What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-01 05:01:00 | Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions (lien direct) | The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration and continuous delivery) workflows that don't perform sufficient filtering when downloading artifacts. Cybersecurity researchers have identified several popular artifacts download scripts used by thousands of repositories that are vulnerable to this issue.“We have discovered that when transferring artifacts between different workflows, there is a major risk for artifact poisoning - a technique in which attackers replace the content of a legitimate artifact with a modified malicious one and thereby initiate a supply chain attack,” researchers from supply chain security firm Legit Security said in an analysis of the issue.To read this article in full, please click here | ★★★ | ||
|
2022-12-01 02:00:00 | 8 things to consider amid cybersecurity vendor layoffs (lien direct) | 2022 has been a heavy year for layoffs in the technology sector. Whether due to budget restraints, mergers and acquisitions, streamlining, or economic reasons, TrueUp's tech layoff tracker has recorded over 1000 rounds of layoffs at tech companies globally so far, affecting more than 182,000 people. Some of the biggest tech companies in the world have announced significant staff cuts, including Amazon, Twitter, Meta, and Salesforce. Although perhaps less severely affected, cybersecurity vendors haven't been immune. Popular security firms including Snyk, Malwarebytes, Tripwire, Cybereason, and Lacework have made notable workforce cuts this year, albeit for varying reasons from shifting business strategies to increasing cash runway.To read this article in full, please click here | ★★ | ||
|
2022-11-30 12:09:00 | Fortanix unveils AWS integration for centralized key management (lien direct) | Cloud security vendor Fortanix has updated its Data Security Manager to incorporate support for AWS' external encryption key store system, adding another major public cloud vendor to the list of those supported for the company's key management system.With this week's update, Fortanix, which already supports this type of cloud key management system in Azure and Google Cloud, is trying to solve one of the major security and regulatory problems posed by multicloud environments. Every public cloud provider has its own management service for digital keys, which generally don't integrate with services provided by other vendors. That's a serious headache for companies whose IT departments use products hosted in different clouds.To read this article in full, please click here | ★★ | ||
|
2022-11-30 10:31:00 | AWS\' Inspector offers vulnerability management for Lambda serverless functions (lien direct) | Amazon Web Services has announced AWS Lambda serverless function support for its automated vulnerability management service, Amazon Inspector, and a new automated sensitive data discovery capability in its machine learning security and privacy service, Amazon Macie.Both announcements were made during the AWS Re:Invent 2022 conference in Las Vegas this week. They follow other security-focused AWS releases including the launch of Wickr, a new encrypted messaging service for enterprises and Amazon Security Lake, which centralizes an organization's security data from cloud and on-premises sources into a purpose-built data lake in its AWS account.To read this article in full, please click here | Vulnerability | ★★★ | |
|
2022-11-30 06:12:00 | AWS launches new cybersecurity service Amazon Security Lake (lien direct) | Amazon Web Services (AWS) has launched a new cybersecurity service, Amazon Security Lake, which automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer's AWS account, the company said in a statement. “Customers must be able to quickly detect and respond to security risks so they can take swift action to secure data and networks, but the data they need for analysis is often spread across multiple sources and stored in a variety of formats,” Jon Ramsey, vice president for Security Services at AWS said in a statement. “Amazon Security Lake lets customers of all sizes securely set up a security data lake with just a few clicks to aggregate logs and event data from dozens of sources, normalize it to conform with the Open Cybersecurity Schema Framework (OCSF) standard, and make it more broadly usable so customers can take action quickly using their security tools of choice.”To read this article in full, please click here | ★★ | ||
|
2022-11-30 02:00:00 | What is Ransom Cartel? A ransomware gang focused on reputational damage (lien direct) | Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil.To read this article in full, please click here | Ransomware Malware | ★★ | |
|
2022-11-30 02:00:00 | 5 top qualities you need to become a next-gen CISO (lien direct) | Ransomware and data breaches pose a massive risk to organizations, resulting in loss of customer trust and shareholder value, reputation damage, hefty fines, and penalties. Cyber risk is a top concern in US corporate boardrooms, elevating the role of the chief information security officer to rapid prominence. More than half (61%) of CISOs report to a board and board members are increasingly interested in what CISOs have to say. But technical skills alone won't suffice for today's CISO. Here are the top qualities that identify a next-generation chief information security officer.To read this article in full, please click here | ★★ | ||
