What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-28 02:00:00 | How Visa fights fraud (lien direct) | For Visa, successful fraud detection must happen in mere milliseconds.Its Visa Advanced Authorization (VAA) scoring service, one of the company's most prominent offerings, uses artificial intelligence and machine learning techniques to score the likelihood that a transaction in progress is fraudulent.It does so in just 300 milliseconds, allowing customers and merchants alike to transact with confidence in real time.VAA does its job extremely well, too, with the company reporting that VAA prevented $26 billion in fraud on its network in 2021 alone.Figures like that, says Visa Chief Risk Data Officer Dustin White, prove that the company's investments in advanced analytics, machine learning, and AI enables “the safe, reliable and fast movement of money between entities that's powering today's global economy.”To read this article in full, please click here | |||
|
2022-06-28 02:00:00 | Adversarial machine learning explained: How attackers disrupt AI and ML systems (lien direct) | As more companies roll out artificial intelligence (AI) and machine learning (ML) projects, securing them becomes more important. A report released by IBM and Morning Consult in May stated that of more than 7,500 global businesses, 35% of companies are already using AI, up 13% from last year, while another 42% are exploring it. However, almost 20% of companies say that they were having difficulties securing data and that it is slowing down AI adoption.In a survey conducted last spring by Gartner, security concerns were a top obstacle to adopting AI, tied for first place with the complexity of integrating AI solutions into existing infrastructure.To read this article in full, please click here | |||
|
2022-06-28 02:00:00 | Russia-China cybercriminal collaboration could “destabilize” international order (lien direct) | In a riff on the “Field of Dreams” theme, Russian cybercriminals continue to court their Chinese counterparts in hopes of forming mutually beneficial avenues of collaboration and are finding the Chinese to be a tough date. The latest peek into this engagement of Russia-China “frenemies” comes to us from Cybersixgill and its The Bear and The Dragon analysis of the two communities.Russian cybercriminals motivated by money, Chinese by knowledge The Cybersixgill findings have the two cybercriminal communities colliding and attempting to form what appears to be a “fledgling alliance.” This is a step above where the situation stood in November 2021, when Flashpoint Intelligence connected the dots between Chinese and Russian threat actors.To read this article in full, please click here | Threat | ||
|
2022-06-27 11:14:00 | Security startup Cerby debuts with platform to manage shadow IT (lien direct) | Security automation startup Cerby is exiting stealth mode with the public launch of a security platform designed to help companies deal with shadow IT-information technology products that are used by staff without prior approval or knowledge of IT decision makers.Such products are either selected and onboarded by business units other than the IT department, and may not support industry standards like SAML (security assertion markup language) and SCIM (system for cross-domain identity management) for logging and exchanging identity data.To read this article in full, please click here | |||
|
2022-06-27 02:00:00 | The strange business of cybercrime (lien direct) | The old hacker stereotype-the antisocial lone wolf with coding skills-has been eclipsed by something far stranger: the cybercrime enterprise. This mutant business model has grown exponentially, with annual cybercrime revenues reaching $1.5 trillion, according to a 2018 study by endpoint security provider Bromium.The sophistication of cybercrime operations underpins this scale of damage. The only explanation is that profit motive is fueling an engine that has driven the creation of effective organizations. But these organizations are curiously subject to many of the vicissitudes of normal business. To read this article in full, please click here | |||
|
2022-06-27 02:00:00 | 5 years after NotPetya: Lessons learned (lien direct) | On June 27, 2017, the eve of Ukraine's Constitution Day holiday, a major global cyberattack was launched, infecting more than 80 companies in that country using a brand-new cyber pathogen that became known as NotPetya. NotPetya didn't stay within Ukraine's borders but spilled out to infect and cause havoc for thousands of organizations across Europe and worldwide.NotPetya was so named because it was similar to but different from Petya, a self-propagating ransomware virus discovered in 2016 that, unlike other nascent forms of ransomware at the time, was incapable of being decrypted. In another departure from the earlier forms of ransomware, Petya also overwrote and encrypted master boot records and was, therefore, considered more a form of wiper malware than bona fide ransomware.To read this article in full, please click here | Ransomware Malware | NotPetya NotPetya | |
|
