What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
CSO.webp 2022-12-20 02:00:00 How to enable event collection in Windows Server (lien direct) Event logs register information about software and hardware events that occur in a system, and they are a key weapon in the arsenal of computer security teams. Windows Server has offered Windows Event Forwarding (WEF) for aggregating system event logs from disparate systems to a central event log server for several versions now.High end security information and event management (SIEM) or security, orchestration, automation, and response (SOAR) systems are the ideal in an enterprise environment because of their ability to not only collect and correlate log event data, but also to add context, perform deep analysis, and even to initiate incident response.To read this article in full, please click here ★★
CSO.webp 2022-12-19 15:12:00 BrandPost: Overcoming the Top Technology, Process, and People Challenges Faced by CISOs (lien direct) Today, CISOs face three primary challenges that prevent them from optimally protecting their organizations. First, is the tie to their current technology, which often suffers from complexity and siloed operations that prevent automation. These issues slow down the security operations center (SOC) team, which in turn slows the response to attacks.The second challenge is process-related. Automating in pockets is easier, but to automate from start to finish, you need to understand the automation flow. Many organizations struggle to define the right process within their teams, technology stacks, and across users and suppliers.To read this article in full, please click here ★★★
CSO.webp 2022-12-19 14:51:00 BrandPost: Why a Culture of Awareness and Accountability Is Essential to Cybersecurity (lien direct) Effective cybersecurity relies only in part on technology. Even as tools and systems become more powerful, avoiding security mishaps is still largely dependent on people doing the right thing. From following best practices for updating and patching systems and software to knowing and understanding the everyday risks posed by phishing emails, malicious websites, or other attack vectors, everyone - not just the dedicated IT/security professionals - has some level of responsibility for cybersecurity.The organizations with the best chance of minimizing threats are those that build and sustain a culture of awareness and accountability. Here are some ways to do that:To read this article in full, please click here Patching ★★
CSO.webp 2022-12-19 08:33:00 US consumers seriously concerned over their personal data (lien direct) A report released today by Big Four accounting firm KPMG found that large majorities of the American public are highly concerned about the security of their personal data, and that US companies aren't helping matters by ramping up their collection of that data.Fully 92% of respondents to KPMG's survey said that they were concerned to some extent about how personal data that they provide to companies is handled, and nearly nine in 10 said that businesses should be more forthright in detailing how they handle personal data they collect.“Consumers want more trust in and control over the use and collection of their data,” the report's authors wrote. “Companies that provide access to clear information about their data use processes can expect to improve the level of trust among conusmers.”To read this article in full, please click here ★★★
CSO.webp 2022-12-16 13:24:00 BrandPost: One-Policy Framework, Zero Trust, and Ops teams (lien direct) In today's digital era, customers expect information, resources, and services to be readily available from anywhere in the world. To deliver on customers' expectations and leverage the best of on-premises and public cloud offerings, many enterprises use a mix of on-premises and cloud-based architectures.The freedom to choose from many architectures and deployment strategies results in hybrid networks, which are challenging to secure due to disparate security management consoles that lack consistent security policies across these environments.So then how do Ops teams protect their hybrid environments? The most effective approach is to create a single unified policy, which can then be applied to any environment through a centralized console, to avoid unnecessary operational headaches. A single unified policy is easily achievable via one-policy framework. Organizations with homogeneous environments can benefit equally from a one-policy framework and can adapt to future architecturalchanges with ease.To read this article in full, please click here
CSO.webp 2022-12-16 10:46:00 BrandPost: What\'s Next in Authentication? Passwordless Security (lien direct) We certainly live in interesting times. Technology has been an enabler and has leveled the playing field for so many companies around the world, giving them the ability to compete against companies hundreds of times their size. The Internet has been a boon and bane to humanity since its inception. We have seen the world move forward at a staggering pace thanks to technological advancements. The first bane to touch on is the use of passwords. We have long utilized passwords as what we would euphemistically refer to as a security control. As security practitioners have preached the benefits of using a strong password to the masses, we lost the direction overall. I have long equated passwords with the venerable house key. Sure, you can lock your front door. You can protect your collection of things when you go off to work or to attend to your errands. To read this article in full, please click here