|
2022-11-29 02:00:00 | How to build a public profile as a cybersecurity pro (lien direct) | Cybersecurity professionals interested in raising their profiles as subject matter experts can count on social media to become more visible. With everyone being online this may not be enough though. CSO spoke to Forrester analyst Jinan Budge and cybersecurity professionals Katie Moussouris, Troy Hunt, Rachel Tobac, and Christina Morillo about their journeys and their tips for those who want to build their public profile.Some of these professionals have been known for their work for more than two decades while others may have become more prominent in the last decade. But they have all seen and experienced the good and the bad.Step 1: Define your cybersecurity area of expertise and what success mean to you Professionals can use many channels to share their knowledge: blogs, video content, tweets, etc. How a professional decides to share knowledge will vary and it may not work in the first attempt, but one thing is key: Be yourself and discuss a topic you are comfortable with and understand.To read this article in full, please click here | ★★ | ||
|
2022-11-28 13:58:00 | BrandPost: Threat Notification Isn\'t the Solution – It\'s a Starting Point (lien direct) | Most organizations have the tools in place to receive notification of attacks or suspicious events. But taking the information gleaned from cybersecurity tools is only step one in handling a security threat.“The goal of a security practitioner is to link those data sets together and do something with the information,” says Mat Gangwer, VP of managed detection and response at Sophos. “The threat notification is just the beginning.”It's a common misconception that a tool has effectively blocked or remediated an issue simply because the IT or security team have received a notification of malicious activity.To read this article in full, please click here | Tool Threat | ★★ | |
|
2022-11-28 13:56:00 | Financial services increasingly targeted for API-based cyberattacks (lien direct) | A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical more than tripling in the past year.APIs are a core part of how financial services firms are changing their operations in the modern era, Akamai said, given the growing desire for more and more app-based services among the consumer base. The pandemic merely accelerated a growing trend toward remote banking services, which led to a corresponding growth in the use of APIs.To read this article in full, please click here | ★★ | ||
|
2022-11-28 12:04:00 | BrandPost: 5 Reasons to Protect the Performance and Security of Your Pharmaceutical Business (lien direct) | One of the greatest lessons resulting from the COVID-19 pandemic is to expect the unexpected and proactively prepare for future unknowns. Like many others, the pharmaceutical industry has been revolutionized by accelerated digital transformation over the last few years. Research has shown that pharma leaders investing in the Internet of Things (IoT) are better equipped to overcome unforeseen challenges.For these proactive pharmaceutical leaders, two major areas have become increasingly important: preventing network outages and increasing security against cyberattacks. The 2021 State of Pharmaceuticals and Cybersecurity Report from Fortinet found that in the last year, 40% of businesses experienced outages affecting productivity, safety, compliance, revenue, or brand image. These outages are no small glitches: Industry experts estimate the total downtime cost (TDC) of a production disruption ranges from $100,000 to $500,000 per hour. A few disruptions a year can have a massive effect on the bottom line. This necessitates network and application performance management to minimize downtime.To read this article in full, please click here | Guideline | ★★ | |
|
2022-11-28 09:12:00 | AWS releases Wickr, its encrypted messaging service for enterprises (lien direct) | The release of the enterprise version of the encrypted messaging service, announced at AWS re:Invent, is designed to allow secure collaboration across messaging, voice, video and file sharing. | ★★ | ||
|
2022-11-28 08:10:00 | Website offering spoofing services taken offline after joint operation (lien direct) | Judicial and law enforcement authorities in Europe, Australia, the US, Ukraine, and Canada took down a so-called spoofing website that allowed fraudsters to impersonate trusted corporations or contacts in order to steal more than $120 million from victims.In a coordinated action led by the UK and supported by Europol and EU judicial cooperation agency Eurojust, a total of 142 suspects were arrested, including the main administrator of the website, according to a statement posted by Europol on November 24.The website provided a paid-for service that provided those who signed up with the ability to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords. During the 16 months the website was live, Europol reported that the site took $3.8 million in fees, while enabling its customers to generate $120 million from illegal 'spoofing' campaigns.To read this article in full, please click here | Legislation | ★★★ | |
