What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-25 07:02:00 | Chaos ransomware explained: A rapidly evolving threat (lien direct) | The Chaos ransomware builder started out last year as a buggy and unconvincing impersonation of the notorious Ryuk ransomware kit. It has since gone through active development and rapid improvements that have convinced different attacker groups to adopt it. The latest version, dubbed Yashma, was first observed in the wild in mid-May and contains several enhancements.One successful ransomware operation known as Onyx hit U.S.-based emergency services, medical facilities and organizations from several other industries over the past year. It uses a variation of the Chaos ransomware, according to security researchers."What makes Chaos/Yashma dangerous going forward is its flexibility and its widespread availability," researchers from BlackBerry said in a new report. "As the malware is initially sold and distributed as a malware builder, any threat actor who purchases the malware can replicate the actions of the threat group behind Onyx, developing their own ransomware strains and targeting chosen victims."To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-05-25 06:00:00 | New Mend service auto-detects and fixes code, app security issues (lien direct) | Open-source application security company Mend, formerly WhiteSource, has announced the launch of an automated remediation service for addressing code security issues. According to the firm, the new service is designed to reduce the software attack surface and application security burden, enabling developers to write secure code more easily.Mend has also integrated Mend Supply Chain Defender, a solution that detects and blocks malicious open-source software, into its JFrog Artifactory plugin within the Mend Application Security Platform. The news comes amid increasing market investment into securing key aspects of code and app production to address related risks and challenges.To read this article in full, please click here | |||
|
2022-05-25 02:00:00 | Security and privacy laws, regulations, and compliance: The complete guide (lien direct) | This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Each entry includes a link to the full text of the law or regulation as well as information about what and who is covered.CSO updates this directory, originally published on January 28, 2021, frequently as new laws and regulations are put in place.Click on a link to skip to information and resources on that law:Broadly applicable laws and regulations Sarbanes-Oxley Act (SOX) Payment Card Industry Data Security Standard (PCI DSS) Payment Service Directive, revised (PSD2) Gramm-Leach-Bliley Act (GLBA) Customs-Trade Partnership Against Terrorism (C-TPAT) Free and Secure Trade Program (FAST) Children's Online Privacy Protection Act (COPPA) Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule Federal Rules of Civil Procedure (FRCP) Industry-specific guidelines and requirements Federal Information Security Management Act (FISMA) North American Electric Reliability Corp. (NERC) standards Title 21 of the Code of Federal Regulations (21 CFR Part 11) Electronic Records Health Insurance Portability and Accountability Act (HIPAA) The Health Information Technology for Economic and Clinical Health Act (HITECH) Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule) H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation US state laws California Consumer Privacy Act (CCPA) California Privacy Rights Act (CPRA) Colorado Privacy Act Connecticut Data Privacy Act (CTDPA) Maine Act to Protect the Privacy of Online Consumer Information Maryland Personal Information Protection Act – Security Breach Notification Requirements – Modifications (House Bill 1154) Massachusetts 201 CMR 17 (aka Mass Data Protection Law) Massachusetts Bill H.4806 - An Act relative to consumer protection from security breaches | Hack | ||
|
2022-05-24 02:00:00 | 7 machine identity management best practices (lien direct) | Machine identities are a large, and fast-growing part of the enterprise attack surface. The number of machines-servers, devices, and services-is growing rapidly and efforts to secure them often fall short.Cybercriminals and other threat actors have been quick to take advantage. Cyberattacks that involved the misuse of machine identities increased by 1,600% over the last five years, according to a report released last spring by cybersecurity vendor Venafi.Research firm Gartner named machine identity as one of the top cybersecurity trends of the year, in a report released last fall. In 2020, 50% of cloud security failures resulted from inadequate management of identities, access, and privileges, according to another Gartner report. In 2023, that percentage will rise to 75%.To read this article in full, please click here | Threat | ||
|