CSO.webp 2022-12-16 07:11:00 BrandPost: Keeping your retail business safe from the cyber grinches (lien direct) It's not just retailers looking forward to the holiday shopping season; it's also a time of plenty for cunning cybercriminals. While security and IT teams are working harder to manage online traffic spikes, maintain corporate operations and much more during this busy period, bad actors are taking the opportunity to launch targeted attacks.There are many actions merchants can and should take to improve their cybersecurity, safeguard their brand, and provide their customers with a safer shopping experience over this busy shopping season – and beyond. And even though it might not be feasible with the holiday shopping season already in full swing to make major changes to your security strategy or implement new technology, there are still many things that retailers can do using existing resources to anticipate threats better and avoid disruption.To read this article in full, please click here
CSO.webp 2022-12-15 11:18:00 MTTR “not a viable metric” for complex software system reliability and security (lien direct) Mean time to resolve (MTTR) isn't a viable metric for measuring the reliability or security of complex software systems and should be replaced by other, more trustworthy options. That's according to a new report from Verica which argued that the use of MTTR to gauge software network failures and outages is not appropriate, partly due to the distribution of duration data and because failures in such systems don't arrive uniformly over time. Site reliability engineering (SRE) teams and others in similar roles should therefore retire MTTR as a key metric, instead looking to other strategies including service level objectives (SLOs) and post-incident data review, the report stated.To read this article in full, please click here ★★
CSO.webp 2022-12-15 07:51:00 BrandPost: How to Choose Security Technology That Works (lien direct) The role of a security practitioner is difficult. From operational workflow changes to accommodating the latest application requirement impacting policies, it's a relentless wave of actions to ensure that users, environments, and data are protected as effectively as possible. After all, that's management of the attack surface.This role becomes even more daunting when selecting a new technology to deploy in your network environment. If every product and technology your organization considered worked equally well, choosing a new technology would be more straightforward. However, some technology decisions are made based on too few data points, too little input, and, worst of all, no definitive proof that this thing you are buying works as promised.To read this article in full, please click here
CSO.webp 2022-12-15 04:54:00 F5 expands security portfolio with App Infrastructure Protection (lien direct) F5 on Thursday announced the launch of F5 Distributed Cloud Services App Infrastructure Protection (AIP), expanding its SaaS-based security portfolio. The new release is a cloud workload protection solution that will provide application observability and protection to cloud-native infrastructures. AIP is built using technology acquired with Threat Stack and will be a part of the F5 Distributed Cloud Services portfolio, launched earlier this year. AIP will complement F5's API Security F5 already has a service called API Security, which helps organizations discover and map APIs, block unwanted connections, and prevent data leakage. AIP goes one step further and provides telemetry collection and intrusion detection for cloud-native workloads. To read this article in full, please click here ★★
CSO.webp 2022-12-15 04:48:00 Dozens of cybersecurity efforts included in this year\'s US NDAA (lien direct) Last week, members of the US House of Representatives and Senate reconciled their versions of the annual must-pass National Defense Authorization Act (NDAA). Each year the NDAA contains a wealth of primarily military cybersecurity provisions, delivering hundreds of millions, if not billions, in new cybersecurity funding to the federal government. This year's bill is no exception.Titled the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, the legislation clocks in at over 4,408 pages. The entire package is worth $858 billion, an increase of 10.3%, or $80.4 billion, over FY2022 NDAA's topline with a good chunk of that amount going to cybersecurity efforts.To read this article in full, please click here ★★
CSO.webp 2022-12-15 03:39:00 (Déjà vu) Microsoft\'s EU data boundary plan to take effect Jan. 1 (lien direct) The plan, which covers Microsoft products and services such as Azure, Power BI, Dynamics 365 and Office 365, will allow customers to store and process their customer data within the EU. ★★★
CSO.webp 2022-12-15 03:39:00 Microsoft\'s EU data boundary plan to take effect from January 1 (lien direct) The plan, which covers Microsoft products and services such as Azure, Power BI, Dynamics 365 and Office 365, will allow customers to store and process their customer data within the EU.