|
2022-11-28 07:08:00 | EU Council adopts NIS2 directive to harmonize cybersecurity across member states (lien direct) | The Council of the European Union (EU) has adopted a new cybersecurity directive designed to improve resilience and incident response capacities across the EU, replacing NIS, the current directive on the security of network and information systems.The new directive, NIS2, will set the baseline for cybersecurity risk management measures and reporting obligations across sectors and aims to harmonize cybersecurity requirements and implementation of measures in different member states.NIS2 enhances EU incident management cooperation “NIS2 will set the baseline for cybersecurity risk management measures and reporting obligations across all sectors that are covered by the directive, such as energy, transport, health and digital infrastructure,” read an EU Council press release.To read this article in full, please click here | ★★★ | ||
|
2022-11-28 06:22:00 | 500 million WhatsApp mobile numbers up for sale on the dark web (lien direct) | A database of 487 million WhatsApp users' mobile numbers has been put up for sale on a hacking community forum. The data set contains WhatsApp user data from more than 84 countries, the post shows. The story was first reported by Cybernews.The seller of the leaked data is also offering it through the controversial messaging app Telegram, where the person or the group goes by handle “Palm Yunn.” On the hacking community forum, the user is listed as “Agency123456.” The seller claims the database is from 2022.To read this article in full, please click here | ★★ | ||
|
2022-11-28 02:00:00 | Top 7 CIAM tools (lien direct) | Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. To helps organizations compare their needs against the options in the market, CSO prepared a list with the top seven vendors in the market.To decide for the right CIAM product, organizations must balance the ease of the login experience with a kaleidoscope of business goals for how customers sign-in and leverage their accounts. Marketers want to collect data about customers and their devices. Privacy officers want to ensure the data collection process is fully compliant with privacy regulations. And security and risk professionals want to ensure the integrity of accounts and minimize fraudulent usages of customer credentials.To read this article in full, please click here | Studies | ★★★ | |
|
2022-11-28 02:00:00 | Here is why you should have Cobalt Strike detection in place (lien direct) | Google recently released a list of YARA detection rules for malicious variants of the legitimate Cobalt Strike penetration testing framework that are being used by hackers in the wild. Cobalt Strike is a commercial attack framework designed for red teams that has also been adopted by many threat actors, from APT groups to ransomware gangs and other cybercriminals.Living off the land is a common tactic The abuse by attackers of system administration, forensic, or security tools that are either already installed on systems or can be easily deployed without raising suspicion has become extremely common. The use of this tactic, known as living off the land (LOTL), used to be a telltale sign of sophisticated cyberespionage groups who moved laterally through environments using manual hacking and placed great value on stealth.To read this article in full, please click here | Ransomware Threat | ★★★★ | |
|
2022-11-25 05:05:00 | Cybercriminals are increasingly using info-stealing malware to target victims (lien direct) | Cybercriminals are increasingly shifting from automated scam-as-a-service to more advanced info stealer malware distributors as the competition for resources increases, and they look for new way to make profits, according to a report by Group-IB. The cybersecurity company has identified 34 Russian-speaking groups distributing info-stealing malware under the stealer-as-a-service model.Info stealer malware collects users' credentials stored in browsers, gaming accounts, email services, social media, bank card details, and crypto wallet information from infected computers, and sends the data to the malware operator. This data is then sold or used for fraud on the dark web. To read this article in full, please click here | Malware | ||
|
2022-11-24 02:00:00 | DUCKTAIL malware campaign targeting Facebook business and ads accounts is back (lien direct) | A group of attackers, likely based in Vietnam, that specializes in targeting employees with potential access to Facebook business and ads management accounts, has re-emerged with changes to its infrastructure, malware, and modus operandi after being initially outed a few months ago.Dubbed DUCKTAIL by researchers from WithSecure, the group uses spear phishing to target individuals on LinkedIn who have job descriptions that could suggest they have access to manage Facebook business accounts. More recently, the attackers were also observed targeting victims via WhatsApp. The compromised Facebook business accounts are used to run ads on the platform for attackers' financial gain.To read this article in full, please click here | Malware | ||