2022-05-19 05:47:00 | Two account compromise flaws fixed in Strapi headless CMS (lien direct) | Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised.According to researchers with the Synopsys Cybersecurity Research Center (CyRC), the flaws allow a user with low privileges to access sensitive data that can be used to perform a password reset for a higher privileged account, such as the administrator. This means attackers need to gain access to a low-privileged account first and this can be achieved via compromised credentials, phishing or other methods.To read this article in full, please click here | Guideline | ||
|
2022-05-19 05:00:00 | QuSecure launches end-to-end post-quantum cybersecurity solution (lien direct) | Post-quantum cryptography company QuSecure has announced its debut with the launch of a new post-quantum cybersecurity solution, QuSecure Nucleus. The firm claimed that Nucleus is the industry's first end-to-end quantum software-based platform designed to protect encrypted communications and data using a quantum secure channel.The solution addresses present classical attacks and future quantum computing threats for commercial enterprises and government agencies, QuSecure added. The release comes as increasing numbers of solutions providers are coming to market with quantum-resilient offerings built to withstand quantum computing security risks that threaten traditional public key cryptography.To read this article in full, please click here | Threat | ||
|
2022-05-19 02:00:00 | WannaCry 5 years on: Still a top threat (lien direct) | Who doesn't love an anniversary and the opportunity to reminisce about “where we were” when an historical event happened? Such is the case over the last several days when it comes to remembering WannaCry, the ransomware that infected thousands of computers five years ago and cost companies all over the world billions of dollars in damages.WannaCry broke onto the infosec scene on May 12, 2017. Taking advantage of the vulnerable version of the Server Message Block (SMB) protocol, it ultimately infected approximately 200,000+ machines in more than 150 countries. While Microsoft had issued a patch for the SMB flaw more than a month before the attacks began, millions of computers had not been unpatched against the bug. The largest ransomware attack ever, it impacted several big names globally, including the UK's National Health Service, US delivery giant FedEx, and Deutsche Bahn, the German railway company.To read this article in full, please click here | Ransomware Threat | FedEx Wannacry | |
|
2022-05-19 02:00:00 | Uber CISO\'s trial underscores the importance of truth, transparency, and trust (lien direct) | Truth, transparency and trust are the three T's that all CISOs and CSOs should embrace as they march through their daily grind of keeping their enterprise and the data safe and secure. Failure to adhere to the three T's can have serious consequences.Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.The case against Uber's former CSO By way of background, Uber's former CSO faces a five-felony count superseding indictment associated with his handling of the company's 2016 data breach. The court document, filed in December 2021, alleges Sullivan “engaged in a scheme designed to ensure that the data breach did not become public knowledge, was concealed, and was not disclosed to the FTC and to impacted users and drivers.” Furthermore, the two individuals, who are believed to have affected the hack and subsequently requested payment for non-disclosure ultimately received $100,000 from Uber's bug bounty program. These individuals were identified in media as, Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, both of whom were later indicted for their breach of Lynda (a company acquired by Linkedin).To read this article in full, please click here | Data Breach Hack | Uber Uber | |
|
2022-05-18 11:12:00 | Deepfence Cloud builds on ThreatStryker security observability platform (lien direct) | Deepfence, a security observability and protection company, has launched Deepfence Cloud, a fully managed, cloud-native security SaaS observability system built on the company's on-premises ThreatStryker software.Deepfence Cloud, unveiled at the KubeCon + CloudNativeCon Europe 2022 event this week, is aimed at observing runtime indicators of attack (IOA), and indicators of compromise (IOC) and correlating events to provide real-time monitoring of attacks as well as mitigation and remediation capabilities. The software is generally available now.To read this article in full, please click here | |||
|
2022-05-18 06:09:00 | NanoLock\'s zero-trust cybersecurity suite to protect industrial machinery, production lines (lien direct) | NanoLock has announced the launch of a new suite of zero-trust cybersecurity solutions for the industrial and manufacturing market. In a press release, the firm claimed to be the first to offer device-level protection solutions designed specifically for legacy and new industrial machinery and smart factory production lines. The launch comes in the wake of a joint cybersecurity alert surrounding advanced persistent threat (APT) attacks on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.To read this article in full, please click here | Threat | ||
|