CSO.webp 2022-12-15 02:00:00 GAO warns government agencies: focus on IoT and OT within critical infrastructure (lien direct) The US Government Accounting Office (GAO) continues to highlight shortcomings in the cybersecurity posture of government entities responsible for the protection of United States infrastructure when it comes to internet of things (IoT) and operational technology (OT) devices and systems. In a recent report, the GAO shone a light on the Departments of Energy, Health and Human Services, Homeland Security, and Transportation. How each of these entities reacted and responded to its recommendations was telling.In its forward to Critical Infrastructure: Actions Needed to Better Secure Internet-Connected Devices, the GAO noted that the Departments of Homeland Security and Transportation concurred with the GAO recommendations, Energy deferred a response until “further coordination with other agencies,” and Health and Human Services punted, saying it “neither agreed nor disagreed with the recommendations but noted planned actions,” adding that it doesn't have the ability to compel the private sector to adopt any cybersecurity plan.To read this article in full, please click here ★★
CSO.webp 2022-12-15 02:00:00 Microsoft Exchange ProxyNotShell vulnerability explained and how to mitigate it (lien direct) Last year, two high severity, easily exploitable Microsoft Exchange vulnerabilities dubbed ProxyLogon and ProxyShell made waves in the infosec sphere. Nearly a year later, Exchange Server admins are met with another threat: ProxyNotShell, which in fact is a vulnerability chain comprising two actively exploited flaws: CVE-2022-41040 is a server-side request forgery (SSRF) vulnerability that an authenticated attacker can exploit for privilege escalation. This vulnerability occurs because the root cause of ProxyShell's path confusion flaw remains, as explained further below. CVE-2022-41082 is a deserialization flaw that can be abused to achieve remote code execution (RCE) in Exchange's PowerShell backend once it becomes accessible to the attacker.  Both vulnerabilities impact Microsoft Exchange Server on-premises and hybrid setups running Exchange versions 2013, 2016, and 2019 with an internet-exposed Outlook Web App (OWA) component.To read this article in full, please click here Vulnerability ★★★
CSO.webp 2022-12-14 14:07:00 Cuba ransomware group used Microsoft developer accounts to sign malicious drivers (lien direct) Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. The driver certificates have been revoked and the drivers will be added to a blocklist that Windows users can optionally deploy."In most ransomware incidents, attackers kill the target's security software in an essential precursor step before deploying the ransomware itself," researchers from security firm Sophos said in a new report about the incident. "In recent attacks, some threat actors have turned to the use of Windows drivers to disable security products."To read this article in full, please click here Ransomware Threat ★★
CSO.webp 2022-12-14 06:39:00 Lacework adds new capabilities to its CSPM solution (lien direct) Lacework on Wednesday released new cloud security posture management (CSPM) capabilities, designed to help organizations create custom policies for AWS, Google Cloud, and Azure to secure their cloud infrastructure. The new CSPM solution offers three key enhancements. First, it allows organizations to customize policies and ensure configurations align with an organization's specific needs. Second, it helps organizations build custom cross-account reports to measure hygiene. Finally, the new CSPM will now be compliant with the latest CIS benchmarks, industry standards, and other additional controls written by the Lacework Labs team. To read this article in full, please click here ★★
CSO.webp 2022-12-14 06:00:00 Wiz debuts PEACH tenant isolation framework for cloud applications (lien direct) Cloud security vendor Wiz has announced PEACH, a tenant isolation framework for cloud applications designed to evaluate security posture and outline areas of improvement. The firm stated that the framework has been developed on the back of its cloud vulnerability research to tackle security challenges impacting tenant isolation.Security boundaries, incohesion, transparency impacting tenant isolation in cloud applications In a blog post, Wiz wrote that there have been several cross-tenant vulnerabilities in various multi-tenant cloud applications over the last 18 months. These include ExtraReplica and Hell's Keychain. “Although these issues have been reported on extensively and were dealt with appropriately by the relevant vendors, we've seen little public discussion on how to mitigate such vulnerabilities across the entire industry,” Wiz stated. What's more, the root cause of these vulnerabilities – improperly implemented security boundaries, usually compounded by otherwise harmless bugs in customer-facing interfaces – is significant, the firm added.To read this article in full, please click here Vulnerability ★★
