Security Intelligence, which adds to Deloitte's tools and proprietary sources intelligence from CrowdStrike Falcon X. The combination will provide users with actionable indicators of compromise (IoCs), threat notifications, threat actor profiles, industry landscapes, automated sandbox analysis, and threat briefing requests for information. "CSI allows us to be much more proactive in our detection, prevention, and understanding of threats so we can be more proactive in planning with our clients," says Deloitte MXDR leader Curt Aubley. Dynamic Adversary Intelligence, which provides clients with "over-the-horizon" adversary investigations. DAI uses passive intelligence collection methods, including global telemetry, industry-leading application programming interface integrations, refined tradecraft, proprietary analytics of publicly available information, and proprietary sources via Splunk. "DAI gives clients an inside-out view of attackers," Aubley explains. "It can also give a client the information they need to give to authorities to track down adversaries." Digital Risk Protection, which lets a client follow their digital footprint online. "We can fingerprint a client's intellectual property," Aubley says. "Using that information, along with data like domain names, email addresses, and others, we can look on the open web, deep web, and dark web and see if that information has gotten into the hands of an adversary. Then we can let a client know how to best manage any potential crisis that might arise from that leak. We can also look inside their environment to determine how the leak happened." Active Hunt and Response, which includes the use of a "dissolvable agent" that can be planted in the memory of an endpoint and collect data about an attacker while remaining invisible to them. In addition, a new Mobile Prevent, Detection, and Response module has been added to the MXDR platform. It has expanded hunting capabilities and is fully integrated with CrowdStrike Falcon for Mobile Endpoint Detection and Response and CrowdStrike's mobile threat defense.To read this article in full, please click here | Threat Guideline | Deloitte Deloitte | |
|
2022-07-21 05:10:00 | NSO Group\'s Pegasus crashes as Apple initiates Dignity and Justice Fund (lien direct) | Much has been written about NSO Group's collision with government reality when the Israeli firm found itself on the wrong side of a business decision to sell their technologies to entities that used it to target human rights activists, political leaders, journalists, and a bevy of U.S. persons. The collision came in the form of the U.S. government blacklisting the company, effectively drying up a great percentage of their clients to the point where bankruptcy was seen on the horizon.White House nixes L3Harris interest in NSO Then, according to a recent New York Times expose, U.S. defense contractor/supplier L3Harris allegedly attempted a Phoenix-like save and raise the charred NSO from the ashes, with the sub rosa assistance of the U.S. intelligence community. Apparently, L3Harris had its eye on the “zero-click” exploit provided by NSO's Pegasus for resale or exploitation by the U.S. To those not well versed in the government supply and contract world, L3Harris has expertise in the exploitation of cellphones.To read this article in full, please click here | Guideline | ||
|
2022-07-21 02:00:00 | Cybersecurity is a constant fire drill-that\'s not just bad, it\'s dangerous (lien direct) | As part of my job as an industry analyst, I do lots of quantitative research with security professionals. One question we often pose to security professionals is around their biggest challenges. The research results often include issues like coping with alert storms, addressing the dangerous threat landscape, managing a multitude of point tools, scaling manual processes, and staffing shortages, along with one. other challenge that comes up on nearly every survey, often with the highest percentage of responses: Security professionals report that they are challenged because the cybersecurity team at their organization spends most of its time addressing high-priority/emergency issues and not enough time on strategy and process improvement.To read this article in full, please click here | Threat | ||
|
2022-07-21 02:00:00 | MITRE Engage: a framework for deception (lien direct) | In the arms race that cybersecurity has become, there's value in knowing an adversary's next move, strategy, and motivation.The MITRE Corp. has a way to help figure that out.The not-for-profit entity, which operates federally funded R&D centers and public-private partnerships, has released a framework that details how security professionals can engage their enemy and pick up that valuable intel.MITRE in early 2022 launched MITRE Engage, a framework that cyber defenders can use for “communicating and planning cyber adversary engagement, deception, and denial activities.” The project earned Hill and his team a CSO 50 award for security innovation.To read this article in full, please click here | |||
|
