What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-21 03:00:00 | IoT security strategy from those who use connected devices (lien direct) | IoT devices pose significant threats to enterprises because of lack of visibility into what devices are on enterprise networks and inadequate use of monitoring tools to watch for malicious behaviors. | |||
|
2022-10-20 15:49:00 | BrandPost: DDoS Threat Intelligence Report Reveals Troubling Attacker Behavior (lien direct) | If there's one consistent quality shared by all cybercriminals, it's they never fail to innovate to get what they want – whether that's to spy; spread mayhem, or access sensitive corporate data, personal information, or lucrative financial details. This certainly holds true for our findings in the newest DDoS Threat Intelligence Report, which launches September 27, 2022. As we discussed in a previous blog, we have changed the formatting of the report to make the data more accessible and reader-friendly, essentially breaking it into eight vignettes that cover geographical findings as well as several troubling trends. In addition to data for four geographical regions - North America, Latin America; Asia Pacific (APAC); and Europe, Middle East, and Africa (EMEA) - the following new sections cover a number of attack trends.To read this article in full, please click here | Threat | ||
|
2022-10-20 13:11:00 | 96% of companies report insufficient security for sensitive cloud data (lien direct) | The vast majority of organizations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA).The CSA report surveyed 1,663 IT and security professionals from organizations of various sizes and in various locations."Only 4% report sufficient security for 100% of their data in the cloud. This means that 96% of organizations have insufficient security for at least some of their sensitive data," according to the report, which was sponsored by data intelligence firm BigID.Apart from struggling with securing sensitive data, organizations are also having trouble tracking data in the cloud. Over a quarter of organizations polled aren't tracking regulated data, nearly a third aren't tracking confidential or internal data, and 45% aren't tracking unclassified data, the report said.To read this article in full, please click here | |||
|
2022-10-20 10:28:00 | With Conti gone, LockBit takes lead of the ransomware threat landscape (lien direct) | The number of ransomware attacks observed over the previous three months declined compared to the previous quarter, according to reports from two threat intelligence companies. However, the gap left by the Conti gang has been filled by other players, with LockBit cementing itself in the top position and likely to serve as a future source for ransomware spin-offs.From July to September, security firm Intel 471 counted 455 attacks from 27 ransomware variants, with LockBit 3.0 being responsible for 192 of them (42%). Meanwhile, security firm Digital Shadows tracked around 600 ransomware victims over the same time period, with LockBit accounting for 35% of them.To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-10-20 07:37:00 | Securing your organization against phishing can cost up to $85 per email (lien direct) | As phishing attacks increase, preventing them from doing damage is proving costly for organizations. Phishing-related activities are consuming a third of the total time available to IT and security teams and costing organizations anywhere between $2.84 and $85.33 per phishing email, according to a new report by Osterman Research.The report does not calculate the cost of damage caused by phishing, rather the productivity loss of IT and security teams.On average, organizations spend 16-30 minutes dealing with each phishing email identified in their email infrastructure, said the report, commissioned by email security firm Ironscales.To read this article in full, please click here | |||
|
2022-10-20 06:01:00 | Financial losses to synthetic identity-based fraud to double by 2024 (lien direct) | Losses to imposter scams based on synthetic identities-identities that only exist as figments in a credit reporting bureau's records-will rise from a reported $1.2 billion in 2020 to $2.48 billion by 2024 in the US, according to an analysis published Thursday by identity verification vendor Socure.Synthetic identities became a common concern for businesses and financial institutions in the mid-2010s, Socure's report said. Typically, such an identity is based on a real person, but with a slight tweak to some piece of personally identifiable information, like a different date of birth or Social Security number.This altered identity is frequently verified by nothing more than a credit check-which means that it's rarely detected. A fraudster can then use the identity for a wide array of purposes, including different types of loan applications and credit cards.To read this article in full, please click here | |||
|
2022-10-20 06:00:00 | Attackers switch to self-extracting password-protected archives to distribute email malware (lien direct) | Distributing malware inside password-protected archives has long been one of the main techniques used by attackers to bypass email security filters. More recently, researchers have spotted a variation that uses nested self-extracting archives that no longer require victims to input the password.“This is significant because one of the most difficult obstacles threat actors face when conducting this type of spam campaign is to convince the target to open the archive using the provided password,” researchers from Trustwave SpiderLabs said in a new report.To read this article in full, please click here | Spam Malware Threat | ||
|
2022-10-20 04:23:00 | High, medium severity vulnerabilities impacting Zimbra Collaboration Suite (lien direct) | Threat actors are actively exploiting multiple Common Vulnerabilities and Exposures (CVEs) against enterprise cloud-hosted collaboration software and email platform Zimbra Collaboration Suite (ZCS), according to an advisory update jointly issued by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The latest update lists CVEs currently being exploited based on a new Malware Analysis Report, MAR-10398871.r1.v2 and warns that threat actors may be targeting unpatched ZCS instances in both government and private sector networks.To read this article in full, please click here | Threat | ||