2022-05-18 04:31:00 | BrandPost: The Evolving Role of the Firewall in a Hybrid Workplace (lien direct) | The workplace is indelibly changing, according to the latest data from Gallup [1]. Organizations expect that moving forward only 23% of their employees will be fully on-site, 24% will be exclusively remote, and 53% will split their time between working at home and in the office.This widely distributed workforce model offers benefits for both employers and employees - including greater flexibility and productivity. However, there are new IT challenges, too, such as the need to provide high-performance remote access for increased video and audio conferencing.Many mid-range enterprise firewalls weren't designed for the volume of throughput necessary to support a hybrid workforce. On top of that, all the filtering and processing it must do to protect against malware over encrypted traffic ultimately slows down Internet speed.To read this article in full, please click here | Malware | ||
|
2022-05-18 02:00:00 | Top Linux endpoint protection software (lien direct) | I've been running the Linux desktop since the great desktop debate was between C Shell and Bash. I've never felt a need for a Linux antivirus program. But, that's not to say that I thought I could get away without Linux desktop or server security. Far from it! While I use third-party programs like the ones below, I rely on good security practices to secure my system.Mind you, in recent years we've seen an enormous increase in Linux malware. According to security company Crowdstrike, Linux malware increased by 35% in 2021 compared to 2020. Before you tear your hair out keep in mind that the vast majority of these attacks are not targeting Linux servers or cloud instances. Instead, Crowdstrike reports, XorDDoS, Mirai and Mozi, the biggest Linux-based malware families, go after the low-hanging fruit of internet of things (IoT) devices.To read this article in full, please click here | Malware | ||
|
2022-05-17 08:44:00 | BrandPost: DDos Extortion Takes VoIP Providers Offline (lien direct) | Threat actors are continually innovating and rethinking their attack patterns – as well as who they target with attacks. This is clearly seen in their targeting of Voice over Internet Protocol (VoIP) providers, as highlighted in NETSCOUT's 2H 2021 Threat Report. Why target VoIP providers? The short answer is financial gain. Attackers know bringing down VoIP providers that service a large number of customers causes a lot of pain and therefore is ripe for extortion.Cyber attackers launched three worldwide distributed denial-of-service (DDoS) extortion attack campaigns in 2021 – a startling new achievement carried out by a REvil copycat, Lazarus Bear Armada (LBA), and Fancy Lazarus. But threat actors did more than simply increase such global attacks.To read this article in full, please click here | Threat | APT 38 | |
|
2022-05-17 02:00:00 | MITRE ATT@CK v11 adds ICS matrix, sub-techniques for mobile threats (lien direct) | The MITRE Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) Framework has become a mainstay of the cybersecurity industry. The framework represents relevant adversary behavior, and organizations can leverage it to bolster their cybersecurity defenses and improve their ability to detect common adversary behavior. It details adversary behavior across the attack lifecycle.The framework has been around since 2013 and continues to get better. The framework and associated matrices have evolved to address emerging technology areas that organizations are increasingly adopting such as infrastructure as a service (IaaS), software as a service (SaaS), and containers. The latest release, MITRE ATT@CK v11, includes sub-techniques for both mobile and the addition of an industrial control systems (ICS) matrix. Those v11 updates are explained below along with insights you can use to help meet recent government requirements as well.To read this article in full, please click here | Threat | ||
|
2022-05-17 02:00:00 | CISOs worried about material attacks, boardroom backing (lien direct) | The threat of substantial material attacks and getting board support for their efforts are top-of-mind issues among the world's CISOs, according to a new report released by Proofpoint Tuesday. While nearly half of the 1,400 CISOs surveyed for the annual Voice of the CISO report (48%) say their organization is at risk of suffering a material cyberattack in the next 12 months. That's substantially lower than 2021, when nearly two-thirds of the CISOs (64%) expressed similar sentiments."That drop was a bit surprising," Proofpoint Global Resident CISO Lucia Milica, who supervised the survey, tells CSO Online. When the pandemic hit, CISOs were scrambling to put temporary controls in place to deal with the explosion of remote workers and enable a business to operate securely, she explains. "Over the last two years, CISOs have had time to bring in more permanent controls to support hybrid work. That's put more CISOs at ease in terms of feeling that they can protect their organizations."To read this article in full, please click here | Threat | ||
|