|
2022-11-24 02:00:00 | EPSS explained: How does it compare to CVSS? (lien direct) | The Common Vulnerability Scanning System (CVSS) is the most frequently cited rating system to assess the severity of security vulnerabilities. It has been criticized, however, as not being appropriate to assess and prioritize risk from those vulnerabilities. For this reason, some have called for using the Exploit Prediction Scoring System (EPSS) or combining CVSS and EPSS to make vulnerability metrics more actionable and efficient. Like CVSS, EPSS is governed by the Forum of Incident Response and Security Teams (FIRST).To read this article in full, please click here | Vulnerability | ||
|
2022-11-23 10:37:00 | Meta outlines US involvement in social media disinformation in new report (lien direct) | A report released by Meta's security team describes the company's shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military.“Coordinated inauthentic behavior” is Meta's term for misinformation activity performed by groups of social media accounts on its platforms that target particular groups or demographics. CIB groups, the company said in a 2018 official blog post, are targeted for removal not because of the content that they share, but because of their deceptive nature.To read this article in full, please click here | ★★ | ||
|
2022-11-23 07:56:00 | The Biden administration has racked up a host of cybersecurity accomplishments (lien direct) | When it comes to hitting the ground running on cybersecurity, the Biden administration has engaged in an extensive set of initiatives that far outstrip those of the Trump administration – and even those of the Obama administration, which established the previous highwater mark for cybersecurity actions. In mid-October, the White House issued a fact sheet about the Biden-Harris administration's “relentless focus” on improving the nation's cybersecurity to tout its impressive sprint.To read this article in full, please click here | |||
|
2022-11-23 07:12:00 | UK finalizes first independent post-Brexit data transfer deal with South Korea (lien direct) | The UK has finalized its first independent data adequacy decision since leaving the European Union (EU) which will allow UK organisations to securely transfer personal data to the Republic of Korea without restrictions by the end of the year. The UK government stated that the new legislation, first agreed upon in principle in July, will allow businesses in both countries to share data more easily, enhancing opportunities for cooperation and growth. The decision comes following a full assessment of the Republic of Korea's personal data legislation, with the UK government concluding that the nation has strong privacy laws in place that will protect data transfers while upholding the rights and protections of UK citizens.To read this article in full, please click here | |||
|
2022-11-23 02:00:00 | How to reset a Kerberos password and get ahead of coming updates (lien direct) | Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. If you've followed my advice, you are already one step ahead of the side effects caused by the November updates that introduced Kerberos changes.While many of you may be waiting to install the “fixed” versions of the updates that deal with the introduced authentication issues, or you may wish to install the out-of-band updates that will fix the side effects, there are more steps to do this patching month and in the months ahead.To read this article in full, please click here | Patching | ★★★★ | |
|
2022-11-23 02:00:00 | Online retailers should prepare for a holiday season spike in bot-operated attacks (lien direct) | With the holiday shopping season in full swing, retail websites can expect a spike in account takeover fraud, DDoS, and other attacks, including attacks via APIs, which now represent almost half of e-commerce traffic.According to a recent report from application and data security company Imperva, bots account for more than 40% of traffic to online retail websites on average, with around 24% of traffic coming from “bad bots” that engage in various forms of automated attacks.“The high risk for e-commerce is more noticeable during the holiday shopping season, which now begins as early as October,” the company said. “Bad actors have gotten wise to consumer shopping patterns, which start weeks before significant events like Black Friday due to shipping delays and item availability concerns, as well as marketing tactics such as shops offering unbeatable deals weeks before Black Friday.”To read this article in full, please click here | ★★ | ||
|
2022-11-22 09:36:00 | Microsoft Azure launches DDoS IP protection for SMBs (lien direct) | Microsoft is extending the Azure DDoS Protection family with a new product focusing on small and medium-size businesses (SMBs). The product, DDoS IP Protection for SMBs, was announced at Microsoft's Ignite conference and is now in public preview.DDoS IP Protection for SMBs is designed to provide enterprise-grade DDoS (distributed denial of service) protection at a price that's attractive to SMBs, Microsoft said. With the new product, Microsoft's Azure DDoS Protection family now has two programs, DDoS IP Protection for SMBs and DDoS Network Protection for enterprises.To read this article in full, please click here | ★★★★ | ||