2022-07-20 14:58:00 | Sophos unifies threat analysis and response units into X-Ops team (lien direct) | UK-based cybersecurity vendor Sophos announced today that it had reorganized its SophosLabs, Sophos SecOps and Sophos AI teams into an umbrella group called Sophos X-Ops, in order to provide a more unified response to advanced threats.The company said that while its security teams routinely share information among themselves, the creation of the X-Ops team makes that process faster and more streamlined.According to Joe Levy, CTO and chief product officer at Sophos, the new organizational move is a recognition of the fact that the threat landscape has changed rapidly of late, and that there's an increasing need for collaboration."Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged," he said in a statement. "Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops."To read this article in full, please click here | Threat | ||
|
2022-07-20 12:15:00 | Spate of pending U.S. privacy initiatives could significantly impact businesses (lien direct) | In the wake of the U.S. Supreme Court's decision overturning Roe v. Wade, which will expose pregnant people in over half of U.S. states to a digital law enforcement surveillance environment, the Biden administration and Congress have kicked into gear to address a spate of privacy and digital protection threats that substantially broaden the scope of privacy and data security protections.To read this article in full, please click here | |||
|
2022-07-20 10:58:00 | Orca adds detection and response capabilities to its agentless cloud security solution (lien direct) | Orca has added cloud detection and response (CDR) capabilities have been added to its cloud security platform, the company announced Tuesday. The new feature expands the platform's ability to detect, investigate, and respond to in-progress attacks."What we're adding with the CDR capability is the ability to have full visibility for governance of the cloud environment from workload scanning to non-workload related incidents," says Orca CEO and co-founder Avi Shua. "What we're seeing more frequently is that many attacks these days don't involve workloads at all so putting endpoint protection on them is not going to protect an organization."To read this article in full, please click here | |||
|
2022-07-20 08:41:00 | BrandPost: The Changing Use of Botnets will Impact Networks Around the World (lien direct) | Although it's sometimes easy to think about threat actors as evil geniuses, the reality is they're like any other group of people whose goal is to make money with as little effort as possible.That's clearly seen throughout Netscout's 2H 2021 Threat Intelligence Report, which highlights several examples where threat actors have improved the efficacy of long-established attack methods via new modifications and strategies. Such is the case for botnets, which have been around since the 1980s.Innovation throughout historyIndeed, a quick history of botnets illustrates how attackers have modified their strategies for using them over the course of 20 years. The first botnets were deployed on server-class computers. Later, attackers began building distributed denial-of-service (DDoS)-capable botnets by compromising personal computers (PCs) – and attackers continue using compromised PCs to create botnets for launching DDoS attacks today.To read this article in full, please click here | Threat | ||
|
2022-07-20 06:00:00 | Perception Point launches managed security service to help eliminate web browser threats (lien direct) | Perception Point has announced the launch of a new managed security service designed to eliminate web browser threats to organizations. According to the firm, Perception Point Advanced Browser Security adds managed, enterprise-grade security to native Chrome and Edge browsers allowing users to browse the web or access SaaS applications without exposing enterprise data to risk. The release is reflective of a growing trend of security products coming to market to provide advanced security for native browsers.Advanced Browser Security designed to isolate, detect and remediate web threats In a press release, Perception Point said the new solution fuses patented browser security technology powered by web isolation platform Hysolate, which it acquired earlier this year, and its own multi-layer detection engines. This combination delivers the ability to isolate, detect and remediate threats from the web, including phishing, ransomware, malware and APTs. Advanced Browser Security also secures access to sensitive corporate apps via an isolated, trusted Chrome or Edge browser, the firm added.To read this article in full, please click here | Malware | ||
|
2022-07-20 02:00:00 | Breaking down CIS\'s new software supply chain security guidance (lien direct) | Securing the software supply chain continues to be one of the most discussed topics currently among IT and cybersecurity leaders. A study by In-Q-Tel researchers shows a rapid rise in software supply chain attacks starting around 2016, going from almost none in 2015 to about 1,500 in 2020. The Cloud Native Computing Foundation's (CNCF's) catalog of software supply chain attacks also supports a rise in this attack vector.To read this article in full, please click here | Guideline | ||
|