2022-05-13 03:50:00 | Five Eyes nations warn MSPs of stepped-up cybersecurity threats (lien direct) | In an unexpected development, the cybersecurity authorities of the "Five Eyes" countries issued an alert warning of an increase in malicious cyber activity targeting managed service providers (MSPs), with these agencies saying they expect this trend to continue. The alert is the result of a collaborative effort among the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA, NSA, FBI).The agencies said they are "aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue" and point to a report by a significant MSP IT solutions provider, N-Able. That report notes that "almost all MSPs have suffered a successful cyberattack in the past 18 months, and 90% have seen an increase in attacks since the pandemic started."To read this article in full, please click here | Threat | ||
|
2022-05-13 02:00:00 | Top cybersecurity M&A deals for 2022 (lien direct) | The number of cybersecurity mergers and acquisitions deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That's up from 94 for the same period in 2020. That trend is likely to continue in 2022.Many of the 2021 transactions CSO reported were in the identity and cloud security markets, especially toward the end of the year. This trend is likely to continue as these markets consolidate.In all markets, larger firms are looking to expand their capabilities. Recorded Future's acquisition of SecurityTrails is an early 2022 example, as it adds attack surface monitoring technology to Recorded Future's offerings.To read this article in full, please click here | |||
|
2022-05-11 11:22:00 | Threat hunters expose novel IceApple attack framework (lien direct) | A novel post-exploitation framework that allows the activity of its malicious actors to persist on their targets was exposed Wednesday by Crowdsrike's Falcon OverWatch threat hunters. Dubbed IceApple, the .NET-based framework has been observed since late 2021 in multiple victim environments in geographically diverse locations with targets spanning the technology, academic and government sectors, according to CrowdStrike's report.Up to now, Falcon OverWatch's threat hunters have found the framework only on Microsoft Exchange instances, but they said it's capable of running under any Internet Information Services (IIS) web application and advise organizations to make sure their web apps are fully patched to avoid infection.To read this article in full, please click here | Threat | ||
|
2022-05-11 06:59:00 | Stealthy Linux implant BPFdoor compromised organizations globally for years (lien direct) | Malware researchers warn about a stealthy backdoor program that has been used by a Chinese threat actor to compromise Linux servers at government and private organizations around the world. While the backdoor is not new and variants have been in use for the past five years, it has managed to fly under the radar and have very low detection rates. One reason for its success is that it leverages a feature called the Berkeley Packet Filter (BPF) on Unix-based systems to hide malicious traffic.BPFdoor was named by researchers from PwC Threat Intelligence who attribute it to a Chinese group they call Red Menshen. The PwC team found the threat while investigating several intrusions throughout Asia last year and included a short section about it in their annual threat report released late last monthTo read this article in full, please click here | Threat | ||
|
2022-05-11 03:54:00 | New RAT malware uses sophisticated evasion techniques, leverages COVID-19 messaging (lien direct) | Researchers at cybersecurity vendor Proofpoint have analyzed a new remote access Trojan (RAT) malware campaign using sophisticated evasion techniques and leveraging COVID-19 themed messaging to target global organizations. The malware, dubbed “Nerbian RAT” and written in the Go programming language, uses significant anti-analysis and anti-reversing capabilities and open-source Go libraries to conduct malicious activities, the researchers stated.The campaign was first analyzed by Proofpoint in late April and disproportionately impacts entities in Italy, Spain and the UK. In a statement, Proofpoint Vice President Threat Research and Detection Sherrod DeGrippo said the research demonstrates how malware authors continue to operate at the intersection of open-source capability and criminal opportunity.To read this article in full, please click here | Malware Threat | ||
|
2022-05-10 13:14:00 | BrandPost: CWPP: How to Secure Cloud-Native Applications Built with Containers (lien direct) | The transition into CWPP Agility and flexibility were key directives in the development of new technology, which is why on-premise assets soon transitioned into virtual machines, which further transformed into compact and swift containers. Modern enterprise network environments are increasingly transforming to be cloud-based, where both applications and data storage are hosted in a cloud - and often multi-cloud - environment. The attack surfaces and security protection requirements of software in distributed cloud environments are vastly different from traditional network architectures where applications and data were hosted on enterprise-owned servers in on-premises data centers.To read this article in full, please click here | |||