|
2022-11-22 02:00:00 | Know thy enemy: thinking like a hacker can boost cybersecurity strategy (lien direct) | As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they're after.That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says. Or it could mean deliberately disorienting them by creating scenarios that don't match up to those expectations. “It's about how to drive defenses by knowing how the adversaries actually behave,” says Morovitz, who is also group leader for MITRE Engage, a cyber adversary engagement framework.To read this article in full, please click here | Hack Threat Guideline | ★★★ | |
|
2022-11-21 11:59:00 | BrandPost: 6 Questions to Ask Before You Hire a Managed Security Services Provider (lien direct) | Gartner forecasts that information security spending will reach $187 billion in 2023, an increase of 11.1% from 2022. In tandem with this spending, the analyst firm alsopredicts that by 2025, a single centralized cybersecurity function will not be agile enough to meet the needs of a digital organization.To read this article in full, please click here | Guideline | ||
|
2022-11-21 07:02:00 | Luna Moth callback phishing campaign leverages extortion without malware (lien direct) | Palo Alto's Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and are evolving their tactics over time. Unit 42 stated that the campaign has cost victims hundreds of thousands of dollars and is expanding in scope.Luna Moth removes malware portion of phishing callback attack Callback phishing – or telephone-oriented attack delivery (TOAD) – is a social engineering attack that requires a threat actor to interact with the target to accomplish their objectives. It is more resource intensive but less complex than script-based attacks and it tends to have a much higher success rate, Unit 42 wrote in a blog posting. Actors linked to the Conti ransomware group had success with this type of attack with the BazarCall campaign, which focused on tricking victims into downloading the BazarLoader malware. This malware element is synonymous with traditional callback phishing attacks. Interestingly, in this campaign, Luna Moth does away with the malware portion of the attack, instead using legitimate and trusted systems management tools to interact directly with a victim's computer to manually exfiltrate data for extortion. “As these tools are not malicious, they're not likely to be flagged by traditional antivirus products,” the researchers wrote.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-11-21 02:00:00 | How remote working impacts security incident reporting (lien direct) | The ability for employees to work remotely comes with many benefits, from better work-life balance to lower expenses to higher productivity. But a widely dispersed workforce can pose some great challenges for security teams, not least of which is how remote work affects security incident reporting. With companies growing more accustomed to implementing security technologies and processes better attuned to mass remote working, incident reporting has the potential to become a major stumbling block.Along with introducing and maintaining such protocols as remote-appropriate identity access and authorization practices, security teams must also review and adjust their reporting policies to reflect the nature of remote work or expose their organizations to significant security threats.To read this article in full, please click here | |||
|
2022-11-18 10:32:00 | Almost half of customers have left a vendor due to poor digital trust: Report (lien direct) | Forty-seven percent of consumers have stopped doing business with a company after losing trust in that company's digital security, according to new research from certificate authority and cybersecurity vendor DigiCert.The findings, which have been compiled in the company's 2022 State of Digital Trust Survey, also revealed that 84% of customers would consider switching if they were to lose trust in a company, with 57% saying switching would be likely. The survey was administered as a phone and email survey to 400 enterprises and 400 consumers around the world.To read this article in full, please click here | |||
|
2022-11-18 09:02:00 | India drafts new privacy bill for transfer of personal data internationally (lien direct) | The Indian federal government on Friday published a new draft of data privacy laws that would allow personal data transfer to other nations under certain conditions, and impose fines for breaches of data-transfer and data-collection regulations.The proposed legislation has been in the works for about four years. Up until now, the Reserve Bank of India has enacted regulations that make businesses keep transaction data within the country. The government, though, has not issued more general data protection regulations such as the EU's GDPR (General Data Protection Regulation), so companies have been exporting personal data in the absence of clear privacy rules.To read this article in full, please click here | |||