2022-06-24 10:49:00 | Mitek launches MiVIP platform to fight identity theft (lien direct) | A new easy-to-deploy identity platform was announced this week to help address growing concerns about identity theft. The Mitek Verified Identity Platform (MiVIP) melds the company's mobile technologies with those of its recent acquisitions to give its customers flexible control over their consumers' experiences.With MiVIP, customers have the ability to orchestrate the full range of authentication technologies offered by Mitek, including biometrics, geolocation, politically exposed persons (PEPS) and sanctions, and bureau checks. Those technologies, together with those from recent acquisitions HooYu and ID R&D, enable MiVIP to address the security of the entire transaction lifecycle, according to Mitek.To read this article in full, please click here | |||
|
2022-06-24 08:51:00 | Italian spyware firm is hacking into iOS and Android devices, Google says (lien direct) | RCS Lab spyware uses known exploits to install harmful payloads and steal private user data, according to a Google report. | |||
|
2022-06-24 05:11:00 | 5 social engineering assumptions that are wrong (lien direct) | Social engineering is involved in the vast majority of cyberattacks, but a new report from Proofpoint has revealed five common social engineering assumptions that are not only wrong but are repeatedly subverted by malicious actors in their attacks.Commenting on the report's findings, Sherrod DeGrippo, Proofpoint's vice president threat research and detection, stated that the vendor has attempted to debunk faulty assumptions made by organizations and security teams so they can better protect employees against cybercrime. “Despite defenders' best efforts, cybercriminals continue to defraud, extort and ransom companies for billions of dollars annually. Security-focused decision makers have prioritized bolstering defenses around physical and cloud-based infrastructure, which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviors and interests.”To read this article in full, please click here | Threat | ||
|
2022-06-24 02:00:00 | Security startups to watch for 2022 (lien direct) | The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base.The downside, of course, is that startups often lack resources and maturity. It's a risk for a company to commit to a startup's product or platform, and it requires a different kind of customer/vendor relationship. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.To read this article in full, please click here | |||
|
2022-06-23 13:48:00 | Open-source software risks persist, according to new reports (lien direct) | Open-source software (OSS) has become a mainstay of most applications, but it has also created security challenges for developers and security teams, challenges that may be overcome by the growing "shift left" movement, according to two studies released this week.More than four out of five organizations (41%) don't have high confidence in their open-source security, researchers at Snyk, a developer security company, and The Linux Foundation reveal in their The State of Open Source Security report.It also notes that the time to fix vulnerabilities in open-source projects has steadily increased over the last three years, more than doubling from 49 days in 2018 to 110 days in 2021.To read this article in full, please click here | Studies | ||
|
2022-06-23 11:36:00 | Kaseya closes $6.2 billion Datto deal, vows to cut prices (lien direct) | Kaseya, a maker of IT service and security management software, announced Thursday that it had finalized its $6.2 billion acquisition of cybersecurity company Datto, promising tight integration between the two companies' products and lower pricing for customers.The deal's closure marks the third high-profile acquisition for Kaseya in the past 18 months, as the company acquired security threat response company Infocyte in January, and threat detection company BitDam in March 2021. A total of 12 acquisitions have been completed by Kaseya under CEO Fred Voccola.The company's public messaging about the Datto deal emphasized impending price cuts-an average of 10% across the board, according to Kaseya. Some products are expected to remain at the same price point, while others will drop significantly more, Kaseya said. Datto will continue to operate as an independent brand, Kaseya added.To read this article in full, please click here | Threat | ||
|
2022-06-23 11:11:00 | BrandPost: Major Retailer Converges Network and Security Systems With Fortinet Secure SD-WAN (lien direct) | For most retailers, effective networking must deliver on the three Ps: protection, performance, and price.One major retailer with more than 1,700 stores had found that its legacy network was failing to meet any of these touchstones. For one, it was obliged to manage its security and network devices separately, which added cost and complexity. Additionally, given the adverse effect it had on network performance, the retailer could not fully utilize its IPS (intrusion prevention system). Other challenges included poor performance optimization and limited visibility into network traffic.To read this article in full, please click here | |||
|
2022-06-23 11:08:00 | Cisco reports vulnerabilities in products including email and web manager (lien direct) | Cisco has issued alerts for a vulnerability found in its email security and web management products that could allow an authenticated remote actor to retrieve sensitive information from an affected device.An advisory issued by Cisco this week outlined that the vulnerability-detected in the web management interface of Cisco Secure Email and Web Manager, known formerly as Cisco Security Management Appliance (CSMA), and Cisco Email Security Appliance (ESA)-allows an authenticated actor to extract sensitive information through a Lightweight Directory Access Protocol (LDAP) server connected to the affected device.This vulnerability is due to a design oversight in the querying process, according to Cisco. LDAP is an external authentication protocol for accessing and maintaining distributed directory information services on the public internet or corporate intranet.To read this article in full, please click here | Vulnerability | ||