|
2022-10-19 12:03:00 | Supply chain attacks increased over 600% this year and companies are falling behind (lien direct) | The number of documented supply chain attacks involving malicious third-party components has increased 633% over the past year, now sitting at over 88,000 known instances, according to a new report from software supply chain management company Sonatype. Meanwhile, instances of transitive vulnerabilities that software components inherit from their own dependencies have also reached unprecedented levels and plague two-thirds of open-source libraries.“The networked nature of dependencies highlights the importance of having visibility and awareness about these complex supply chains,” Sonatype said in its newly released State of the Software Supply Chain report. “These dependencies impact our software so having an understanding of their origins is critical to vulnerability response. Many organizations did not have the needed visibility and continued their incident response procedures for Log4Shell well beyond the summer of 2022 as a result.”To read this article in full, please click here | Vulnerability | ||
|
2022-10-19 02:00:00 | 8 top multi-factor authentication products and how to choose an MFA solution (lien direct) | Today's credential-based attacks are much more sophisticated. Whether it's advanced phishing techniques, credential stuffing, or even credentials compromised through social engineering or breaches of a third-party service, credentials are easily the most vulnerable point in defending corporate systems. All these attacks key on traditional credentials, usernames and passwords, which are past their expiration date as a legitimate security measure. The most effective way forward in enhancing access security is implementing multi-factor authentication (MFA).Security professionals need control. In physical security this is often accomplished by limiting the points of entry, which allows security personnel to check IDs or have individuals walk through metal detectors. Before the explosion of the internet and web-based apps, the single digital point of entry was the corporate directory. Employees used a single set of credentials to authenticate and receive authorization to corporate resources and access business apps.To read this article in full, please click here | |||
|
2022-10-18 13:25:00 | BrandPost: 2022 Cloud-Native Threats (lien direct) | The inaugural 2022 Sysdig Cloud-Native Threat Report exposes some of the year's most pervasive and costly cloud threats. As organization's use of containers and cloud services continues to grow, attackers are turning their attention to the cloud.Just one threat actor can make substantial gains by simply taking advantage of misconfigurations and old exploits. They can earn thousands of dollars, almost passively off of their victims' cloud infrastructure.Containers allow developers to get infrastructure up and running fast, but if malicious code is hidden inside by an attacker, the entire infrastructure can be compromised.To read this article in full, please click here | Threat | ||
|
2022-10-18 11:59:00 | Millennials and Gen Z less likely to observe cybersecurity protocols than their elders (lien direct) | Millennials and Gen Z employees in the US are much less likely to prioritize or adhere to cybersecurity protocols than their older Gen X and Baby Boomer counterparts, according to a recent survey by EY Consulting.The survey suggests that despite understanding the need for security measures, younger, digitally native workers were significantly more likely to disregard mandatory IT updates for as long as possible (58% for Gen Z and 42% for millennials vs. 31% for Gen X and 15% for baby boomers). They were also more likely to use the same password for professional and personal accounts (30% for Gen Z and 31% for millennials vs. 22% for Gen X and 15% for baby boomers).To read this article in full, please click here | |||
|
2022-10-18 10:00:00 | BrandPost: How to prevent security practitioner burnout (lien direct) | Security operations centers (SOCs) play a pivotal role in defending against today's incessant cyber-attacks. Yet the people manning those centers are often stressed, burned out, and demotivated. A recent survey commissioned by @devo_Inc revealed that 71% of security professionals are likely to quit due to a combination of challenges in the SOC.It takes months to fill vacant positions, according to the survey, so understanding the causes of SOC staff burnout and how to resolve it is important. That's what members of #CIO TechTalk community recently attempted to get to the bottom of in a recent twitter chat sponsored by Devo.To read this article in full, please click here | |||
|
2022-10-18 09:47:00 | BrandPost: Why Unified Platforms Are the Future of Network Security (lien direct) | Today's complex cybersecurity landscape regularly exposes the weaknesses of disconnected security solutions. In breach after breach, we see attackers taking advantage of gaps and vulnerabilities in legacy systems and devices, underscoring the reality that a pieced-together security infrastructure is woefully inadequate for stopping modern, sophisticated threats.The lack of visibility and fragmented oversight across poorly integrated systems limits insights and compromises security across all environments. With network attacks booming, endpoints under duress from ransomware, and massive amounts of malware hiding in encrypted traffic, it's never been more important to centralize and unify the security of network environments, users, and devices.To read this article in full, please click here | Malware | ||
|