CSO.webp 2022-12-14 04:31:00 New Royal ransomware group evades detection with partial encryption (lien direct) A new ransomware group dubbed Royal that formed earlier this year has significantly ramped up its operations over the past few months and developed its own custom ransomware program that allows attackers to perform flexible and fast file encryption. "The Royal ransomware group emerged in early 2022 and has gained momentum since the middle of the year," researchers from security firm Cybereason said in a new report. "Its ransomware, which the group deploys through different TTPs, has impacted multiple organizations across the globe. The group itself is suspected of consisting of former members of other ransomware groups, based on similarities researchers have observed between Royal ransomware and other ransomware operators."To read this article in full, please click here Ransomware
CSO.webp 2022-12-14 02:00:00 How acceptable is your acceptable use policy? (lien direct) In a world before smartphones, social media, and hybrid workplaces, an acceptable use policy was a lot easier to write-and to enforce. These days, it's a lot more complicated. Work can take place almost anywhere, on any number of devices. An employee can accept a job and then never physically set foot in the office, working from home (or the Caribbean) on their personal laptop. That's why an acceptable use policy, or AUP, is more critical than ever-not just to protect the organization, but to protect employees as well.What is an acceptable use policy? From an IT perspective, an AUP outlines the acceptable use of corporate data, devices, and networks. In a hybrid workplace, that policy should also include terms and conditions for working on personal devices or home networks. And it should include guests, gig workers, contractors, and other non-employees who use company systems and networks.To read this article in full, please click here ★★
CSO.webp 2022-12-14 02:00:00 Clear and present danger-report highlights serious cybersecurity issues with US defense contractors (lien direct) When a company engages in business with a government, especially with the defense sector of that government, one should expect that security surrounding the engagement would be a serious endeavor. A recent report offered up by CyberSheath throws cold water on that assumption-indeed, DEFENSELESS - A statistical report on the state of cybersecurity maturity across the defense industrial base (DIB) should embarrass the sector and begs the question: why are some companies still allowed to do business with the government at all?The CyberSheath report, conducted by Merrill research, surveyed 300 US members of the DIB and judged their results as having a 95% probability of being accurate. Which should give everyone pause, as the results are startling.To read this article in full, please click here Industrial ★★★
CSO.webp 2022-12-13 15:57:00 BrandPost: 3 Common DDoS Myths (lien direct) There are several trends evident in the latest DDoS Threat Intelligence Report from NETSCOUT. These include adaptive distributed denial-of-service (DDoS), direct-path TCP-based DDoS, proliferation of botnets, sociopolitical fallout, and collateral damage. The thing these trends all have in common is they are designed to evade common DDoS defense measures and cause maximum harm to targets and others in their proximity. DDoS always attempts to disrupt, destabilize, and deny availability and often succeeds. The only thing that can prevent its success is a well-designed network with intelligent DDoS mitigation systems (IDMSs). For many organizations, common myths can lead to poor choices and overconfidence when it comes to properly architecting a solution.To read this article in full, please click here Threat Guideline ★★
CSO.webp 2022-12-13 13:04:00 BrandPost: Securing Operational Technology Environments for Critical Infrastructure (lien direct) Juniper Networks is applying its industry leading AI-driven capabilities and cloud-native architectures to Critical Infrastructure (CI) networks. We're directly addressing the communications and cybersecurity challenges exposed by the convergence of IT and OT networks alongside the ever-increasing drumbeat of cyber threats from sophisticated, state-sponsored malicious actors. By enabling network architects, builders, and operators to fully support network users, Juniper is empowering network professionals to defend our nation's electric grids, hospitals, water facilities, and other critical infrastructure. The challenge is substantial. Many CI environments have grown organically over decades, leaving the technical debt in the form of legacy communications and layers of undocumented point solutions that represent an unknown amount of cyberattack surface. But that's not where the commonality ends. All CI networks: To read this article in full, please click here Guideline ★★
CSO.webp 2022-12-13 12:37:00 Palo Alto Networks flags top cyberthreats, offers new zero-day protections (lien direct) Firewall and security software vendor Palo Alto Network's annual Ignite conference kicked off Tuesday, highlighted by several product announcements, which were unveiled alongside the company's latest threat report.Palo Alto's “What's Next in Cyber” report named ransomware and business email compromise as the most common attacks faced by businesses worldwide, with supply chain threats, malicious insiders and DDoS attacks rounding out the top five. Over the course of the past year, 96% of respondents to the company's executive survey said that they'd experienced at least one security breach, and over half said that they'd experienced three or more. Fully 84% said that they pin the responsibility for increased security incidents in the past year on the growing prevalence of remote work.To read this article in full, please click here Threat ★★