|
2022-06-23 05:15:00 | Palo Alto adds out-of-band web application security features to Prisma Cloud (lien direct) | Palo Alto Networks has announced updates to its Prisma Cloud platform with new out-of-band web application and API security (WAAS) features, along with new application visibility capabilities. The vendor said the updates are designed to help organizations monitor and secure web applications without impacting performance. The move comes as businesses continue to expand their use of cloud environments and face demands in managing the complexity of cloud migration, securing applications across their lifecycle, and preventing web application attacks.Prisma Cloud updates introduce “novel approach” to web application security In a press release, Palo Alto stated that the latest Prisma Cloud version offers a novel approach to securing web applications and cloud environments that combines both inline and out-of-band methods. Until now, a primary approach to securing web applications has been to deploy inline web application firewalls (WAFs), but some organizations are reluctant to introduce WAFs or API security solutions inline to protect business-critical or sensitive applications due to performance and scalability concerns, the vendor said.To read this article in full, please click here | |||
|
2022-06-23 02:00:00 | U.S. data privacy and security solutions emerging at the federal level (lien direct) | Although a handful of U.S. states have enacted strict privacy laws, the United States still lacks a comprehensive federal privacy statute, a vacuum that has fueled what many observers argue is a culture of “surveillance capitalism.” The lack of a national privacy law looms particularly large now as the Supreme Court seems poised to overturn its landmark abortion decision Roe v. Wade, which is likely to accelerate private data hunting expeditions by prosecutors and law enforcement in nearly 30 U.S. states.To read this article in full, please click here | |||
|
2022-06-23 02:00:00 | MITRE\'s Inside-R Protect goes deep into the behavior side of insider threats (lien direct) | Insider threat and risk management programs are the Achilles heel of every corporate and information security program, as many a CISO can attest to. The MITRE Inside-R Protect program is the organization's latest initiative to assist both public and private sector efforts in addressing the insider threat. The Inside-R program's bar for success is high. The focus of Inside-R is on evolving analytic capabilities focused on the behavior of the insider. To that end, MITRE invites the participation of government and private organizations to provide their historical insider incident data to the organization's corpora of information from which findings are derived.To read this article in full, please click here | Threat | ||
|
2022-06-22 02:00:00 | How Microsoft Purview can help with ransomware regulatory compliance (lien direct) | Nations across the globe are taking regulatory action to reduce the ransomware threat. In March, for example, new U.S. ransomware reporting requirements were signed into law. Covered entities that experience a cyber incident must report it to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours after the covered entity believes that the incident occurred. Additional guidance is still being worked on but at a minimum the following requirements will be included: Identify and describe the function of the affected information systems, networks that were, or are reasonably believed to have been affected by such cyber incident. Describe the unauthorized access with substantial loss of confidentiality, integrity, or availability of the affected information systems or network or disruption of business or industrial operations. Estimate the date range of such incident. Assess the impact to the operations of the covered entity. Report ransomware payments within 24 hours after they have been made. Submit any new or different information that becomes available surrounding the ransomware attack to CISA. Preserve data relevant to the covered cyber incident or ransom payment. Think of that list. Would you be able to report within 72 hours that you'd had a ransomware incident? Wouldn't you still be in the middle of trying to recover from an incident? This is often the major difference between smaller businesses and larger businesses. Small businesses just want to get back in business. They often don't want to deal with the reporting side or, worse, would not have the means to notify every impacted customer that their data is at risk.To read this article in full, please click here | Ransomware | ||
|