2022-10-18 09:40:00 | BrandPost: In an Increasingly Dangerous Cyberspace, MFA Is Not Optional (lien direct) | Many of the most prominent cybersecurity incidents have resulted from attackers using stolen credentials (username and password) to gain access to networks. In an all-too-familiar pattern, last year's Colonial Pipeline ransomware attack, which crippled the delivery of fuel supplies to the Southeastern U.S. for days, began with attackers using a stolen password to gain access to a legacy VPN system.Clearly, organizations need to change the way they think about credentials used for access to data and network assets. That was underscored by a recent joint alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the cybersecurity watchdogs of several other countries, which pointed to the role that weak security controls play in breaches and the need to harden credentials (among other recommendations).To read this article in full, please click here | Ransomware | ||
|
2022-10-18 05:00:00 | GitGuardian adds IaC scanning to code security platform to protect SDLC (lien direct) | GitGuardian has added infrastructure-as-code (IaC) scanning to its code security platform to enhance the security of software development. The firm said the new feature will help security and development teams write, maintain, and run secure code, protecting the software development lifecycle (SDLC) against risks like tampering, code leakage and hardcoded credentials. The release reflects a growing industry focus on improving the cybersecurity of software development processes to help better protect widely used resources and supply chains from cyberthreats.Initial IaC focus on Terraform and AWS, Azure and Google Cloud to follow In a press release, GitGuardian stated that, while software-defined infrastructure unlocks speed and consistency for engineering teams, it is still fraught with risks. Gartner predicts that at least 99% of cloud security failures will be due to user fault and misconfigurations by 2023. Such errors propagate from code to cloud-native environments, exposing critical workloads and resources on the way, it added.To read this article in full, please click here | |||
|
2022-10-18 02:00:00 | Altruism under attack: why cybersecurity has become essential to humanitarian nonprofits (lien direct) | Humanitarian initiatives have always been of huge global importance, but perhaps never more so than over the past few years. The impacts of the COVID-19 pandemic, unprecedented shifts in weather patterns limiting resource availability and triggering mass migration, Russia's invasion of Ukraine, and some of the largest rises in living costs for decades have all brought new urgency to the vital support humanitarian work (often led by nonprofits) provides those in need.However, nonprofits engaging in humanitarian efforts are finding themselves faced with increasing cybersecurity risks and challenges that threaten their ability to provide relief successfully, safely, and securely. As a result, cybersecurity is increasingly playing a vital role in the future of the nonprofit-led humanitarian landscape.To read this article in full, please click here | |||
|
2022-10-18 02:00:00 | Election security, misinformation threats loom large ahead of the US midterms (lien direct) | As the United States nears the 2022 mid-term elections, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued two back-to-back public service announcements (PSAs) that address the state of play when it comes to election integrity. The first announcement, seemingly designed to enhance voters' faith in the election process, said the two agencies “assess that any attempts by cyber actors to compromise election infrastructure are unlikely to result in largescale disruptions or prevent voting.”To read this article in full, please click here | |||
|
2022-10-17 02:00:00 | Top skill-building resources and advice for CISOs (lien direct) | The role of the CISO has evolved, and so have the responsibilities. Some believe a CISO must have technical knowledge and experience as a cybersecurity professional, others think leadership skills such as being able to communicate with boards are what matters most.Ultimately, the hiring organisations will define what it needs in terms of cybersecurity to find the right person. In finance and insurance, for example, there will be specific rules that must be followed in different countries and cybersecurity leaders in such organisations may even be liable. In telecommunications, the skills required are likely to be more technical, whereas in government knowledge around governance and risk are top of the list.To read this article in full, please click here | Guideline | ||
|
2022-10-13 10:52:00 | New Chinese attack framework Alchimist serves Windows, Linux, and macOS implants (lien direct) | Researchers have discovered a new attack framework of Chinese origin that they believe is being used in the wild. The framework is made up of a command-and-control (C2) backend dubbed Alchimist and an accompanying customizable remote access Trojan (RAT) for Windows and Linux machines. The framework can also be used to generate PowerShell-based attack shellcode or distribute malicious implants for other platforms such as macOS.“Our discovery of Alchimist is yet another indication that threat actors are rapidly adopting off-the-shelf C2 frameworks to carry out their operations,” researchers from Cisco Talos said in a new report. “A similar ready-to-go C2 framework called 'Manjusaka' was recently disclosed by Talos.”To read this article in full, please click here | Threat | ||
|
2022-10-13 02:00:00 | What the Uber verdict means to CISOs: You\'re (probably) not going to jail (lien direct) | There seem to be two reactions to the verdict in the Sullivan case. One reaction, often from CISOs already stressed by being outside the room where it happens, is to decide that being a CISO isn't worth the risk – it already wasn't worth the stress. If the title is really Chief Scapegoat Officer, it's one thing to lose your job, but your freedom? That's across the line. The second reaction seems to be nonchalant. What's the big deal, after all? It's just one person, and there was some shady stuff going on over at Uber.To read this article in full, please click here | Uber Uber | ||