CSO.webp 2022-12-13 11:30:00 BrandPost: Staying Cyber Safe This Holiday Season with Security Awareness Training (lien direct) The holiday season is the most wonderful time of the year for cybercriminals. Threat adversaries inevitably have more opportunities to carry out targeted attacks as more people are online shopping and checking emails for coupons that could actually be phishing attacks.Well-staffed security teams using the right technologies can undoubtedly go a long way in protecting organizations against cybercrime. Still, the reality is that employees are an organization's first line of defense when it comes to halting bad actors. Cybersecurity is everyone's job, not just the responsibility of the security and IT teams.To read this article in full, please click here Threat ★★
CSO.webp 2022-12-13 11:09:00 European Commission takes step toward approving EU-US data privacy pact (lien direct) The EU-US Data Privacy Framework-drafted to allow the flow of data between the US and the European Union-has cleared the first hurdle on its way to approval in the EU, but criticism of the pact makes it far from a done deal. ★★
CSO.webp 2022-12-13 04:57:00 PCI Secure Software Standard version 1.2 sets out new payment security requirements (lien direct) The Payment Card Industry Security Standards Council (PCI SSC) has published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. One of two standards that make up the PCI Software Security Framework (SSF), the PCI Secure Software Standard sets out requirements to help ensure that payment software is designed, developed, and maintained in a manner that protects transactions and data, minimizes vulnerabilities, and defends against attacks.The latest version introduces minor changes to the standard relating to clarification/guidance and structure/formatting. It also introduces more significant changes regarding new or evolving content, chiefly the Web Software Module, a set of supplemental security requirements to address the most common security issues related to the use of internet-accessible payment technologies. Version 1.2 also adds a requirement that SSF company QA staff are either an SSF assessor or have completed SSF knowledge training. This comes ahead of the PCI DSS 4.0 regulation, which will comes into full effect in March 2025.To read this article in full, please click here
CSO.webp 2022-12-13 02:00:00 Are robots too insecure for lethal use by law enforcement? (lien direct) In late November, the San Francisco Board of Supervisors voted 8-3 to give the police the option to launch potentially lethal, remote-controlled robots in emergencies, creating an international outcry over law enforcement use of “killer robots.” The San Francisco Police Department (SFPD), which was behind the proposal, said they would deploy robots equipped with explosive charges “to contact, incapacitate, or disorient violent, armed, or dangerous suspects” only when lives are at stake.To read this article in full, please click here ★★★
CSO.webp 2022-12-12 02:00:00 14 lessons CISOs learned in 2022 (lien direct) We're about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach.These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters. "With the shifts in the cybersecurity landscape, 2022 has been a milestone year we will look back on when studying the history of when and why cybersecurity and digital trust were fused together," says Kory Daniels, CISO at Trustwave.To read this article in full, please click here Uber ★★
CSO.webp 2022-12-09 06:01:00 Uptycs launches agentless cloud workload scanning (lien direct) CNAPP (cloud native application protection platform) and XDR (extended detection and response ) provider Uptycs announced Friday that it has added agentless scanning to its existing cloud workload protection platform, which it said will open up a range of new use cases and attract new potential customers.The company said that its agentless workload scanning system will be fully interoperable with its agent-based Uptycs sensors, providing security metadata in the same format and letting users manage both systems from the same management console.To read this article in full, please click here ★★
CSO.webp 2022-12-09 05:21:00 BrandPost: 7 Key Considerations Before Purchasing a SASE Solution (lien direct) One of the biggest challenges facing IT teams today is providing work-from-anywhere (WFA) employees with secure, reliable, and authenticated access to critical corporate assets, applications, and resources.It is crucial to have enterprise-grade protection, whether workers are on-premises, working from home, or anywhere in between.Today's hybrid networks are only as secure as their weakest link. Consequently, when the pandemic forced many to suddenly shift to working out of home offices and other off-site locations, a spike in malware, particularly ransomware, was experienced worldwide. Cybercriminals moved quickly from attacking the corporate network to targeting poorly defended remote and non-traditional workplaces. These malicious hackers were then able to infiltrate networks by hijacking encrypted VPN tunnels.To read this article in full, please click here ★★