2022-07-20 02:00:00 | How to manage Microsoft\'s Excel and Office macro blocking (lien direct) | Microsoft has pulled back on its decision to block downloaded Excel files containing macros by default. They have said they will push this change out again in the future. If you were caught flat-footed by this decision and suddenly couldn't figure out how to unblock your Excel files that you relied upon, you need to act before Microsoft rolls this out again. Evaluate now why you are allowing such risky behavior and how you can better protect your firm.While Microsoft pulled back from this decision, I urge you to look for additional ways to protect users from phishing lures and attack vectors that include malicious Office files. Because many of these attacks come via email, but not necessarily as email attachments, evaluate whether your phishing protection and user education are appropriate. I've seen many a phishing lure come in via web links, pretend cloud services, and other techniques that bypass traditional antivirus and file filtering.To read this article in full, please click here | |||
|
2022-07-20 02:00:00 | How to conduct a tabletop exercise (lien direct) | Tabletop exercises give your organization an opportunity to practice incident response plans. They are both an opportunity to rehearse and revise existing plans and a training opportunity for new employees.Done well, tabletop exercises “allow for the discovery of ways to reduce your threat surface,” says Stephen Jensen, senior director of operations at the Center for Internet Security (CIS). “When you rehearse in a tabletop format, your written policies go from just being plain policies to becoming well-written policies and procedures.”To read this article in full, please click here | Threat | ||
|
2022-07-19 14:00:00 | What is an SBOM? Software bill of materials explained (lien direct) | An SBOM is a formal, structured record that not only details the components of a software product, but also describes their supply chain relationship. An SBOM outlines both what packages and libraries went into your application and the relationship between those packages and libraries and other upstream projects-something that's of particular importance when it comes to reused code and open source.You might be familiar with a bill of materials for an automobile. This is a document that goes into great detail about every component that makes your new car run. The auto supply chain is notoriously complex, and even though your car was assembled by Toyota or General Motors, many of its component parts were built by subcontractors around the world. The bill of materials tells you where each of those parts came from, and that knowledge isn't just an interesting bit of trivia. If a certain production run of airbags has been recalled, car manufacturers need a quick way to know where those particular airbags ended up.To read this article in full, please click here | |||
|
2022-07-19 13:30:00 | BrandPost: How CSPs can Future Proof 5G Mobile Networks (lien direct) | According to Benjamin Franklin, “If you fail to plan, you are planning to fail!”This sentiment definitely applies to operating mobile networks and their technology lifecycle on the 5G journey and beyond.Mobile networks are complex, and communications service providers (CSPs) must deal with this complexity to support new technologies while assuring existing technologies and protecting the connected world. From 2G to 5G, CSPs must have a vision and a strategy for how to manage the networks, realize revenue, and continue to innovate. They must also have strategies and plans to ensure the network is efficient to support deployment, launch, and daily operations.To read this article in full, please click here | |||
|
2022-07-19 12:09:00 | BrandPost: Security Service Edge (SSE) Reflects Rapidly Changing Security Requirements: Here is What You Need to Know (lien direct) | “What the world needs is another acronym in cybersecurity,” said no one ever. However, SSE – Security Service Edge – is an important new direction.So why is this change of direction significant? Creating a new market segment is not done lightly – it often reflects trends and shifts in client inquiries (the typical analyst has more than 600 client interactions per year). The introduction of SSE demonstrates the fact that increasingly clients require: Security that isn't tied to a network. Reduction of risk posed by gaps in disparate solutions. Zero trust access that's least-privileged based on identity and context. Consistent policy across all channels: internet, SaaS, and private applications in the data center or cloud. Fast digital experience regardless of user location or connection. First, let's brush up on some history, shall we? The Secure Access Service Edge (SASE) category was first introduced back in 2019 to describe the convergence of WAN edge network services, like SD-WAN, with network security services, like secure web gateway (SWG) and zero trust network access (ZTNA). SASE described a world where the security perimeter wasn't defined by appliances in a data center but as integrated services offered via the cloud closest to where the users were.To read this article in full, please click here | |||
|
2022-07-19 11:20:00 | Cato Networks launches SSE system with customizable DLP capabilities (lien direct) | Israel-based SASE (secure access service edge) provider Cato Networks has announced a security service edge (SSE) offering, Cato SSE 360, that includes Cato DLP, a capability for data loss protection across business applications that allows for customizable rules.Along with SSE 360, Cato is also offering a new expert certification for the SSE architecture."Traditional SSE architectures are mostly proxy-based solutions which have limited visibility and control over WAN traffic as they only take into account the traffic from users to the internet," says Boaz Avigad, director of product marketing at Cato Networks. "However, at some point they'll need to cover data centers, on-prem and cloud. Cato SSE 360 does that."To read this article in full, please click here | |||