|
2022-10-12 15:17:00 | Malwarebytes pairs new MDR, EDR for overwhelmed cybersecurity teams (lien direct) | Addressing the shortage of skilled cybersecurity professionals, Malwarebytes on Wednesday launched Malwarebytes MDR (managed detection and response), pairing EDR (end point detection and response) technology with a dedicated team of security analysts, providing both automated and human lines of defense.In doing so, the company says, the new MDR service helps reduce the need for security teams to dedicate a large staff to prioritize, triage and respond to threats.To read this article in full, please click here | |||
|
2022-10-12 13:04:00 | Portnox adds IoT fingerprinting to network access control service (lien direct) | Network security firm Portnox on Wednesday announced it is adding IoT fingerprinting features to the Portnox Cloud NAC-as-a-Service to allow companies to more easily identify and authorize devices on their networks. The IoT fingerprinting features add new device-identification techniques to the network access control product, including MAC address clustering and DHCP (Dynamic Host Configuration Protocol) gleaning. To read this article in full, please click here | |||
|
2022-10-12 08:41:00 | BrandPost: Gain Full Visibility for Threat Detection and Response with Deep Packet Inspection (lien direct) | Deep packet inspection (DPI) is a method of examining the content of data packets as they pass through the network. Contrary to conventional packet (or NetFlow) filters – which are devices that check only the packet headers for information regarding Internet Protocol (IP) address, source, and destination as well as port numbers - DPI examines a much larger range of metadata. The inspection process includes examining not just the header but also the data, or payload, the packet is carrying. So, why DPI for cybersecurity?The only place an attacker can't hide is on the network. DPI tools, as opposed to NetFlow-based tools, provide the most meaningful content possible in threat detection and response. This is because network packets cannot be altered, so they represent the absolute truth. A network detection and response (NDR) solution is the only way to expose bad actors and can work in conjunction with other tools such to increase the strength of your security stack. These include endpoint detection and response (EDR); security information and event management (SIEM); firewalls; security orchestration, automation and response (SOAR); and extended detection and response (XDR).To read this article in full, please click here | Threat | ||
|
2022-10-12 04:10:00 | Information overload, burnout, talent retention impacting SOC performance (lien direct) | While most security teams believe that security operations centers (SOCs) play a pivotal role in cybersecurity programs, several challenges are impacting SOC performance within businesses, according to a new report. Among these are information overload, worker burnout, and talent retention. The data comes from cybersecurity firm Devo following an independent survey of global SOC leaders (553) and staff members (547), and it adds evidence to reports of security operations becoming harder for teams to perform.SOC teams face numerous pain points, leaders and staff consider quitting In its 2022 Devo SOC Performance Report, the firm discovered that SOC professionals experience significant challenges while performing their duties as SOC leaders and their teams wrestle with several ongoing issues that hamper performance. What's more, Devo's findings suggest that some of the key SOC complications facing organizations date back to the start of the global COVID-19 pandemic in early 2020.To read this article in full, please click here | Guideline | ||
|
2022-10-12 02:52:00 | EU-US data sharing agreement: Is it a done deal? (lien direct) | With both Privacy Shield and Safe Harbor having been previously struck down by legal challenges, experts question whether US President Biden's executive order implementing the new Trans-Atlantic Data Policy Framework will stand up to scrutiny. | |||
|
2022-10-12 02:00:00 | China\'s attack motivations, tactics, and how CISOs can mitigate threats (lien direct) | A new report published by Booz Allen Hamilton provides detailed insight into global cyber threats posed by the People's Republic of China (PRC). The China Cyber Threat Report outlines Beijing's chief motivations for carrying out cyberattacks or espionage, the key tactics it employs, and provides strategies for CISOs to help their organizations to better identify and prepare for PRC cyber campaigns.Security, sovereignty, development: key PRC cyberattack motivators The report identifies three “core interests” over which China is willing to authorize offensive cyber operations if threatened, related to the nation's political system, territory, and economy:To read this article in full, please click here | Threat | ||
|
2022-10-12 02:00:00 | Why CISO roles require business and technology savvy (lien direct) | Of all the crazy postings that advertise for CISO jobs, the one asking for a CISO to code in Python was probably the most outrageous example of the disconnect about a CISO's role, says Joe Head, CISO search director at UK-based search firm, Intaso. This was a few years ago, and one can only guess that the role had been created by a technologist who didn't care about or didn't understand the business-or, inversely by a businessperson who didn't understand enough about technology.In either case, the disconnect is real. However, Head and other experts say that when it comes to achieving the true, executive role and reporting to the CEO and board, business skills rule. That doesn't mean, however, that most CISOs know nothing about technology, because most still start out with technology backgrounds.To read this article in full, please click here | |||
|