CSO.webp 2022-12-08 12:26:00 JSON-based SQL injection attacks trigger need to update web application firewalls (lien direct) Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for JSON inside SQL statements, allowing potential attackers to easily hide their malicious payloads.The bypass technique, discovered by researchers from Claroty's Team82, was confirmed to work against WAFs from Palo Alto Networks, Amazon Web Services (AWS), Cloudflare, F5, and Imperva. These vendors have released patches, so customers should update their WAF deployments. However, the technique might work against WAF solutions from other vendors as well, so users should ask their providers if they can detect and block such attacks.To read this article in full, please click here ★★★
CSO.webp 2022-12-08 09:08:00 BrandPost: In-house vs. Outsourced Security: Understanding the Differences (lien direct) Cybersecurity is not optional for businesses today. Ignoring security can result in a devastating breach or a productivity-sapping attack on the organization. But for many small- and medium-sized businesses (SMBs), the debate often revolves around whether to hire a third party or assemble an in-house security operations team.Both options have their own pros and cons, but SMBs should weigh several factors to make the best decision for their own unique security needs. An in-house team, a managed security services provider (MSSP), or even a hybrid approach can make sense for various reasons.Before choosing to build an in-house security team or outsource to an MSSP, businesses must first evaluate their unique needs to ensure the choice lays a foundation for future success.To read this article in full, please click here ★★
CSO.webp 2022-12-08 08:25:00 BrandPost: Prevention or Detection: Which Is More Important for Defending Your Network? (lien direct) When it comes to physically protecting a building, you have two primary defenses: prevention and detection. You can either prevent people from entering your property without your permission, or you can detect when they have already trespassed onto your property. Most people would prefer to prevent any trespassing, but a determined adversary is always going to be able gain access to your building, given enough time and resources. In this scenario, detection becomes the only alternative.The same holds true for protecting assets in the digital world. We have the same two primary defenses: prevention and detection. And just like in the physical world, a determined adversary is going to gain access to your digital assets, given enough time and resources. The question will be: How quickly are you able to determine that an adversary has penetrated your network?To read this article in full, please click here ★★
CSO.webp 2022-12-08 05:35:00 BrandPost: Want to Help Your Analysts? Embrace Automation and Outsourcing. (lien direct) While the security tools we choose to invest in can undoubtedly make or break our success, one area we tend to focus less on is the human component of cybersecurity. Yet today, two-thirds of global leaders claim that the global skills shortage creates additional cyber risks for their organization, including 80% who reported experiencing at least one breach during the last 12 months that they attributed to the cybersecurity skills gap.The always-changing threat landscape, with fewer skilled people makes it nearly impossible to keep ahead of threats. That's why it's time to talk about the human element – specifically your Security Operations Center (SOC) analysts – and their role in your cybersecurity framework.To read this article in full, please click here Threat Guideline ★★
CSO.webp 2022-12-08 02:00:00 Microsoft\'s rough 2022 security year in review (lien direct) We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here's a month-by-month look at the past year.January: A bad start for on-premises Microsoft Exchange Server vulnerabilities It seems fitting that 2022 began with the release of the Microsoft Exchange Server remote code execution vulnerability (CVE-2022-21846). It raises the question for anyone still with an on-premises Exchange Server: Do you have the expertise to keep it safe especially if you are targeted? Exchange 2019 is the only version under mainstream support at this time. If you are still running Exchange Server 2013, it reaches end of support on April 11, 2023. Your window of opportunity to make an easy transition is closing. Migrate to Exchange online or on-premises Exchange 2019 or consider a different email platform completely.To read this article in full, please click here Vulnerability Patching ★★★★★
CSO.webp 2022-12-07 13:42:00 Apple finally adds encryption to iCloud backups (lien direct) Apple has rolled out a number of security features that will now offer end-to-end encryption to protect data, including backups, contacts, notes, photos, and wallet passes. The company also announced hardware Security Keys for Apple ID. ★★
CSO.webp 2022-12-07 09:01:00 US Congress rolls back proposal to restrict use of Chinese chips (lien direct) After business groups argued that proposed legislation to curb use of Chinese-made semiconductors would hurt national security, lawmakers amended it-but a final vote and the president's approval of the proposed National Defense Authorization Act (NDAA) is still to come. ★★★