|
2022-07-19 08:28:00 | GPS trackers used for vehicle fleet management can be hijacked by hackers (lien direct) | Hackers can exploit vulnerabilities in a popular GPS tracking device used around the world for vehicle fleet management across many industry sectors. The tracker, made by a Chinese company called MiCODUS, is widely available to purchase from online retailers and has anti-theft, fuel cut off, remote control, and geofencing capabilities."The exploitation of these vulnerabilities could have disastrous and even life-threatening implications," researchers from cybersecurity assessment firm BitSight said in a report. "For example, an attacker could exploit some of the vulnerabilities to cut fuel to an entire fleet of commercial or emergency vehicles. Or the attacker could leverage GPS information to monitor and abruptly stop vehicles on dangerous highways. Attackers could choose to surreptitiously track individuals or demand ransom payments to return disabled vehicles to working condition. There are many possible scenarios which could result in loss of life, property damage, privacy intrusions, and threaten national security."To read this article in full, please click here | |||
|
2022-07-19 03:34:00 | Unauthorized access jumped 4x in 2021 (lien direct) | Security breaches from issues associated with supply chain and third-party suppliers have recorded an unprecedented jump of 297%, representing about a fourth of all the security breaches in 2021 in the US, according to a study by digital identity and access management platform ForgeRock.The 2022 Consumer Identity and Breach Report found unauthorized access to be the leading infection vector for the breaches, accounting for 50% of all records compromised in 2021.The average cost of a breach in the US, according to the report, was $9.5 million, which is the highest in the world and up 16% from $8.2 million in 2020.For the study, ForgeRock gathered data from several sources including the Identity Theft Resource Centre, Forrester Research, and the Ponemon Institute, between January 1, 2021 and December 1, 2021.To read this article in full, please click here | Guideline | ||
|
2022-07-19 02:00:00 | 10 industry-defining security incidents from the last decade (lien direct) | The last decade has seen its fair share of watershed moments that have had major implications on the cybersecurity landscape. Severe vulnerabilities, mass exploitations, and widespread cyberattacks have reshaped many aspects of modern security. To take stock of the past 10 years, cybersecurity vendor Trustwave has published the Decade Retrospective: The State of Vulnerabilities blog post featuring a list of what it considers to be the 10 most prominent and notable network security issues and breaches of the last 10 years.“It is difficult to tell the complete story about the network security landscape from the past decade because security tools and event loggers have evolved so much recently that many of the metrics that we take for granted today simply did not exist 10 years back,” the blog read. “Nevertheless, the data that is available provides enough information to spot some significant trends. The most obvious trend, based on sources like the National Vulnerability Database (NVD), Exploit-DB, VulnIQ, and Trustwave's own security data, is that security incidents and individual vulnerabilities have been increasing in number and becoming more sophisticated,” it added.To read this article in full, please click here | Vulnerability | ||
|
2022-07-19 00:01:00 | Darktrace launches new PREVENT AI security products to pre-empt cyberthreats (lien direct) | Darktrace has announced a new set of AI products designed to deliver proactive security to help organizations pre-empt cyberthreats. The PREVENT products are the latest additions to the firm's artificial intelligence (AI)-driven portfolio, which it claimed works together autonomously to optimize an organization's state of security through a continuous feedback loop. The firm said that the new products are based on breakthroughs developed in the company's Cambridge Cyber AI Research Centre and the capabilities gained through the acquisition of Cybersprint earlier this year.PREVENT products use AI to “think like an attacker” In a press release, Darktrace stated that its two new PREVENT products use AI to “think like an attacker,” finding pathways to an organization's most critical assets from “inside and outside,” analyzing the most disruptive attacks for an organization and feeding information to support continuous learning and automation to harden systems. PREVENT/E2E (End-to-End) uses an outcome-based approach to managing cyber risk incorporating capabilities from across multiple disciplines including attack path modelling, automated penetration testing, breach and attack emulation, security awareness testing and training, and vulnerability prioritization.To read this article in full, please click here | Vulnerability | ||
|