|
2022-11-18 03:57:00 | Noname Security releases Recon attack simulator (lien direct) | As breaches increase and companies scramble to go from a defensive to an offensive approach, API-focused Noname Security has launched Recon, whice simulates an attacker performing reconnaissance on an organization's domains.Recon works from a root-level domain to find other domains, shadow domains, sub-domains, APIs, vulnerabilities, and public issues that put the organization at risk, according to Noname. “Then we start looking at, both actively and passively looking at any API-related information pertaining to those domains,” Troy Leilard, regional solution architect lead ANZ, tells CSO.To read this article in full, please click here | Guideline | ||
|
2022-11-17 13:50:00 | BrandPost: Fortinet\'s FortiGuard Labs Recaps State of Ransomware Settlements (lien direct) | It's painfully obvious at this point that ransomware continues to grow in popularity. As Fortinet's FortiGuard Labs team found, the number of new ransomware variants doubled in just the first half of 2022 compared to the previous six-month period. It's no wonder more companies are turning to cyber insurance to help recoup their losses when they do have to pay a ransomware settlement.That's an option – but think of it as a parachute for your parachute; it doesn't take the place of having all of your other safety guards in place. Cyber insurance can also be a double-edged sword. It has grown in popularity and usually compensates for losses brought on by hacking and data theft, extortion and destruction. Because it sometimes covers ransomware costs, it may seem like a reasonable way to address this threat.To read this article in full, please click here | Ransomware | ||
|
2022-11-17 02:00:00 | Android security: Which smartphones can enterprises trust? (lien direct) | Google's Android operating system dominates smartphone usage throughout the world - in every region except North America and Oceania, in fact. Thus, businesses in many regions are likely to support and issue Android devices to employees as their mainstay mobile devices. Even in areas where Apple's iPhone dominates or is comparable in market share, businesses are likely to support or issue Android devices at least as a secondary option.But Android security has long been an IT concern, despite significant security improvements made to the platform a decade ago in response to security standards put in place for iPhones, which quickly gained the security seal approval as a result. That makes the buying and support decision around Android phones more complex for CISOs - whether as corporate-liable devices (that is, the devices that enterprises buy for their employees) or as employee-liable devices or bring-your-own devices (BYOD) that IT allows access at least to work email and calendars, and often to web-based services.To read this article in full, please click here | APT 32 | ||
|
2022-11-16 10:25:00 | Offboarding processes pose security risks as job turnover increases: Report (lien direct) | Research from YouGov finds that poor offboarding practices across industries including healthcare and tech are putting companies at risk, including for loss of end-user devices and unauthorized SaaS application use. | |||
|
2022-11-16 08:47:00 | BrandPost: Insider Risk vs. Malware – Why Insider Risk Requires a New Approach (lien direct) | Security teams focused on mitigating data loss threats are increasingly facing challenges that come from the way their own coworkers across the business get their jobs done. Years of digitization, hybrid and remote work, and empowering employees to collaborate effectively from anywhere has changed the structure of data in most organizations.Annual Code42 Data Exposure Report research shows the Insider Risk problem keeps getting bigger. Employees are 85% more likely to leak or take data today than pre-pandemic, and there's a 1 in 3 chance that you're losing critical intellectual property every time an employee leaves the company. But it's not just the proliferation of cloud tools and remote work that's accelerating the problem. In many ways, the mindset and strategies that security teams use to attack insider threats are actually aggravating the issue.To read this article in full, please click here | Malware | ||
|
2022-11-16 05:15:00 | Palo Alto releases PAN-OS 11.0 Nova with new evasive malware, injection attack protection (lien direct) | Palo Alto Networks has announced PAN-OS 11.0 Nova, the latest version of its PAN-OS software, featuring new product updates and features. These include the Advanced WildFire cloud-delivered security service to help protect against evasive malware and the Advanced Threat Prevention (ATP) service, which protects against injection attacks. The cybersecurity vendor also revealed new web proxy support and enhanced cloud access security broker (CASB) integration with new SaaS security posture management (SSPM) capabilities.In a press release, Anand Oswal, senior VP network security at Palo Alto Networks, said that the new version of Nova is now able to stop 26% more zero-day malware than traditional sandboxes and detect 60% more injection attacks. The updates are the latest in a series of security releases from Palo Alto in 2022.To read this article in full, please click here | Malware Threat | ||