|
2022-05-10 11:24:00 | BrandPost: Geopolitical Unrest Creates Breeding Ground for Cyberattacks (lien direct) | As detailed in NETSCOUT's 2H 2021 Threat Report, the total number of distributed denial-of-service (DDoS) attacks decreased from 5.4 million in the first half of 2021 to 4.4 million in the second half of the year, totaling 9.8 million DDoS attacks for all of 2021. Most geographical regions experienced decreases in attacks during the second half of 2021. But a notable exception was the Asia Pacific (APAC) region, which had more than 1.2 million attacks during this timeframe – a 7% increase from the second half of 2021. This becomes even more significant in light of the fact that the past three Threat Intelligence reports chronicle back-to-back declines in this region.To read this article in full, please click here | Threat | ||
|
2021-01-06 02:00:00 | SolarWinds hack is a wakeup call for taking cybersecurity action (lien direct) | Advanced Persistent Threats (APTs) have long been a concern of the cybersecurity community. Well-organized teams with significant resources and targets they are not willing to give up attacking until their mission is accomplished are certainly not a threat to be underestimated. The tactics deployed by such groups involve a combination of attack types, from exploiting zero-day vulnerabilities to social engineering, gaining access, establishing a foothold and deepening access, and then remaining in a target's systems undetected until realizing their goal. | Hack Threat | ||
|
2021-01-06 02:00:00 | How to prepare for and respond to a SolarWinds-type attack (lien direct) | If you use the recently compromised SolarWinds Orion monitoring products, you are already reviewing your infrastructure and possibly blocking network access to the servers in your domain. For those of you who do not use the SolarWinds software, this is an opportunity to review your own processes and determine whether you would have detected the compromised code and backdoors. | |||
|
2020-12-21 02:00:00 | How to prepare for the next SolarWinds-like threat (lien direct) | The insertion of malware into SolarWinds' popular Orion network management software sent the federal government and major parts of corporate America scrambling this week to investigate and mitigate what could be the most damaging breach in US history. The malware, which cybersecurity company FireEye (itself the first public victim of the supply chain interference) named SUNBURST, is a backdoor that can transfer and execute files, profile systems, reboot machines and disable system services. | Malware Threat | Solardwinds | |
|
2020-12-18 07:46:00 | BrandPost: Protecting Online Holiday Shopping this Season (lien direct) | With the holiday shopping season settling in, eCommerce growth has continued to skyrocket. In November, the U.S. Department of Commerce reports an almost 37% increase in quarterly retail e-commerce sales, when compared to the previous year. However, with growth come challenges, including a concurrent spike in cyberattacks on e-commerce web infrastructure as more and more consumers flock to these websites. In fact, since the beginning of September, Fortinet's FortiGuard Labs global threat intelligence and research team showed a very steady, consistent wave of e-commerce attack type attempts. A month later, the team saw over a billion different attempts which is almost a 140% increase. Those responsible for protecting their customers data should operate with two key responsibilities in mind: delivering dynamic and engaging shopping experiences to their customers and securing the web applications that deliver that experience. | Threat | ||
|
2020-12-18 02:00:00 | What is typosquatting? A simple but effective attack technique (lien direct) | Typosquatting definition A typosquatting attack, also known as a URL hijacking, a sting site, or a fake URL, is a type of social engineering where threat actors impersonate legitimate domains for malicious purposes such as fraud or malware spreading. They register domain names that are similar to legitimate domains of targeted, trusted entities in the hope of fooling victims into believing they are interacting with the real organization.[ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. | Sign up for CSO newsletters. ] How typosquatting works Threat actors can impersonate domains using: | Malware Threat | ||
|
2020-12-15 08:14:00 | BrandPost: Fortinet Ensures Secure Cloud Migration for European Real Estate Company (lien direct) | In our digital world, individuals increasingly rely on continued connectivity for work, learning, and entertainment. Because of this, organizations face unique security challenges as they try to secure both their employees leveraging business critical applications and customers accessing their Wi-Fi networks from personal devices.One European real estate company found themselves grappling with these challenges and chose to undergo a review of their full IT infrastructure in order to determine how best to secure their entire digital attack surface without negatively impacting network performance. | |||