2022-07-18 12:34:00 | Passwordless company claims to offer better password security solution (lien direct) | Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it's calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction. Password reuse. When someone tries to access an account covered by the Stytch solution, the password is automatically vetted at HaveIBeenPwnd, a dataset of 12 billion compromised passwords. A password reset is automatically triggered if the password is in the dataset. Strength assessment. When someone creates a password, its strength is automatically assessed using Dropbox's zxcvbn password strength estimator and a suggestion made that a stronger password should be chosen. Account de-duplicating. Users might forget what authentication method they used to access their account. Did they use Facebook or Google? Did they use an email address? Choosing the wrong method can result in creating a duplicate account. Stytch prevents that by permitting an email login that allows an account to be accessed regardless of the original authentication method. Better reset. Someone wants to access their account, but their password isn't immediately available. Rather than reset their password to access their account, Stytch offers an email alternative that allows a user to access an account without a password reset. Enthusiasm, hesitancy for passwordless authentication Stytch co-founder and CEO Reed McGinley-Stempel explains that his company was started with a negative view of passwords. "We still have a negative view of traditional password systems and a lot of the assumptions baked into them," he says, "but if you're a passwordless company that wants to drive passwordless adoption, you can't ignore password innovation."To read this article in full, please click here | |||
|
2022-07-18 02:00:00 | 6 security analyst job description red flags that make hiring harder (lien direct) | Hiring for the role of security analyst-that workhorse of security operations-could get even harder.Demand for the position is expected to grow, with the U.S. Bureau of Labor Statistics predicting organizations to add tens of thousands of positions through the decade, with employment for security analysts expected to grow by 33% from 2020 to 2030-much faster than the average for all occupations.To read this article in full, please click here | |||
|
2022-07-15 08:45:00 | TikTok resets the clock on security leadership (lien direct) | The best time to do succession planning was last year. But the next best time is right now.The news this morning that Roland Cloutier is stepping away from the TikTok Global CSO role may or may not be surprising. After all, Roland joined TikTok a couple of years ago, around the same time that TikTok was dragged into some US political maneuverings. At the time, it wasn't clear if Roland was going to be their CSO-for-life, or if his role was to guide TikTok through a transition and build an excellent foundation for its security future (I guess we know now).To read this article in full, please click here | Guideline | ||
|
2022-07-15 02:00:00 | Johnson & Johnson CISO Marene Allison: \'You can\'t sit on today\'s technology\' (lien direct) | The oath Marene Allison took years ago to defend and protect the United States is the same tenet that now guides her work maintaining cybersecurity at one of the largest pharmaceutical and consumer packaged goods manufacturers in the world.“It's like I raise my hand [in an oath] every morning and the mission is to protect and ensure the viability of my company in the cyber world,” says Allison, who has been the CISO at Johnson & Johnson for more than 12 years. “It's important to understand I'm here to protect this company that is focused on human healthcare. It's a very, very important mission that I take seriously every single day.”Allison is accustomed to missions.To read this article in full, please click here | |||
|
2022-07-15 02:00:00 | New US CISO appointments, July 2022 (lien direct) | The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Amy Bennett, executive editor.To read this article in full, please click here | Threat Guideline | ||
|
2022-07-15 02:00:00 | The CSO guide to top security conferences, 2022 (lien direct) | There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don't have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job - and we know it is - then attending some top-notch security conferences is on your must-do list for 2022.From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.To read this article in full, please click here | Tool | ||
|
2022-07-14 16:38:00 | BrandPost: Let\'s Talk About Cloud Threat Hunting (lien direct) | Threat hunting is a proactive approach for finding and remediating undetected cyber-attacks. It is a process that involves searching for indicators of compromise (IoC), investigating, classifying, and remediating. Threat hunting can be IoC-driven, in which the hunter investigates an indicator provided by external or internal sources. It can also be hypothesis-driven, in which the hunt begins with an initial hypothesis or question. For example, have we been affected by a recent campaign covered in the news?It's best to assume you've been compromisedThreat hunting is necessary simply because no cybersecurity protections are always 100% effective. An active defense is needed, rather than relying on “set it and forget it” security tools.To read this article in full, please click here | Threat | ||
|