|
2022-11-16 02:00:00 | XDR: Still confusing after all these years (lien direct) | We've been discussing extended detection and response (XDR) for years now, but a fundamental question remains: Just what the heck are we talking about, anyway?Alarmingly, this continues to be a pertinent question. According to ESG research, 62% of security professionals claim to be “very familiar” with the term XDR, up from just 24% in 2020. An improvement, but still 29% are only somewhat familiar, not very familiar, or not at all familiar with XDR. So, despite industry hyperbole, arm waving at the RSA conference, and cacophony of XDR talking heads, nearly one in five security professionals haven't received the message.To read this article in full, please click here | |||
|
2022-11-15 13:42:00 | ForgeRock set to roll out new IAM capabilities designed for the cloud (lien direct) | Identity and access management (IAM) vendor ForgeRock said Tuesday that it's set to start rolling out its new Identity Governance offering-a cloud-based security and governance product designed to provide one-stop shopping for organizations looking to solve access management issues.There are three main components to ForgeRock's newest IAM product, according to the company. The first, comprising access certifications, provides AI-generated recommendations to decision-makers on whether to grant access to a given system to users or applications. The second component, which deals with access requests, offers automated application access and an automated, always-on self-service portal. Finally, Identity Governance provides a “segregation of duties” feature that is designed to aid in compliance with regulatory requirements.To read this article in full, please click here | |||
|
2022-11-15 13:21:00 | Cohesity previews AI-powered ransomware protection suite, Datahawk (lien direct) | Backup and data management vendor Cohesity has started to preview a new ransomware protection SaaS product called Datahawk, which leverages AI and a host of other capabilities to help companies defend their data against bad actors.There are three core components to Datahawk, according to Cohesity. The first is a ransomware detection engine that uses deep learning to quickly scan for anomalous behavior, potential threats and other indicators of possible ransomware attacks. This system works via a preset list of indicators of concern, which, the company said, will be updated daily.To read this article in full, please click here | Ransomware | ||
|
2022-11-15 04:30:00 | Global 2000 companies failing to adopt key domain security measures (lien direct) | Forbes Global 2000 companies are failing to adopt key domain security measures, exposing them to significant security risks, according to CSC's Domain Security Report 2022. The enterprise-class domain registrar and Domain Name System (DNS) threats mitigator found that 75% of Global 2000s have implemented fewer than half of all domain security measures with Domain-based Message Authentication, Reporting, and Conformance (DMARC), the only domain security measure with significantly increased adoption since 2020. The data follows Akamai research from August, which discovered increased malicious domain activity and phishing toolkit reuse based on DNS data.To read this article in full, please click here | ★★★★★ | ||
|
2022-11-15 03:53:00 | Meta\'s new kill chain model tackles online threats (lien direct) | In April 2014, Lockheed Martin revolutionized the cyber defense business by publishing a seminal white paper Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. This document sparked a new wave of thinking about digital adversaries, specifically, nation-state advanced persistent threat groups (APTs).The authors of the paper argued that by leveraging the knowledge of how these adversaries operate, cyber defenders “can create an intelligence feedback loop, enabling defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt.” This so-called kill chain model could “describe phases of intrusions, mapping adversary kill chain indicators to defender courses of action, identifying patterns that link individual intrusions into broader campaigns, and understanding the iterative nature of intelligence gathering form the basis of intelligence-driven computer network defense.”To read this article in full, please click here | Threat | ★★ | |
|
2022-11-15 02:00:00 | Build a mature approach for better cybersecurity vendor evaluation (lien direct) | Seasoned CISO Mike Manrod knows the value of a good cybersecurity vendor evaluation. He recalls that in a past job he inherited some very expensive vaporware under a long-term services agreement. His predecessor had purchased an “innovative” beta identity and access management platform but hadn't done any analysis on the product, simply accepting the vendor's claims of its efficacy. It was a dud.Inversely, as CISO at his current company Grand Canyon Education, Manrod set his team up to evaluate an allegedly “brilliant” web application security product only to discover through testing that its client-side validation was easy to bypass and thus subvert the product. That basic test saved them from making an expensive mistake. “Startups are trysforming, and sometimes they go back to the drawing board. Nothing wrong there, but if we as security leaders purchase something that's not ready yet, that's on us,” he says.To read this article in full, please click here | Guideline | ||
|
2022-11-14 12:16:00 | BrandPost: Cybersecurity as a Service: What Is It? And Is It Right for Your Business? (lien direct) | With budgets tightening and security talent difficult to find, a growing number of organizations are taking a close look at Cybersecurity as a Service (CSaaS) – an outsourced model of managing risk on a pay-as-you-go basis.Managed security services are not new, but the CSaaS market has changed in recent years as data sharing and digital work systems have shifted. Organizations that may not have prioritized security are increasingly turning to outside specialists to meet their cybersecurity needs. Some of the services CSaaS provides include threat monitoring and detection and incident response.To read this article in full, please click here | Threat | ||
|
2022-11-14 06:05:00 | New York-barred attorneys required to complete cybersecurity, privacy, and data protection training (lien direct) | New York-barred attorneys will be required to complete one continuing legal education (CLE) credit hour of cybersecurity, privacy, and data protection training as part of their biennial learning requirement beginning July 1, 2023. New York is the first jurisdiction to stipulate this specific requirement as the state aims to emphasize the technical competence duty of lawyers to meet professional, ethical and contractual obligations to safeguard client information.Lawyers have ethical obligations and professional responsibilities around cybersecurity A New York Courts document outlined a new category of CLE credit – Cybersecurity, Privacy and Data Protection – that has been added to the CLE Program Rules. This category is defined in the CLE Program Rules 22 NYCRR 1500.2(h) and clarified in the Cybersecurity, Privacy, and Data Protection FAQs and Guidance document. “Providers may issue credit in cybersecurity, privacy, and data protection to attorneys who complete courses in this new category on or after January 1, 2023,” it stated. It also noted changes to both Experienced and Newly Admitted Attorney Biennial CLE requirements to include one credit hour of training in cybersecurity, privacy and data protection.To read this article in full, please click here | |||
|
2022-11-14 02:00:00 | How Cisco keeps its APIs secure throughout the software development process (lien direct) | Software developers know not to reinvent the wheel. So, they lean on reusable micro-services – and their corresponding application programming interfaces (APIs) – as building blocks for application components. “Developers want to focus on the added value they can bring instead of rebuilding things that have great solutions out there already,” says Grace Francisco, vice president of developer relations, strategy, and experience at Cisco. “APIs make that easy for developers to consume.”And they have been consuming: Nearly 90% of developers use APIs in some capacity, according to a 2020 SlashData survey.To read this article in full, please click here | |||
|
2022-11-11 02:00:00 | Cybersecurity startups to watch for in 2023 (lien direct) | The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base.The downside, of course, is that startups often lack resources and maturity. It's a risk for a company to commit to a startup's product or platform, and it requires a different kind of customer/vendor relationship. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.To read this article in full, please click here | |||
|
2022-11-11 01:54:00 | Medibank hackers revealed to be in Russia (lien direct) | The Australian Federal Police has revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia.On October 13, Medibank paused trading in the Australian Securities Exchange and announced there had been a “cyber incident”. At the time the company believed no data had been accessed and that the main issue was at its ahm and international student policy management units.But what started as the second largest breach in Australia's history slowly unraveled into a potentially much more harmful breach than the infamous Optus breach, which impacted a third of the Australian population.To read this article in full, please click here | Data Breach | ||
|
2022-11-10 13:34:00 | Lacework releases cloud-native application security service (lien direct) | Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture.There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework's apparatus. The first is attack path analysis, which uses Lacework's systems to analyze configurations, network topography and more to provide a visual representation of possible ways in which bad actors could compromise application workloads. The system searches for misconfigurations, open network access, identity management roles and known software vulnerabilities to create its diagnosis.To read this article in full, please click here |
To see everything:
Our RSS (filtrered)