|
2020-12-15 03:44:00 | SolarWinds supply chain attack explained: Why organizations were not prepared (lien direct) | The recent breach of major cybersecurity company FireEye by nation-state hackers was part of a much larger attack that was carried out through malicious updates to a popular network monitoring product and impacted major government organizations and companies. The incident highlights the severe impact software supply chain attacks can have and the unfortunate fact that most organizations are woefully unprepared to prevent and detect such threats.[ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. | Sign up for CSO newsletters. ] A hacker group believed to be affiliated with the Russian government gained access to computer systems belonging to multiple US government departments including the US Treasury and Commerce in a long campaign that is believed to have started in March. The news triggered an emergency meeting of the US National Security Council on Saturday. | |||
|
2020-12-10 08:03:00 | FireEye breach explained: How worried should you be? (lien direct) | Cybersecurity firm FireEye announced Tuesday that a sophisticated group of hackers, likely state-sponsored, broke into its network and stole tools the company's experts developed to simulate real attackers and test the security of its customers. While this is a worrying development, it's unlikely that this will result in a significant risk increase to organizations, as some offensive tool leaks did in the past. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach Tool | ||
|
2020-12-08 09:00:00 | Publicly known support credentials expose GE Healthcare imaging devices to hacking (lien direct) | Over 100 device models from GE Healthcare that are used primarily for radiological and imaging purposes in hospitals and other healthcare facilities can easily be compromised by hackers because of default support credentials that are publicly known but can't be changed easily by users. This insecure implementation of remote management functionality allows hackers to access sensitive data stored on the impacted devices as well as infect them with malicious code that would be very hard to detect.Healthcare organizations have increasingly been targeted by cybercriminals groups this year, particularly those distributing ransomware. Three US agencies-the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security (DHS)-jointly issued an alert, warning that groups like TrickBot, Ryuk and Conti pose an imminent threat to US hospitals and healthcare providers. Vulnerabilities like the one found in GE Healthcare devices can enhance those attacks giving hackers access to critical devices that organizations can't afford to be offline. | Threat | ||
|
2020-12-07 03:00:00 | 6 new ways threat actors will attack in 2021 (lien direct) | When COVID-19 hit and then started forcing massive enterprise changes in March, it caused a significant change in the enterprise threat landscape. That is even more troubling given that it all happened within a few days, which required the cutting of security corners for everything, especially the creation of remote sites. | Threat | ||
|
2020-12-03 12:42:00 | BrandPost: Cybersecurity Best Practices for Protecting Brand Trust (lien direct) | Your brand is a valuable asset, but it's also an attack vector. Threat actors exploit the public's trust of your brand when they phish under your name or when they counterfeit your products. The problem gets harder because you engage with the world across so many digital platforms – the web, social media, mobile apps. These engagements are obviously crucial to your business.Something else should be obvious as well: guarding your digital trust – public confidence in your digital security – is make-or-break for your business, not just part of your compliance checklist.COVID-19 has put a renewed spotlight on the importance of defending against cyberattacks and data breaches as more users access data from remote or non-traditional locations. Crisis fuels cybercrime and we have seen that hacking has increased substantially as digital transformation initiatives have accelerated and many employees work from home without adequate firewalls and back-up protection. | Threat | ||
|
2020-12-03 03:00:00 | TrickBot gets new UEFI attack capability that makes recovery incredibly hard (lien direct) | Researchers have seen a worrying development recently in TrickBot, a botnet that serves as an access gateway into enterprise networks for sophisticated ransomware and other cybercriminal groups. A new module enables the malware to scan for vulnerable UEFI configurations on infected systems and could enable attackers to brick systems or deploy low-level backdoors that are incredibly hard to remove. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ] | Malware | ||
|
2020-11-25 03:00:00 | How to use Windows Defender Attack Surface Reduction rules (lien direct) | With all the attacks in the news recently, can you take steps to protect workstations that you already have and might not have enabled? Yes, and most of the steps are built into the operating system you already have. | |||