2022-07-14 16:00:00 | Data breaches explained: Types, examples, and impact (lien direct) | What is a data breach? A data breach is a security incident in which a malicious actor breaks through security measures to illicitly access data. Data about individuals-names, birthdates, financial information, social security numbers and driver's license numbers, and more-lives in innumerable copies across untold numbers of servers at private companies, public agencies, and in the cloud. If someone who isn't authorized to access personally identifiable information (PII) manages to get a look at it, that can have dire consequences both for the individual and for the organization that stored the data and was supposed to keep it safe. To read this article in full, please click here | Data Breach | ||
|
2022-07-14 13:41:00 | Cyberespionage groups increasingly target journalists and media organizations (lien direct) | Since early 2021 researchers have observed multiple attack campaigns by state-sponsored advanced persistent threat (APT) groups aimed at journalists and the media organizations they work for. The attacks targeted their work emails and social media accounts and often followed journalists' coverage of stories that painted certain regimes in a bad light or were timed to sensitive political events in the U.S.Journalists have always been an appealing target for spies due to the access they have to sensitive information and the trust that organizations and individuals generally place in them, which is why it's imperative for members of the media to undergo online security training and be aware of the techniques used by state-linked hackers.To read this article in full, please click here | Threat | ||
|
2022-07-14 12:35:00 | Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability” (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released the first report of the Cyber Safety Review Board (CSRB), formed in February as directed under President Biden's May 2021 cybersecurity executive order. The public-private board comprises top cybersecurity personnel in the federal government and selected private sector information security professionals.To read this article in full, please click here | |||
|
2022-07-14 11:22:00 | BrandPost: Why Maintaining the Quality and Availability of Collaboration Tools is Key (lien direct) | Over the past two years, the use of unified communication and collaboration (UC&C) and unified communications as a service (UCaaS) have enabled business continuity. As organizations establish their hybrid workforce models in the wake of the COVID-19 pandemic, these communications services continue to play a vibrant role in maintaining the personal relationships and professional collaboration necessary for success.In fact, our recent survey on UC&C, revealed the vast majority of respondents (93%) say collaboration tools are important to their hybrid work policy. This has put enormous pressure on IT professionals to ensure the quality and availability of these vital services. To read this article in full, please click here | |||
|
2022-07-14 03:50:00 | New speculative execution attack Retbleed impacts Intel and AMD CPUs (lien direct) | Researchers have discovered a new attack technique that exploits the speculative execution feature of modern CPUs to leak potentially sensitive information from the kernel's memory. The attack circumvents some of the software defenses some operating systems put in place to prevent previous exploits of this nature.The attack, dubbed Retbleed by researchers from Swiss university ETH Zurich, works against both Intel and AMD CPUs. On Intel it's tracked as CVE-2022-29901 and impacts CPU generations 6, 7 and 8 although to different extents and depending on the mitigations used by the operating system. On AMD it's tracked as CVE-2022-29900 and impacts AMD Zen 1, Zen 1+ and Zen 2 CPUs.To read this article in full, please click here | |||
|
2022-07-14 03:27:00 | New Flashpoint offering automates incident response workflows (lien direct) | A new low-code security automation platform designed for ease of use was introduced Tuesday by Flashpoint, a threat intelligence company. Called Automate, the platform aims to lower the barriers typically associated with security automation."Automation solutions can be great, but oftentimes they require a team of engineers or developers, sometimes both," explains Flashpoint Executive Director of Automation Robert D'Aveta.As everyone in the tech industry knows, engineers and developers can be tough to find. "Unless your organization has a staff of unicorns that can do automation work, that leaves it to ordinary people," D'Aveta says. "That's a barrier to entry for typical automation solutions that low-code automation can help solve."To read this article in full, please click here | Threat | ||
|
2022-07-14 02:00:00 | 5 key considerations for your 2023 cybersecurity budget planning (lien direct) | As CISOs look to prepare their 2023 security budgets, some might be asking themselves, “where do I begin?” There are such varied and rapidly changing facets of defending organizations against cyber threats that the task of sorting out which risks need the most attention can seem overwhelming.Nevertheless, security leaders need to begin thinking about how much funding they will need and how they will allocate their budgets. “At a macro level, when defining strategic goals and developing budgets for security, CISOs should know that the status quo will likely leave security leaders with an impossible mission ahead-constrained to maintain operations and new initiatives,” says David Chaddock, director of cybersecurity for consultancy West Monroe.To read this article in full, please click here | Guideline | ★★ |
To see everything:
Our RSS (filtrered)