2022-06-21 21:00:00 | BrandPost: What Every Enterprise Can Learn from Russia\'s Cyber Assault on Ukraine (lien direct) | In January, the Microsoft Threat Intelligence Center (MSTIC) discovered wiper malware in more than a dozen networks in Ukraine. Designed to look like ransomware but lacking a ransom recovery mechanism, we believe this malware was intended to be destructive and designed to render targeted devices inoperable rather than obtain a ransom. We alerted the Ukrainian government and published our findings.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-06-21 13:28:00 | APT actor ToddyCat hits government and military targets in Europe and Asia (lien direct) | Researchers from Kaspersky Lab have published an analysis of a previously undocumented advanced persistent threat (APT) group that they have dubbed ToddyCat.The threat actor, which has targeted high-profile organizations in Asia and Europe, often breaks into organizations by hacking into internet-facing Microsoft Exchange servers, following up with a multi-stage infection chain that deploys two custom malware programs."We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call 'Samurai backdoor' and 'Ninja Trojan'," the researchers said.To read this article in full, please click here | Malware Tool Threat | ||
|
2022-06-21 02:00:00 | Space-based assets aren\'t immune to cyberattacks (lien direct) | One of the most significant cybersecurity incidents related to Russia's war on Ukraine was a "multi-faceted" attack against satellite provider Viasat's KA-SAT network on February 24, one hour before Russia's invasion began. The assault, which both Ukraine and Western intelligence authorities attribute to Russia, was intended to degrade the Ukrainian national command and control.To read this article in full, please click here | |||
|
2022-06-17 07:52:00 | BrandPost: Is Stopping a Ransomware Attack More Important than Preventing One? (lien direct) | The sophistication and frequency of ransomware attacks is growing. According to Akamai CTO Robert Blumofe, ransomware has become “a repeatable, scalable, money-making business model that has completely changed the cyberattack landscape.” Conti, for example, the cybercrime giant that operates much like the businesses it targets – with an HR department and employee of the month – not only aims to make money but to carry out politically motivated attacks. (Learn more in our Ransomware Threat Report H1 2022.)To read this article in full, please click here | Ransomware Threat | ||
|
2022-06-16 13:32:00 | Ransomware could target OneDrive and SharePoint files by abusing versioning configurations (lien direct) | Researchers warn that documents hosted in the cloud might not be out of reach for ransomware actors and that while they're harder to permanently encrypt due to the automated backup features of cloud service, there are still ways to make life hard for organizations.Researchers from Proofpoint have devised a proof-of-concept attack scenario that involves abusing the document versioning settings in Microsoft's OneDrive and SharePoint Online services that are part of Office 365 and Microsoft 365 cloud offerings. Furthermore, since these services provide access to most of their features through APIs, potential attacks can be automated using command-line interface and PowerShell scripts.To read this article in full, please click here | Ransomware | ||
|
2022-06-16 11:28:00 | BrandPost: 4 Multi-Cloud Misconceptions that Put Organizations at Risk (lien direct) | What makes cloud computing appealing is also a reason to worry. It is easy to access your cloud environment anywhere with internet access, but that also means it's easy for cybercriminals and digital adversaries to access it.With the explosion of data over the past 10 years, the adoption of 5G, and the global nature of business, embracing a multi-cloud strategy is almost non-negotiable. But there's an overlooked factor in this shift that a lot of organizations still underestimate today. And that's cybersecurity.Traditional security strategies and tools intended to protect on-premises networks simply don't work when defending in the cloud. Instead, design and implement a comprehensive security solution that can protect against an expanding array of threats and increasingly sophisticated attacks targeting multi-cloud environments.To read this article in full, please click here | Tool Threat | ||
|
2022-06-15 08:43:00 | New peer-to-peer botnet Panchan hijacks Linux servers (lien direct) | Researchers warn of a new worm that's infecting Linux servers by brute-forcing and stealing SSH credentials. The hijacked servers are joined in a botnet and are used to mine cryptocurrency by loading mining programs directly in memory with no files on disk.Dubbed Panchan by researchers from Akamai, the malware is written in the Go programming language, which allows it to be platform independent. It first appeared in late March and has infected servers in all regions of the world since then, though Asia does seem to have a bigger concentration. The most impacted vertical seems to be education."This might be due to poor password hygiene, or it could be related to the malware's unique lateral movement capability with stolen SSH keys," the Akamai team said in a blog post. "Researchers in different academic institutions might collaborate more frequently, and require credentials to authenticate to machines that are outside of their organization/network, than employees in the business sector. To strengthen that hypothesis, we saw that some of the universities involved were from the same country - Spain, or others from the same region, like Taiwan and Hong Kong."To read this article in full, please click here | Malware | ||
|
2022-06-15 02:00:00 | How to mitigate Active Directory attacks that use the KrbRelayUp toolset (lien direct) | Those of you with on-premises Active Directory (AD) need to be aware of a new way to abuse Kerberos in your network. KrbRelayUp is a bundle of tools that streamlines the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn. Attackers use the toolset to impersonate an administrator via resource-based constrained delegation and execute code on a device's system account.Pure Azure AD environments are safe from this attack, but hybrid AD networks with both on-premises AD and Azure AD will be at risk. If an attacker compromises an Azure virtual machine that is synchronized with on-premises active directory, the attacker will gain system privileges on the virtual machine and be able to make more advances inside the network.To read this article in full, please click here | Tool | ||
|
2022-06-14 09:04:00 | BrandPost: 5 Quick Ways to Reduce Exposure and Secure Your Data in the Cloud (lien direct) | Switching to public cloud services is now a necessary strategy for most organizations' long-term growth plans. But how do they adapt and expand their cybersecurity capabilities to protect their assets, data, and customers within their cloud environment?Traditional security measures wouldn't work in the cloud simply because there's no perimeter to protect. Manual processes cannot occur at the necessary scale or speed, and the lack of centralization makes visibility extremely difficult.Organizations with a multi-cloud environment have an expanded attack surface. Their cybersecurity strategy does not revolve around physical data centers and on-premises servers alone. Instead, there's also a vast, sprawling network of endpoints, as well as virtual servers, remote applications, cloud workloads, containers, and network communications between the environments.To read this article in full, please click here | |||
|
2022-06-14 02:00:00 | Vulnerability management mistakes CISOs still make (lien direct) | Multiple breaches, including the massive 2017 data breach at the credit reporting agency Equifax, have been traced back to unpatched vulnerabilities-a 2019 Tripwire study found that 27% of all breaches were caused by unpatched vulnerabilities, while a 2018 Ponemon study put the number at a jaw-dropping 60%.To read this article in full, please click here | Data Breach | Equifax | |
|
2022-06-14 02:00:00 | Ransomware attacks are increasing with more dangerous hybrids ahead (lien direct) | Over the past several years, the emergence of big-ticket, destructive ransomware attacks jolted the U.S. government into action to circumscribe the predominately Russian-based threat actors behind the scourge. At the same time, ransomware has been a critical factor driving the growth in corporate cybersecurity budgets as organizations grapple with the often-crippling threat.Despite the policy measures and increased private sector funding to slow down the drumbeat of attacks, ransomware threats remained a top topic at this year's RSA conference. Experts at the event underscored that Russian state-sanctioned criminal actors are not the only ransomware threat actors to fear, nor are ransomware attacks decreasing despite the intensified efforts to nip them in the bud. The same actions taken to quash ransomware activity might end up forging alliances among financially motivated threat actors to create hybrid cyber-attacks that meld social engineering with ransomware.To read this article in full, please click here | Ransomware Threat | ||
|
2022-06-13 11:30:00 | BrandPost: Five Blind Spots That Leave You Open to Supply Chain Vulnerabilities (lien direct) | Software supply chain attacks have received increased attention over the past year with high-profile examples such as the SolarWinds SUNBURST attack, the Kaseya VSA (REvil) attack, or the Log4j vulnerability making headlines and impacting thousands of enterprises. It isn't that a handful of examples happen to make the news: Supply chain attacks are growing more common. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chain.To read this article in full, please click here | Solardwinds | ||
|
2022-06-13 09:14:00 | (Déjà vu) BrandPost: Fortinet Helps Restaurant Chain Prepare its Network for Cutting-Edge Digital Experiences (lien direct) | There are few industries as competitive as the quick-service restaurant sector. In such a crowded market, standing out means more than offering great menu items. One such restaurant with thousands of locations across the U.S. is doubling down on innovation. Its aim is to create compelling, personalized, digital-first customer and employee experiences that will enable next-level differentiation.As the company looks to extend its digital footprint by leveraging cloud-based resources, network security and resilience have become priorities. With a growing attack surface, its legacy firewall infrastructure was no longer adequate. It required a modern, capability-rich security platform capable of tackling the biggest cyber threats facing the business.To read this article in full, please click here | Threat | ||
|
2022-06-13 04:20:00 | Threat actors becoming more creative exploiting the human factor (lien direct) | Threat actors exhibited "ceaseless creativity" last year when attacking the Achilles heel of every organization-its human capital-according to Proofpoint's annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company's deployments to identify the latest attack trends by malicious players."Last year, attackers demonstrated just how unscrupulous they really are, making protecting people from cyber threats an ongoing-and often eye-opening-challenge for organizations,” Proofpoint Executive Vice President for Cybersecurity Strategy Ryan Kalember said in a statement.To read this article in full, please click here | Threat | ||
|
2022-06-13 02:00:00 | 9 ways hackers will use machine learning to launch attacks (lien direct) | Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly and automatically adapt to changing cyberthreats give security teams an advantage.However, some threat actors are also using machine learning and AI a to scale up their cyberattacks, evade security controls, and find new vulnerabilities all at an unprecedented pace and to devastating results. Here are the nine most common ways attackers leverage these technologies.1. Spam, spam, spam, spam Defenders have been using machine learning to detect spam for decades, says Fernando Montenegro, analyst at Omdia. "Spam prevention is the best initial use case for machine learning," he says.To read this article in full, please click here | Spam Threat | ★★★ | |
|
2022-06-10 02:00:00 | 9 types of computer virus and how they do their dirty work (lien direct) | The human mind loves to categorize things, and malware is no exception. We here at CSO have done our part: our malware explainer breaks down malware based on how it spreads (self-propagating worms, viruses piggybacking on other code, or sneakily disguised Trojans) as well as by what it does to infected machines (rootkits, adware, ransomware, cryptojacking, and malvertising, oh my).To read this article in full, please click here | Malware | ||
|
2022-06-09 07:48:00 | Hackers using stealthy Linux backdoor Symbiote to steal credentials (lien direct) | Researchers have come across a stealthy Linux backdoor that uses sophisticated techniques to hide itself on compromised servers and steal credentials. Dubbed Symbiote because it injects itself into existing processes, the threat has been in development since at least November 2021 and seems to have been used against the financial sector in Latin America."Symbiote is a malware that is highly evasive," researchers from BlackBerry said in a new report. "Since the malware operates as a userland level rootkit, detecting an infection may be difficult. Network telemetry can be used to detect anomalous DNS requests and security tools such as AVs and EDRs should be statically linked to ensure they are not “infected” by userland rootkits."To read this article in full, please click here | Malware Tool Threat | ||
|
2022-06-09 03:40:00 | ConcealBrowse isolates malicious software before it can work its mischief (lien direct) | More threat actors are exploiting the browser as an attack vector, largely because it's becoming a popular way to access corporate applications and resources. As a means to counter browser-borne malicious software-such as Trojans, worms or ransomware-Conceal, an endpoint security company, introduced this week ConcealBrowse.ConcealBrowse, which supports all popular operating systems, can be planted on an endpoint by a network administrator where it will monitor all code as it runs to determine if it presents a threat to an organization. Suspicious content is run in isolation where, if the software is malicious, any damage it might cause can be contained.To read this article in full, please click here | Threat | ||
|
2022-06-09 02:00:00 | 11 infamous malware attacks: The first and the worst (lien direct) | Viruses and other malware spreading for sinister or baffling reasons has been a staple of cyberpunk novels and real-life news stories alike for decades. And in truth, there have been computer viruses on the internet since before it was the internet. This article will take a look at some of the most important milestones in the evolution of malware: These entries each represent a novel idea, a lucky break that revealed a gaping security hole, or an attack that turned to be particularly damaging-and sometimes all three.To read this article in full, please click here | Malware | ||
|
2022-06-08 09:57:00 | BrandPost: 4 Factors to Consider When Choosing a Cloud Workload Protection Platform (lien direct) | Every dollar spent on security must produce a return on investment (ROI) in the form of better detection or prevention. As an IT leader, finding the tool that meets this requirement is not always easy. It is tempting for CISOs and CIOs to succumb to the “shiny toy” syndrome: to buy the newest tool claiming to address the security challenges facing their hybrid environment.With cloud adoption on the rise, securing cloud assets will be a critical aspect of supporting digital transformation efforts and the continuous delivery of applications and services to customers well into the future.However, embracing the cloud widens the attack surface. That attack surface includes private, public, and hybrid environments. A traditional approach to security simply doesn't provide the level of security needed to protect this environment and requires organizations to have granular visibility over cloud events.To read this article in full, please click here | Tool Guideline | ||
|
2022-06-07 10:36:00 | Zero-day flaw in Atlassian Confluence exploited in the wild since May (lien direct) | Software firm Atlassian released emergency patches for its popular Confluence Server and Data Center products after reports came to light late last week that attackers were exploiting an unpatched vulnerability in the wild. According to data from Cloudflare's web application firewall (WAF) service, the attacks started almost two weeks ago.The vulnerability, now tracked as CVE-2022-26134, is rated critical and allows unauthenticated attackers to gain remote code execution (RCE) on servers hosting the affected Confluence versions. The company urges customers to upgrade to the newly released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1, depending on which release they use.To read this article in full, please click here | Vulnerability | ||
|
2022-06-07 07:34:00 | How the Colonial Pipeline attack has changed cybersecurity (lien direct) | It's been just over a year since the American public got a taste of what a cyberattack could do to their way of life. A ransomware sortie on Colonial Pipeline forced its owners to shut down operations and leave half the country's East Coast in a lurch for refined oil. Since that time, efforts have aimed at making the nation's critical infrastructure more resilient and to counter the scourge of ransomware. The question is whether enough is being done fast enough."The attack on Colonial Pipeline was an eye-opener-not so much because of the risks about ransomware, but because of the threat landscape moving dangerously close to the critical infrastructure that underpins societies," says Gartner Vice President, Analyst Katell Thielemann . "On that front, it was a wake-up call that spurred all kinds of activities, from cybersecurity sprints in the electric utility sector led by the Department of Energy to security directives from the TSA to pipeline, rail, and airport operators, to a new law establishing upcoming mandates for incident reporting."To read this article in full, please click here | Ransomware Threat | ||
|
2022-06-02 08:04:00 | Cybercriminals look to exploit Intel ME vulnerabilities for highly persistent implants (lien direct) | Leaked internal chats from the Conti ransomware gang suggests the group has been researching and developing code to compromise the Intel Management Engine (Intel ME), the out-of-band management functionality built into Intel chipsets. The goal of this technique is to install malicious code deep inside computer firmware where it cannot be blocked by operating systems and third-party endpoint security products.Firmware implants are powerful and are usually used in high-value operations by state-sponsored hacker groups. However, over the past couple of years cybercriminal gangs have also shown an interest, with developers of the notorious TrickBot botnet adding an UEFI attack module in 2020. According to new research by security firm Eclypsium, the Conti ransomware group developed proof-of-concept code to exploit Intel ME firmware and gain code execution in System Management Mode, a highly privileged execution environment of the CPU.To read this article in full, please click here | Ransomware | ||
|
2022-06-02 02:00:00 | Ransomware roundup: System-locking malware dominates headlines (lien direct) | As we head into the unofficial start of summer, it does not appear the criminal groups that run ransomware schemes are planning to take any time to rest. Ransomware was all over the infosec news headlines in the past week, with one new report revealing that its presence has grown more in the last year than in the past several years combined.Here's roundup of noteworthy ransomware stories you might have missed.DBIR finds ransomware increased by double digits Verizon Business' annual Data Breach Investigations Report (DBIR) is out and confirms what many CISOs already know: ransomware continues to plague business. Ransomware-related breach instances rose 13%, an increase larger than in the past 5 years combined.To read this article in full, please click here | Ransomware Data Breach Malware | ||
|
2022-06-02 02:00:00 | OPM\'s $63 million breach settlement offer: Is it enough? (lien direct) | If one was to look into the Federal Court's Public Access to Court Electronic Records (PACER) one would see that more than 130 separate lawsuits have been filed against the U.S. Government's Office of Personnel Management (OPM), all of which are associated with the 2014 and 2015 data breaches that affected millions.On June 3, 2022, in the U.S. District Court of the District of Columbia, Judge Amy Berman Jackson will hold a video hearing on the proposed settlement of $63 million between the U.S. Government's OPM, its security contractor Peraton (then KeyPoint), and the victims of the OPM data breaches.To read this article in full, please click here | |||
|
2022-05-31 12:29:00 | Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps (lien direct) | Attackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in a Windows component called the Microsoft Support Diagnostic Tool (MSDT) through weaponized Word documents. Microsoft has responded with mitigation advice that can be used to block the attacks until a permanent patch is released.An exploit for the vulnerability, now tracked as CVE-2022-30190, was found in the wild by an independent security research team dubbed nao_sec, which spotted a malicious Word document uploaded to VirusTotal from an IP in Belarus. However, more malicious samples dating from April have also been found, suggesting the vulnerability has been exploited for over a month.To read this article in full, please click here | Tool Vulnerability | ||
|
2022-05-31 02:00:00 | Conti ransomware explained: What you need to know about this aggressive criminal group (lien direct) | Conti has been one of the most aggressive ransomware operations over the past two years and continues to victimize many large companies as well as government, law enforcement and healthcare organizations. Researchers warn that unlike other ransomware groups that generally care about their reputation, Conti doesn't always deliver on its promises to victims."Usually, the more successful ransomware operators put a lot of effort into establishing and maintaining some semblance of 'integrity' as a way of facilitating ransom payments from victims," researchers from Palo Alto Networks said in an analysis. "They want to establish stellar reputations for 'customer service' and for delivering on what they promise-that if you pay a ransom, your files will be decrypted (and they will not appear on a leak website). Yet in our experience helping clients remediate attacks, Conti has not demonstrated any signs that it cares about its reputation with would-be victims."To read this article in full, please click here | Ransomware | ||
|
2022-05-30 02:00:00 | The Open Source Software Security Mobilization Plan: Takeaways for security leaders (lien direct) | The Linux Foundation and the Open Source Security Foundation (OpenSSF) have introduced the Open Source Software Security Mobilization Plan. This is in response to attacks on the software supply chain and an uptick in interest in securing them. Supply chains are appealing targets to malicious actors because they can compromise a single point and have a cascading impact across the ecosystem of customers, as the SolarWinds and Log4j attacks have shown.To read this article in full, please click here | Guideline | ||
|
2022-05-30 02:00:00 | Linux malware is on the rise-6 types of attacks to look for (lien direct) | Linux is a coveted target. It is the host operating system for numerous application backends and servers and powers a wide variety of internet of things (IoT) devices. Still, not enough is done to protect the machines running it."Linux malware has been massively overlooked," says Giovanni Vigna, senior director of threat intelligence at VMware. "Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources or to inflict substantial damage through ransomware and wipers."To read this article in full, please click here | Malware Threat | ||
|
2022-05-26 13:59:00 | New Linux-based ransomware targets VMware servers (lien direct) | Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs) that share the same hard drive storage. Called Cheerscrypt, the bad app is following in the footsteps of other ransomware programs-such as LockBit, Hive and RansomEXX-that have found ESXi an efficient way to infect many computers at once with malicious payloads.Roger Grimes, a defense evangelist with security awareness training provider KnowBe4, explains that most of the world's organizations operate using VMware virtual machines. "It makes the job of ransomware attackers far easier because they can encrypt one server-the VMware server-and then encrypt every guest VM it contains. One compromise and encryption command can easily encrypt dozens to hundreds of other virtually run computers all at once."To read this article in full, please click here | Ransomware | ||
|
2022-05-26 03:27:00 | Mastercard expands cybersecurity, risk services with new attack simulation and assessment platform (lien direct) | Financial services giant Mastercard has announced the launch of a new attack simulation and assessment platform designed to help businesses and governments enhance their cybersecurity operational resilience. Cyber Front, enabled by a strategic minority investment in cybersecurity vendor Picus Security, reveals organizations' security gaps and provides real-time mitigation insights so they can improve upon cybersecurity investments with continuous validation, Mastercard stated. The launch comes as Mastercard continues to invest in cybersecurity and risk management capabilities.Cyber Front leverages more than 3,500 real-world threat scenarios In a press release, Mastercard said that Cyber Front, built as an always-on platform, supports customers in strengthening digital ecosystems by validating the effectiveness of their cybersecurity controls to prevent and detect threats, leveraging a continuously updated library of more than 3,500 real-world threat scenarios. Its ultimate goal is to aid businesses in understanding if their systems are effective and identifying areas of exposure to ensure greater protection in both the immediate and long term, it continued.To read this article in full, please click here | Threat | ||
|
2022-05-25 10:00:00 | PIXM releases new computer vision solution for mobile phishing (lien direct) | Computer vision cybersecurity startup PIXM has expanded its line of antiphishing products with the launch of PIXM Mobile, a solution to protect individuals and enterprises from targeted and unknown phishing attacks on mobile devices.The cloud-based mobile product is aimed at identifying phishing attacks on mobile devices in real time, as a user clicks on a malicious link, using computer vision technology.PIXM Mobile is designed to support any mobile application, including SMS - used in "smishing" attacks - social media, and business collaboration apps, as well as email and web-based phishing pages.To read this article in full, please click here |
To see everything:
Our RSS (filtrered)