CSO.webp 2022-12-07 02:00:00 Athletic shoe maker Brooks runs down cyberattacks with zero-trust segmentation (lien direct) Ransomware was again the top attack type in 2021, with manufacturing replacing financial services as the top industry in ajon hocut director of information security for brooks Brooks Jon Hocut, director of information security for BrooksTo read this article in full, please click here ★★★
CSO.webp 2022-12-06 11:26:00 BrandPost: Rethinking DDoS Defenses (lien direct) The other night I rented a movie called “The Biggest Little Farm.” The movie depicted a couple who were new to farming but attempting to regenerate a farm that had fallen into disrepair. In the process, they continually ran into challenges regarding how to protect the crops and animals on the farm. Initially, they brought in goats to eat some of the overgrown vegetation, which in turn attracted the initial threat, which was coyotes, who were killing the goats and some of their chickens, so they put up a fence. Then birds of prey became a threat, so the farmers installed roofs on the cages. Then it was rabbits and gophers eating the vegetables, and so on. Each time they encountered a new challenge, the farmers had to adapt and build a new defense. In some cases, they didn't know what was coming next or how to fight it, so they talked to neighbors to understand how they did it. I started thinking that although this was taking place on a farm, it was the typical approach to perimeter protection whether on a farm, a castle, a fort, or - in today's world - your network.To read this article in full, please click here
CSO.webp 2022-12-06 08:28:00 Flaws in MegaRAC baseband management firmware impact many server brands (lien direct) Researchers have found three vulnerabilities in AMI MegaRAC, a baseband management controller (BMC) firmware used by multiple server manufacturers. If exploited, the flaws could allow attackers to remotely control servers, deploy malware and firmware implants, or trigger damaging actions that leave them inoperable.BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are shut down. They are essentially small independent computers running inside bigger computers that allow administrators to remotely perform a variety of maintenance and diagnostic tasks including reinstalling operating systems, restarting servers when they're unresponsive, deploying firmware updates and more.To read this article in full, please click here Malware ★★★
CSO.webp 2022-12-06 06:00:00 Action1 launches threat actor filtering to block remote management platform abuse (lien direct) Action1 has announced new AI-based threat actor filtering to detect and block abuse of its remote management platform. The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry out malicious activity. The release comes amid a trend of hackers misusing legitimate systems management platforms to deploy ransomware or steal data from corporate environments.Action1 platform enhanced to identify and terminate RMM abuse In an announcement, Action1 stated that the new enhancement helps ensure that any attempt at misuse of its remote management platform is identified and terminated before cybercriminals accomplish their goals. “It scans user activity for suspicious patterns of behavior, automatically suspends potentially malicious accounts, and alerts Action1's dedicated security team to investigate the issue,” it added.To read this article in full, please click here Ransomware Tool Threat ★★
CSO.webp 2022-12-06 05:40:00 BrandPost: Five Ways to Enhance Your Security Stack Right Now (lien direct) As we look at how the threat landscape might evolve, one thing is certain: Bad actors are increasingly adding more attack tactics and vectors to their playbooks. Case in point: In the first half of 2022, the number of new ransomware variants identified increased by nearly 100% compared to the previous six-month period, largely thanks to the rise in popularity of Ransomware-as-a-Service (RaaS). Combine this proliferation of new threats with expanding attack surfaces, resulting in elevated risk levels impacting every industry.To read this article in full, please click here Ransomware ★★
CSO.webp 2022-12-06 02:00:00 The changing role of the MITRE ATT@CK framework (lien direct) Since its creation in 2013, the MITRE ATT&CK framework has been of interest to security operations professionals. In the early years, the security operations center (SOC) team used MITRE as a reference architecture, comparing alerts and threat intelligence nuggets with the taxonomy's breakdown of adversary tactics and techniques. Based on ESG research, MITRE ATT&CK usage has reached an inflection point. Security teams not only recognize its value as a security operations foundation but also want to build upon this foundation with more use cases and greater benefits.To read this article in full, please click here Threat ★★