|
2020-11-24 03:00:00 | (Déjà vu) 8 types of phishing attacks and how to identify them (lien direct) | Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. Indeed, Verizon's 2020 Data Breach Investigations Report finds that phishing is the top threat action associated with breaches.Enterprises regularly remind users to beware of phishing attacks, but many users don't really know how to recognize them. And humans tend to be bad at recognizing scams. | Data Breach Threat | ||
|
2020-11-24 03:00:00 | New US IoT law aims to improve edge device security (lien direct) | As the world moves toward interconnection of all electronic devices, the proverbial internet of things (IoT), device manufacturers prioritize speed to market and price over security. According to Nokia's most recent threat intelligence report, IoT devices are responsible for almost a third of all mobile and Wi-Fi network infections.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] This ratio will likely grow dramatically as the number of IoT devices continues its exponential growth. A recent report from Fortinet warns that the rapid introduction of edge devices will create opportunities for more advanced threats, allowing sophisticated attackers and advanced malware to “discover even more valuable data and trends using new EATs [edge access Trojans] and perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands.” | Threat | ||
|
2020-11-24 03:00:00 | 8 types of phishing attack and how to identify them (lien direct) | Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. Indeed, Verizon's 2020 Data Breach Investigations Report finds that phishing is the top threat action associated with breaches.Enterprises regularly remind users to beware of phishing attacks, but many users don't really know how to recognize them. And humans tend to be bad at recognizing scams. | Data Breach Threat | ||
|
2020-11-12 14:00:00 | Intel SGX users need CPU microcode patch to block PLATYPUS secrets-leaking attack (lien direct) | Researchers have devised a new method that allows potential attackers to leak sensitive information such as encryption keys from the Linux kernel's memory and Intel SGX enclaves. The attack, dubbed PLATYPUS, abuses a legitimate CPU interface for monitoring and controlling the power consumption.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] "Using PLATYPUS, we demonstrate that we can observe variations in the power consumption to distinguish different instructions and different Hamming weights of operands and memory loads, allowing inference of loaded values," the team of researchers from the Graz University of Technology, the University of Birmingham in UK, and CISPA Helmholtz Center for Information Security said on a website dedicated to the attack. "PLATYPUS can further infer intra-cacheline control flow of applications, break KASLR, leak AES-NI keys from Intel SGX enclaves and the Linux kernel, and establish a timing-independent covert channel." | |||
|
2020-10-29 03:00:00 | Supply chain attacks show why you should be wary of third-party providers (lien direct) | A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This has dramatically changes the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2020-10-22 05:48:00 | US Treasury Department ban on ransomware payments puts victims in tough position (lien direct) | Earlier this month, the US Treasury Department's Office of Foreign Assets Control (OFAC) warned organizations making ransomware payments that they risk violating economic sanctions imposed by the government against cybercriminal groups or state-sponsored hackers. The advisory has the potential to disrupt the ransomware monetization model, but also puts victims, their insurers and incident response providers in a tough situation where this type of attack could cost much more and take much longer to recover from. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware | ||
|
2020-10-21 06:53:00 | BrandPost: Strange Behavior: The Case for Machine Learning in Cybersecurity (lien direct) | Many people are skeptical about machine learning claims, and rightfully so. You can't just sprinkle machine learning pixie dust on a product and make it better. You need to first understand the use case. The strongest case for machine learning in cybersecurity is detecting unusual behavior that represents attack activity.Once attackers have breached your defenses, there are many ways for them to evade detection from traditional security tools-not to mention that no one has the time to set up complex SIEM alerts for every possibility. Attackers will mask themselves by using legitimate credentials, delete or modify logs, encrypt or obfuscate their communications, or use sanctioned IT administration tools to move laterally while escaping notice. But one thing that they won't be able to do is escape from an always-on machine learning system that's looking for suspicious behavior on the network. | |||
|
2020-10-20 03:00:00 | Avoiding the snags and snares in data breach reporting: What CISOs need to know (lien direct) | Failing to report sensitive data breaches to US regulatory and law enforcement agencies just got more dangerous and confusing for CISOs and their organizations. If that failure is seen as a coverup, such as paying ransoms for retrieving sensitive data, it could lead to steep fines or jail time. | Data Breach Guideline | ||
|
2020-10-16 03:00:00 | Common pitfalls in attributing cyberattacks (lien direct) | Attributing cyberattacks to a particular threat actor is challenging, particularly an intricate attack that stems from a nation-state actor, because attackers are good at hiding or erasing their tracks or deflecting the blame to others. | Threat | ||
|
2020-10-09 03:00:00 | Elusive hacker-for-hire group Bahamut linked to historical attack campaigns (lien direct) | Attack attribution is one of the most difficult aspects of malware research and it's not uncommon for different security companies to attribute attack campaigns to different threat actors only to later discover that they were the work of the same group. However, a new paper by researchers at Blackberry stands out by exposing an elusive group dubbed Bahamut as responsible for a spider web of carefully constructed and carried out phishing and malware attacks. [ How much does a cyber attack really cost? Take a look at the numbers.. | Get the latest from CSO by signing up for our newsletters. ] | Malware Threat | Bahamut | |
|
2020-10-08 03:00:00 | How SilentFade group steals millions from Facebook ad spend accounts (lien direct) | Facebook is a magnet for scammers, thieves and other bad actors looking to swindle and manipulate the social media giant's vast pool of users. One group discovered by Facebook's in-house researchers took such a sophisticated approach to bilking Facebook users that it walked away with $4 million in an elaborate ad fraud scheme that went undetected by its victims.Sachit Karve, speaking both for himself and fellow Facebook security researcher Jennifer Urgilez, offered more details about this scheme at the VB 2020 conference last week. Facebook insiders call the group behind it SilentFade and discovered that it came from a Chinese malware ecosystem that used different types of malware in its cybercrime sprees. | Malware | ||
|
2020-10-07 03:00:00 | 6 steps to building a strong breach response plan (lien direct) | No matter how secure your business, data breaches are an unfortunate fact of life. Whether an attack is the result of a determined cybercriminal, a disgruntled insider, or simple human error, you can limit the damage with a carefully crafted response strategy. | |||
|
2020-10-06 03:00:00 | Alien malware a rising threat to mobile banking users (lien direct) | For over a decade, computer users have been plagued by malicious programs designed to steal their online banking credentials and initiate fraudulent transactions from their accounts. As mobile banking gained more adoption over the years, these programs followed the trend and jumped from computers to smartphones. One of the most widely used Android banking Trojans was abandoned by its creators last month, but the gap left in the cybercrime ecosystem is rapidly being filled by an even more potent one dubbed Alien. | Malware Threat | ||
|
2020-10-05 06:45:00 | BrandPost: From Botnets to Phishing: A Discussion on the 2020 Threat Landscape (lien direct) | An unforeseeable shift in network structures and attack strategies was dropped on the cybersecurity industry in 2020. As the COVID-19 pandemic continues to take its toll on organizations and individuals around the globe, we are now dealing with a threat landscape that's become more intense, complex, and saturated than ever before. And many organizations are finding it challenging to allot sufficient resources towards managing and mitigating these growing and evolving threats, having already faced operational setbacks prompted by the sudden transition to a fully remote workplace. Considering the ever-evolving nature of today's cyber threats, business leaders must continually familiarize themselves with up-to-date threat intelligence and invest in the resources necessary to protect what is now – and will remain indefinitely – a larger, more fluid attack surface. This time, the changes happening across the cyber threat landscape are more dramatic, and the risks due to recent network changes are greater than ever. This makes accurate and actionable threat intelligence even more crucial. The following threat summary highlights the cyber criminal community's ability to adapt and take advantage of low-hanging fruit to achieve their goals. | Threat Guideline | ||
|
2020-10-05 03:00:00 | Uber breach case a \'watershed moment\' for CISOs\' liability risk (lien direct) | Since former Uber CSO Joe Sullivan was charged in August with two felonies for failing to report a 2016 breach that exposed 607,000 personal records, CISOs are scrambling to determine their own personal liability for breaches in their organizations. The charges - obstruction of justice and misprision of a felony (failure to report a crime) - carry with them the potential of jail time of up to five years and three years, respectively. | Uber |
To see everything:
Our RSS (filtrered)