2022-10-12 02:00:00 | Top considerations when choosing a multi-factor authentication solution (lien direct) | Passwords clearly are not enough to protect networks. Any security guidance will tell you that multi-factor authentication (MFA) is a key method to keep attackers out. But what type of MFA should your firm deploy? Choosing multi-factor tokens and tools depends on your firm, your needs, and how attackers are likely to target your firm. Planning ahead will minimize deployment and migration issues when new tokens or new phones are issued.These are the most important considerations when choosing an MFA solution.Know what the MFA solution will and will not protect You have several decisions to make when deciding what MFA tool to use. First, review how the tool protects your network. Often when adding MFA to existing on-premises applications, it may not fully protect your organization from some attacks. Case in point is the recent Exchange Server zero-day attack. MFA in this situation did not protect servers. At least one victim used on-premises Exchange Server with a third-party MFA application. While it protected parts of the authentication process, it did not protect Outlook Web Access (OWA), which uses basic authentication. MFA didn't protect that part of the site, so the attackers could go around MFA and attack the servers. Consider exactly what the MFA solution you choose protects, then review what authentication processes are still exposed.To read this article in full, please click here | Tool | ||
|
2022-10-11 14:04:00 | Researchers extract master encryption key from Siemens PLCs (lien direct) | Security researchers have found a way to extract a global encryption key that was hardcoded in the CPUs of several Siemens programmable logic controller (PLC) product lines, allowing them to compromise their secure communications and authentication. Siemens advises all customers to upgrade both the firmware of the impacted devices as well as the TIA Portal software that engineers use to communicate with them and deploy their programs.According to security researchers from Claroty, Siemens introduced asymmetric cryptography to its SIMATIC S7-1200/1500 PLC CPUs almost a decade ago to protect their configuration, programs, and communications. However, the company chose to do so by using a hardcoded global private key for all devices from those product families because back then dynamic key distribution and management was not a common practice and a potential burden for customers.To read this article in full, please click here | |||
|
2022-10-11 02:00:00 | How legacy tech impedes zero trust and what to do about it (lien direct) | As organizations embrace the zero-trust security model, legacy tech has created some roadblocks. In fact, replacing or rebuilding existing legacy infrastructures is the biggest challenge to implementing zero trust, according to a recent study.General Dynamics' 2022 Zero Trust Research Report surveyed 300 IT and program managers across US federal, civilian, and defense agencies, which are mandated to adopt a zero-trust model under a 2021 presidential executive order. The survey found that 58% of them listed the legacy tech challenge ahead of determining what set of technologies are needed (50%), lack of IT staff expertise (48%), and cost (46%).To read this article in full, please click here | |||
|
2022-10-10 07:17:00 | Endor Labs offers dependency management platform for open source software (lien direct) | Endor Labs came out of stealth on Monday and launched its Dependency Lifecycle Management Platform, designed to ensure end-to-end security for open source software (OSS). The software addresses three key things-helping engineers select better dependencies, helping organizations optimize their engineering, and helping them reduce vulnerability noise.The platform scans the source code and offers feedback to developers and security teams on what is potentially good and bad about the libraries. Based on this, developers can make better decisions on which dependencies or libraries to use, where to use them, and who should use them.To read this article in full, please click here | Vulnerability | ||
|
2022-10-10 02:00:00 | Secure web browsers for the enterprise compared: How to pick the right one (lien direct) | The web browser has long been the security sinkhole of enterprise infrastructure. While email is often cited as the most common entry point, malware often enters via the browser and is more difficult to prevent. Phishing, drive-by attacks, ransomware, SQL injections, man-in-the-middle (MitM), and other exploits all take advantage of the browser's creaky user interface and huge attack surface, and the gullibility of most end users.It is this last item -- humans -- that is the problem, and we need to be protected against ourselves. This is especially true as SaaS applications grow in usage, not to mention that every piece of hardware seems to come with a web server (and therefore a browser) to configure it. These use cases are aided and abetted by the increasing number of work-from-home staffers who depend on more browser-based apps, thanks to the pandemic.To read this article in full, please click here | Malware | ||
|
2022-10-07 07:42:00 | New cryptojacking campaign exploits OneDrive vulnerability (lien direct) | Cryptojacking is turning into a security nightmare for consumers and enterprises alike. Malicious actors have used a variety of techniques to install cryptojackers on victims' computers and in a new development, cybersecurity software maker Bitdefender has detected a cryptojacking campaign that uses a Microsoft OneDrive vulnerability to gain persistence and run undetected on infected devices.Between May 1 and July 1, Bitdefender detected about 700 users who were affected by the campaign. The campaign uses four cryptocurrency mining algorithms-Ethash, Etchash, Ton and XMR- making an average of $13 worth of cryptocurrency per infected computer, Bitdefender reported this week.To read this article in full, please click here | Vulnerability | ||
|
2022-10-07 07:01:00 | BrandPost: Why a Risk-Based Cybersecurity Strategy is the Way to Go (lien direct) | Business leaders spend most of their time conducting risk/reward analyses of virtually every decision they make. Will expanding the sales staff generate enough profit to more than pay for the added costs? Can our new product launch hit the market before the competitors shift their own strategies? Do we know enough about the geopolitical climate in a new market to justify the added costs and hassles in compliance and governance? Cybersecurity is another critical area where risk must be constantly assessed. The risk of unanticipated service interruptions-not to mention the many direct and indirect costs of data loss-is substantial. Virtually everything an organization does today-from billing customers and creating marketing programs to answering police calls and ensuring the cleanliness of waterways-is digitized. Add in the new reality of entirely new classes of digital endpoints and you can see that hackers have more opportunity than ever to wreak havoc.To read this article in full, please click here | Guideline | ||
|
2022-10-07 02:00:00 | 3 actions Latin American leaders must take to reduce risk of cyberattacks (lien direct) | We have witnessed increased cyberattacks on the Latin American region in recent days. Mexico's President Obrador confirmed that its government has suffered what is perhaps a sensitive attack on its intelligence and armed forces. Chilean Armed Forces suffered a similar attack and its judiciary system was also compromised. The Colombian National Institute for Drug and Food Surveillance (INVIMA) was also attacked. Moreover, there was an attempt to breach systems at the Ministry of Health of Costa Rica, a country that was the victim of a large ransomware attack this year.To read this article in full, please click here | Ransomware Guideline | ||
|
2022-10-06 13:16:00 | Guilty verdict in the Uber breach case makes personal liability real for CISOs (lien direct) | Yesterday, a federal jury handed down a guilty verdict to Joe Sullivan, the former CSO on charges of “obstruction of the proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of a 2016 hack at Uber” according to a notice published by the Department of Justice (DOJ).US Attorney Stephanie Hinds, upon learning of the verdict, admonished companies that are storing data as to their responsibility to also “protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught. We will not tolerate the concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users. Where such conduct violates the federal law, it will be prosecuted.”To read this article in full, please click here | Data Breach Hack | Uber Uber | |
|
2022-10-06 11:13:00 | TransUnion taps behavioral analytics to aid fraud detection, curb false positives (lien direct) | Consumers who have used a credit card for a legitimate purchase only to have the sale rejected may be encountering a problem that costs enterprises billions of dollars a year: cybersecurity technology that is designed for fraud detection often ends up generating false positives, incorrectly sending out an alert that a transaction is suspicious.To combat this problem, US-based consumer credit reporting agency TransUnion has launched TruValidate Device Risk with Behavioral Analytics, designed to reduce fraud while also eliminating false positives in financial transactions.To read this article in full, please click here | |||
|
2022-10-06 10:34:00 | BrandPost: Overcoming Cybersecurity Implementation Challenges (lien direct) | Cybersecurity has long been one of the most complex landscapes an organization must navigate; with each new threat or vulnerability, complexity continues to grow. This is especially true for organizations that have traditionally taken a point product approach to their security because implementing new security measures properly and reliably takes time and expertise. Today, as more businesses look to digitize their services, dealing with these cybersecurity challenges is no longer optional.Every new tool must be installed, tested, and validated, and then people must be trained to leverage them well. On average, organizations are adopting dozens of different products, services, and tools for their cybersecurity. So, finding ways to make implementing cybersecurity smoother, faster, and more efficient has become a key goal for cybersecurity professionals. As businesses plan for a post-pandemic and digitally accelerated era, many CISOs across multiple industries strive for simplicity and focus on reducing their security vendor blueprint as part of their annual KPIs. Implementation, in particular, has always been an important consideration for successful cybersecurity programs because of the time, expense, personnel, and expertise often required not only to implement individual point products but to stitch them together in order to avoid security gaps while also eliminating redundancies. In the event of a serious incident, security operations center (SOC) analysts typically confess to switching between multiple vendor consoles and event types in order to decipher alerts. Organizations and teams need a better approach, so they're not either continually exposed or overworked from the alerts created by overlap.To read this article in full, please click here | Tool Threat | ||
|
2022-10-06 05:00:00 | Dashlane launches new Dark Web Insights tool, MFA authenticator app, small biz Starter plan (lien direct) | Password manager vendor Dashlane has announced updates to its suite of enterprise offerings. These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses. The firm has also introduced new live phone support service whereby users can request and book a call directly with Dashlane's support team.Breached employee credentials on dark web pose significant threat to businesses In a press release, Dashlane stated that its new Dark Web Insights tool “continuously scans” more than 20 billion records attached to hacks or data breaches on the dark web, providing users with a bespoke breakdown of compromised passwords across their organization. Dark Web Insights also provides admins the ability to scan their organization for incidences of breached credentials and invite non-Dashlane using, breached employees to begin using Dashlane through built-in seat provisioning. The firm said that, by pairing this alert function with the ability to generate new, random, and unique passwords, admins can take action quickly once alerted about compromised credentials.To read this article in full, please click here | Tool Threat | ★★★ | |
|
2022-10-06 02:00:00 | 5 reasons why security operations are getting harder (lien direct) | Recent ESG research reveals that 52% of security professionals believe security operations are more difficult today than they were two years ago. Why? Security operations center (SOC) teams point to issues such as: A rapidly evolving and changing threat landscape: Forty-one percent of security professionals find it difficult to understand and counteract modern threats like ransomware or supply chain attacks and then build this knowledge into a comprehensive security operations program. Most react to threats and indicators of compromise (IoCs) rather than study cyber-adversaries and plan ahead. A growing attack surface: This issue came up with 39% of respondents, but attack surface challenges are no surprise. Other ESG research indicates that the attack surface is growing at two-thirds (67%) of organizations, driven by third-party IT connections, support for remote workers, increased public cloud usage, and adoption of SaaS applications. A growing attack surface means more work, vulnerabilities, and blind spots for SOC teams. Little wonder then why 69% of organizations admit to a cyber-incident emanating from an unknown, unmanaged, or poorly managed internet-facing asset. The volume and complexity of security alerts: We've all heard about “alert storms” and “alert fatigue.” Based on the ESG data, these conditions aren't just marketing hype, as 37% of SOC teams say that alert volume and complexity is making security operations more difficult. It's easy to understand this one: Imagine viewing, triaging, prioritizing, and investigating a constant barrage of amorphous security alerts from a variety of different detection tools and you'll get the picture. Seems overwhelming but that's the reality for level 1 SOC analysts at many organizations. Public cloud usage: Beyond just expanding the attack surface, more than one-third (34%) say that security operations are more difficult as a direct result of growing use of the public cloud. This is not just a numbers game. Securing cloud workloads is difficult due to multi-cloud deployment, ephemeral cloud instances, and developer use of new cloud services that security teams may be unfamiliar with. Chasing cloud evolution and associated software developer whims has become part of the job. Keeping up with the care and feeding of security technologies: More than half (54%) of organizations use more than 26 different commercial, homegrown, or open-source tools for security operations. The burden of managing and maintaining all these disparate technologies alone can be difficult. This is one reason why many firms are replacing on-site security tools with cloud-based alternatives. Growing scale complicates security operations In analyzing this data, it's easy to see a common theme across these different responses – scale. Everything is growing – threats, IT, alerts, tools, everything. The research illustrates the fact that we don't have the people, processes, or technologies to keep up with these scaling needs.To read this article in full, please click here | Ransomware Threat | ||
|
2022-10-06 02:00:00 | US CISA reaches a new maturity level with its comprehensive strategic plan (lien direct) | On November 16, 2018, the awkwardly named National Protection and Programs Directorate (NPPD) at the US Department of Homeland Security (DHS) emerged as a full-fledged agency called the Cybersecurity and Infrastructure Security Agency (CISA). Since then, CISA has been the federal government agency for bolstering cybersecurity and infrastructure protection across the federal government and setting the example for the private sector to follow suit.Under the auspices of its first director, Chris Krebs, and current director, Jen Easterly, CISA has tackled many serious cybersecurity problems, from supply chain infections to crippling ransomware attacks. Last month, CISA took a significant step forward to achieving its goals by releasing its first comprehensive strategic plan, an overarching agenda of priorities for 2023 to 2025. (CISA did release in 2019 a “strategic intent” document, upon which the strategic plan builds.)To read this article in full, please click here | Ransomware | ||
|
2022-10-05 13:02:00 | BrandPost: Executive Briefing: Unit 42 Cloud Threat Report (lien direct) | The key headline of the latest Unit 42 Cloud Threat Report isn't about the most sophisticated attacks. It's that nearly all organizations we analyzed lack the proper controls to keep their cloud resources secure.The term for this in cloud security is identity and access management (IAM), and it refers to the policies that define who has permission to do what in a cloud environment. A fundamental best practice for policies like this is to apply least privilege access – ensuring that each user or group has the minimum access required to perform necessary functions. This helps minimize the damage an attacker can do in the event of a compromise as the attacker will only gain access to the limited information and capabilities of that one compromised cloud resource.To read this article in full, please click here | Threat | ||
|
2022-10-05 12:50:00 | BrandPost: What it Takes to Make Industry 4.0 a Reality (lien direct) | Industry 4.0 has vast potential to transform what factories can do. Manufacturing can be faster, more data-driven, more responsive to the needs of workers and customers, and more powered by innovations such as artificial intelligence, internet of things, digital supply chains, and blockchain. While the possibilities of Industry 4.0 are extraordinary-and realizing them is seemingly just within our reach-there are still obstacles to overcome before we can feel truly comfortable making them a reality.Where I see the biggest dissonance today is in how companies are allowing both IT and the manufacturing groups to exist inside their organizations. Traditionally, the value of IT in the manufacturing industry has been to provide the factory floor with the resources they need, and then to stay out of the way. And in the past, that was really the best approach, because the controls that IT needs-particularly for security-typically aren't conducive to maintaining an efficient and optimized factory environment.To read this article in full, please click here | |||
|
2022-10-05 12:15:00 | North Korea\'s Lazarus group uses vulnerable Dell driver to blind security solutions (lien direct) | The notorious North Korean state-sponsored hacker group Lazarus has begun exploiting a known vulnerability in an OEM driver developed by Dell to evade detection by security solutions. This is a prime example of why it's important to always keep third-party PC manufacturer software, which is often neglected, up to date, as well as to add vulnerable versions to blocklists.“The most notable tool delivered by the attackers was a user-mode module that gained the ability to read and write kernel memory due to the CVE-2021-21551 vulnerability in a legitimate Dell driver,” security researchers from antivirus firm ESET said in a recent report. “This is the first ever recorded abuse of this vulnerability in the wild. The attackers then used their kernel memory write access to disable seven mechanisms the Windows operating system offers to monitor its actions, like registry, file system, process creation, event tracing etc., basically blinding security solutions in a very generic and robust way.”To read this article in full, please click here | Tool Vulnerability | APT 38 | |
|
2022-10-05 11:23:00 | BrandPost: Availability, Performance, and Security, Oh My! (lien direct) | In a recent survey of 200 health care CEOs, it was revealed that at the beginning of the COVID-19 pandemic, 62% of respondents' organizations were executing digital transformations. However, as in so many other enterprises, nearly all the respondents (97%) indicated that the effects of the pandemic also accelerated their digital transformation projects. Private data centers, co-locations, public data centers, software-as-a-service (SaaS), and unified communications as a service (UCaaS) are all valuable options for healthcare IT organizations as they navigate the ever-changing demands for delivering innovative applications and services that impact patient care. To read this article in full, please click here | |||
|
2022-10-05 09:01:00 | BrandPost: Zero Trust is Not a SKU – It\'s a Journey Well Worth Undertaking (lien direct) | Zero trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren't even security products - are saying they enable zero trust. This is particularly prevalent in the marketing of multi-factor authentication (MFA) platforms and endpoint protection (EPP)/endpoint detection and response (EDR) point solutions, but it's by no means limited to them.The problem is this: you cannot buy zero trust.Zero trust is an approach, an architecture, and a journey, not software, hardware, or a service to deploy. And it's popular because zero trust hardens security by denying access by default and only allowing access according to policies based on the Principal of Least Privilege. If there is a breach, micro-segmentation prevents threats from moving laterally across the network, containing the damage and minimizing the blast radius. Zero Trust also allows companies to explore retiring large parts of their existing traditional network and infrastructure in favor of more commodity (read: less expensive) solutions such as public internet links vs. MPLS circuits. It also improves productivity, because when properly implemented, accessing digital assets is frictionless in zero trust, so long as one is authorized to do so.To read this article in full, please click here | |||
|
2022-10-05 02:00:00 | The astronomical costs of an asset disposal program gone wrong (lien direct) | Every entity should have an information technology asset disposal (ITAD) program as part of its information security process and procedure. Indeed, every time an IT asset is purchased, the eventual disposal of that asset should already be defined within an ITAD. When one doesn't exist, data becomes exposed, compromises occur, and in many cases, fines are levied. Such was the case with Morgan Stanley Smith Barney (MSSB), which continues to feel the repercussions of their ITAD's failure over the past several years, which has now resulted in $155 million USD in fines and penalties.On September 20, 2022, the Securities and Exchange Commission (SEC) reached a settlement agreement in which MSSB paid a $35 million USD penalty for the improper disposal of devices containing MSSB customer persona identifying information (PII).To read this article in full, please click here | |||
|
2022-10-05 02:00:00 | Cyber insurance explained: What it covers and why prices continue to rise (lien direct) | Cyber insurance definition Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is a policy with an insurance carrier to mitigate risk exposure by offsetting costs involved with damages and recovery after a cyber-related security breach or similar event.What does a cyber insurance policy cover? Cyber insurance policies are becoming more diverse as the market matures, and the finer details regarding what one policy may cover can be somewhat different to another, depending on several factors. Nonetheless, Lori Bailey, chief insurance officer at commercial insurance provider Corvus, tells CSO that there are general commonalities across most cyber insurance policies:To read this article in full, please click here | |||
|
2022-10-04 13:31:00 | Aryaka rolls out cloud-based web gateway for SASE-focused WAN offering (lien direct) | Aryaka's Secure Web Gateway and Firewall-as-a-Service adds cloud-based security services to its Zero Trust WAN platform, as it moves toward providing SASE capabilities for its users. |
To see everything:
Our RSS (filtrered)