CSO.webp 2022-12-06 02:00:00 What you should know when considering cyber insurance in 2023 (lien direct) As the frequency and severity of ransomware, phishing, and denial of service attacks has increased, so has demand for cyber insurance. About $6.5 billion in direct written premiums were recorded in 2021, a 61% increase over the prior year, according to an October 2022 memorandum from the National Association of Insurance Commissioners. “Some companies see it as essential to their risk management strategy,” says Heather Engel, managing partner at advisory firm Strategic Cyber Partners.To read this article in full, please click here ★★
CSO.webp 2022-12-06 02:00:00 The cybersecurity challenges and opportunities of digital twins (lien direct) Digital twins are a digital representation of objects, structures or systems that give organizations greater insight into the life cycle of these objects, but this same level of insight and control can also open doors for malicious attackers.Digital twins can be created for any physical infrastructure that includes individual components of an engine, turbine and other equipment, or entire factories, and data centers.“What makes a digital twin different from just your normal model is the fact that it's a model of the specific serial number that you have deployed in the field,” says Justin John, executive technology director at GE Global Research. “It's either backed by physics, or you've learned how an asset works through historical data-and now you're going to use that for prediction.”To read this article in full, please click here ★★
CSO.webp 2022-12-05 14:19:00 Palo Alto Networks looks to shore up healthcare IoT security (lien direct) Palo Alto Networks today rolled out a new Medical IoT Security offering, designed to  provide improved visibility, automated monitoring and more for hitherto vulnerable healthcare IoT frameworks, thanks to machine learning and adherence to zero trust principles.Medical device security is a serious problem for most organizations in healthcare, with a long string of reported vulnerabilities in the area stretching back for years. Fundamentally, experts agree, a large part of the problem is that many connected devices being used in medicine were not originally designed for network connectivity. With that feature grafted on after the fact, rather than being designed in from the outset, unsafe default configurations, reliance on compromised code libraries and a host of other serious issues have continually arisen.To read this article in full, please click here ★★★
CSO.webp 2022-12-05 04:11:00 FCC\'s proposal to strengthen emergency alert security might not go far enough (lien direct) In October, the US Federal Communications Commission (FCC) launched a notice of proposed rulemaking (NPRM) to strengthen the security of the nation's emergency alert system (EAS) and wireless emergency alerts (WEA). These systems warn the public about emergencies through alerts on their televisions, radios, and wireless phones via AM, FM, satellite radio, broadcast, cable, and satellite TV. Although EAS Participants are required to broadcast presidential alerts, they voluntarily participate in broadcasting state and local EAS alerts.To read this article in full, please click here ★★
CSO.webp 2022-12-05 02:00:00 When blaming the user for a security breach is unfair – or just wrong (lien direct) In his career in IT security leadership, Aaron de Montmorency has seen a lot - an employee phished on their first day by someone impersonating the CEO, an HR department head asked to change the company's direct deposit information by a bogus CFO, not to mention multichannel criminal engagement with threat actors attacking from social media to email to SMS text.In these cases, the users almost fell for it, but something didn't feel right. So, they manually verified by calling the executives who were being impersonated. De Montmorency, director of IT, security, and compliance with Tacoma, Washington-based Elevate Health, praises the instincts that stopped the attacks from causing financial or reputational damage. Yet, he contends that expecting users to be the frontline defense against rampant phishing, pharming, whaling, and other credential-based attacks increasingly taking place over out-of-band channels is a recipe for disaster.To read this article in full, please click here Threat Guideline ★★★
CSO.webp 2022-12-02 04:33:00 BrandPost: Improving Cyber Hygiene with Multi-Factor Authentication and Cyber Awareness (lien direct) Using multi-factor authentication (MFA) is one of the key components of an organizations Identity and Access Management (IAM) program to maintain a strong cybersecurity posture. Having multiple layers to verify users is important, but MFA fatigue is also real and can be exploited by hackers.Enabling MFA for all accounts is a best practice for all organizations, but the specifics of how it is implemented are significant because attackers are developing workarounds. That said, when done correctly – and with the right pieces in place – MFA is an invaluable tool in the cyber toolbox and a key piece of proper cyber hygiene. This is a primary reason why MFA was a key topic for this year's cybersecurity awareness month. For leaders and executives, the key is to ensure employees are trained to understand the importance of the security tools – like MFA – available to them while also making the process easy for them.To read this article in full, please click here Tool Guideline ★★
Last update at: 2024-04-29 22:08:05
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter