What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-16 03:08:00 | BEC groups are using Google Translate to target high value victims (lien direct) | Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide. The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish, the researchers noted.While attacking targets across various regions and using multiple languages is not new, in the past, these attacks were perpetrated mainly by sophisticated organizations with bigger budgets and more advanced resources, Crane Hassold, director of Threat Intelligence at Abnormal Security, wrote in his research. To read this article in full, please click here | Threat | ★★ | |
|
2023-02-14 09:36:00 | (Déjà vu) BrandPost: Protection Groups within NETSCOUT\'s Omnis Cyber Intelligence secure your most valuable assets. (lien direct) | When using any security tool, it is vitally important for it to help you to find a threat quickly. For most tools, there is a learning curve before you can use the tool effectively, as well as a period during which the tool is tuned for the specific environment in which it is installed. In an ideal world, these processes would take a short period of time to complete, and the tool would then be effective in finding security issues on the installed network. In reality, this is an ongoing process, with the user continually learning how to operate the tool more effectively and tuning it to better detect threats.NETSCOUT's Omnis Cyber Intelligence (OCI) product helps to streamline the tuning process by providing many ways to categorize systems on your network. One of these ways is the idea of a protection group.To read this article in full, please click here | Tool Threat | ★ | |
|
2023-02-14 09:36:00 | BrandPost: A Faster, Better Way to Detect Network Threats (lien direct) | When using any security tool, it is vitally important for it to help you to find a threat quickly. For most tools, there is a learning curve before you can use the tool effectively, as well as a period during which the tool is tuned for the specific environment in which it is installed. In an ideal world, these processes would take a short period of time to complete, and the tool would then be effective in finding security issues on the installed network. In reality, this is an ongoing process, with the user continually learning how to operate the tool more effectively and tuning it to better detect threats.NETSCOUT's Omnis Cyber Intelligence (OCI) product helps to streamline the tuning process by providing many ways to categorize systems on your network. One of these ways is the idea of a protection group.To read this article in full, please click here | Tool Threat | ★ | |
|
2023-02-14 04:04:00 | Pepsi Bottling Ventures suffers data breach (lien direct) | Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees.The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees. “As a precautionary measure, we are writing to make you aware of an incident that may affect the security of some of your personal information,” the company wrote in its incident report. It said that as of now it is not aware of any kind of identity theft or fraud involving the leaked personal data. To read this article in full, please click here | Data Breach Threat | ★ | |
|
2023-02-09 13:24:00 | BrandPost: Security Trends to Watch in 2023 (lien direct) | It's that time of year again when many of your favorite security professionals and vendors roll out their predictions for the coming year. Although not all of us have clairvoyant abilities, seasoned pros can spot a trend early and inform the rest of us before we're caught off guard. Because adversaries continually adapt and change, security practitioners must also adapt their thinking, understanding, and defenses to combat innovation by using tools such as threat intelligence, threat hunting, and proactive suppression. In this spirit, we have identified a few trends to look out for before it's too late. Geopolitical unrest Although distributed denial-of-service (DDoS) attacks have steadily increased over the past 20 years, recent data firmly establishes the reality that network operators need to understand, prepare for, and expect attacks related to politics, religion, and ideology. Nation-state actors often directly target internet infrastructure to take out critical communications, e-commerce, and other vital infrastructure dependent on internet connectivity. This, of course, means targeting internet service provider (ISP) networks to hobble internet connectivity.To read this article in full, please click here | Threat Prediction | ★ | |
|
2023-02-09 02:00:00 | Yes, CISOs should be concerned about the types of data spy balloons can intercept (lien direct) | The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may write this off as geopolitical shenanigans by China and nothing to fret about, I submit that it is emblematic of a nation-state using all resources available to acquire pieces of information and fill in the blanks on the mosaic they are building about a potential adversarial nation.The physical threat posed by this balloon and the collection platform that dangled below it was negligible unless the balloon fell from the sky and landed in a populated area. It did not. When it met its demise, it was shot down by a US F-22 Raptor and fell into US territorial waters off the coast of South Carolina.To read this article in full, please click here | Threat | ★★ | |
|
2023-02-08 11:13:00 | Threat group targets over 1,000 companies with screenshotting and infostealing malware (lien direct) | Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of infected computers.Tracked as TA866 by researchers from security firm Proofpoint, the group's tooling seems to have similarities to other campaigns reported in the past under different names going as far back as 2019. Even though this latest activity appears to be financially motivated, some of the possibly related attacks seen in the past suggest that espionage was also a motivation at the time.To read this article in full, please click here | Malware Threat | ★★★ | |
|
2023-02-06 12:53:00 | BrandPost: Building the Path to Cyber Resilience: Exploring the Microsoft Digital Defense Report (lien direct) | By Microsoft SecurityThe annual Microsoft Digital Defense Report aggregates security data from organizations and consumers across the cloud, endpoints, and the intelligent edge to create a high-level overview of our threat landscape. With insights derived from 43 trillion daily security signals, companies can use this report to strengthen their cyber defenses against the most pressing threats.This year, the report is divided into five sections covering trends in cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. Keep reading for an inside look at section five of the report on cyber resiliency.To read this article in full, please click here | Threat | ★ | |
|
2023-02-06 06:43:00 | BrandPost: Tackling Cyber Influence Operations: Exploring the Microsoft Digital Defense Report (lien direct) | By Microsoft SecurityEach year, Microsoft uses intelligence gained from trillions of daily security signals to create the Microsoft Digital Defense Report. Organizations can use this tool to understand their most pressing cyber threats and strengthen their cyber defenses to withstand an evolving digital threat landscape.Comprised of security data from organizations and consumers across the cloud, endpoints, and the intelligent edge, the Microsoft Digital Defense Report covers key insights across cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. Keep reading to explore section four of the report: cyber-influence operations.To read this article in full, please click here | Tool Threat | ★ | |
|
2023-02-06 05:27:00 | Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition (lien direct) | Cyber insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022.The predictions are a part of the company's Cyber Threat Index, which was compiled using data gathered by the company's active risk management and reduction technology, combining data from underwriting and claims, internet scans, its global network of honeypot sensors, and scanning over 5.2 billion IP addresses.To read this article in full, please click here | Threat | ★★ | |
|
2023-02-06 04:39:00 | Microsoft attributes Charlie Hebdo attacks to Iranian nation-state threat group (lien direct) | Microsoft's Digital Threat Analysis Center (DTAC) has attributed a recent influence operation targeting the satirical French magazine Charlie Hebdo to an Iranian nation-state actor. Microsoft dubbed the threat group, which calls itself Holy Souls, NEPTUNIUM. It has also been identified as Emennet Pasargad by the US Department of Justice.In January, the group claimed to have obtained the personal information of more than 200,000 Charlie Hebdo customers after access to a database, which Microsoft believes was in response to a cartoon contest conducted by the magazine. The information included a spreadsheet detailing the full names, telephone numbers, and home and email addresses of accounts that had subscribed to, or purchased merchandise from, the publication.To read this article in full, please click here | Threat | ★★ | |
|
2023-02-02 01:00:00 | APT groups use ransomware TTPs as cover for intelligence gathering and sabotage (lien direct) | State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea's Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.At the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that traditionally targeted Israeli companies started going after their foreign subsidiaries. At least one North Korean group that was focused on South Korea and Russia has started using English in its operations. All these operational changes suggest organizations and companies from Western countries are at increased risk from APT activity.To read this article in full, please click here | Ransomware Threat Medical | APT 38 | ★★ |
|
2023-02-01 15:21:00 | BrandPost: Nation-State Threats and the Rise of Cyber Mercenaries: Exploring the Microsoft Digital Defense Report (lien direct) | To illuminate the evolving digital threat landscape and help the cyber community understand today's most pressing threats, we released our annual Microsoft Digital Defense Report. This year's report focuses on five key topics: cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. With intelligence from 43 trillion daily security signals, organizations can leverage the findings presented in this report to strengthen their cyber defenses.To read this article in full, please click here | Threat | ★ | |
|
2023-01-31 07:41:00 | Guardz debuts with cybersecurity-as-a-service for small businesses (lien direct) | Guardz, a Tel Aviv-based startup promising a broad range of out-of-the-box cybersecurity solutions for small and medium-size businesses (SMBs), has announced both a successful $10 million round of seed funding and the broad availability of its flagship product.The premise of the company's main offering is tight API integration with Microsoft 365 and Google Workspace. Guardz automatically enrolls all user accounts upon activation, and monitors risk posture, performs threat detection on all monitored accounts and devices, and offers one-click remediation for some threats.To read this article in full, please click here | Threat | ★★ | |
|
2023-01-31 04:02:00 | Threat actors abuse Microsoft\'s “verified publisher” status to exploit OAuth privileges (lien direct) | Researchers from cybersecurity firm Proofpoint claim to have discovered a new threat campaign involving malicious third-party OAuth apps that are used to infiltrate organizations' cloud environments. According to a blog on the company's website, threat actors satisfied Microsoft's requirements for third-party OAuth apps by abusing the Microsoft “verified publisher” status, employing brand abuse, app impersonation and other social engineering tactics to lure users into authorizing malicious apps.To read this article in full, please click here | Threat | ★★★ | |
|
2023-01-25 04:31:00 | Chinese threat actor DragonSpark targets East Asian businesses (lien direct) | Organizations in Taiwan, HongKong, Singapore and China have been recently facing attacks from a Chinese threat actor DragonSpark. The threat actor was observed using open source tool SparkRAT for its attacks, according to a report by SentinelOne. SparkRAT is multi-platform, feature-rich, and frequently updated with new features, making the Remote Access Trojan (RAT) attractive to threat actors.To read this article in full, please click here | Tool Threat | ★★ | |
|
2023-01-24 07:36:00 | P-to-P fraud most concerning cyber threat in 2023: CSI (lien direct) | US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023.It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%). Industry respondents also expressed concerns over identity theft at 4%, unavailable or unaffordable cyber insurance at 4%, geopolitical risks at 3%, DDoS attacks at 2% and website defacement at 0.9%, according to CSI's annual survey of the financial sector. It received responses from 228 banking executives, 171 of them at vice-president level or above. To read this article in full, please click here | Ransomware Threat | ★★ | |
|
2023-01-24 07:21:00 | BrandPost: 3 Critical Firewall Attributes for Today\'s Network (lien direct) | Corporate networks have become increasingly complex with the adoption of public and private clouds, as well as edge deployments. This complexity has been intensified now that employees are working both onsite and remotely; network teams must pay greater attention to securing data and application traffic while also ensuring a consistent user experience.In addition to complex IT environments and hybrid workforces, many organizations are dealing with a heightened cybersecurity threat landscape that requires constant vigilance, as well as management to keep up with evolving security-related regulations. In response to massive global attacks, businesses have rightly ramped up security protections such as using greater encryption controls - which can inadvertently slow network traffic.To read this article in full, please click here | Threat | ★★ | |
|
2023-01-24 02:00:00 | Skyhawk launches platform to provide threat detection and response across multi-cloud environments (lien direct) | Cloud threat detection vendor Skyhawk Security has released a platform designed to address alert fatigue that provides cloud detection and response (CDR) across multi-cloud environments, the company said Tuesday in a statement. The company says the Synthesis platform is being released on a “freemium” basis-the base version is available at no cost, but supplement features can be purchased.Skyhawk claims the platform improves upon products focused on identifying numerous static cloud security misconfigurations by employing machine learning (ML) to find correlated sequences of high-priority runtime events and identify paths of least resistance that are exploited to compromise cloud infrastructure.To read this article in full, please click here | Threat | ★★ | |
|
2023-01-19 07:59:00 | BrandPost: Not If, But When: Maintaining Resilience as Threat Actors Adapt (lien direct) | Talos recently published its inaugural 2022 Year-in-Review report. We gathered insight from dozens of subject matter experts all throughout Cisco to tell a data-driven story about the major security events Cisco responded to, trends in the threat landscape, and what it all means for 2023.As we reviewed the major events from this year, one throughline seemed particularly clear: adversaries are adapting to shifts in the geopolitical landscape, actions from law enforcement, and the efforts of defenders. Organizations, IT leaders, and security professionals will need to track and address these shifts in behavior to maintain resilience.To read this article in full, please click here | Threat Guideline | ★★ | |
|
2023-01-19 04:27:00 | Chinese hackers targeted Iranian government entities for months: Report (lien direct) | Chinese advanced persistent threat actor, Playful Taurus, targeted several Iranian government entities between July and December 2022, according to a Palo Alto Networks report. The Chinese threat actor also known as APT15, KeChang, NICKEL, BackdoorDiplomacy, and Vixen Panda, was observed attempting to connect government domains to malware infrastructure previously associated with the APT group, according to the report.“Playful Taurus continues to evolve their tactics and their tooling. Recent upgrades to the Turian backdoor and new C2 infrastructure suggest that these actors continue to see success during their cyber espionage campaigns,” Palo Alto Networks said in a blog. To read this article in full, please click here | Malware Threat | APT 15 APT 25 | ★★★ |
|
2023-01-18 12:27:00 | BrandPost: The State of Cybercrime In 2022: Exploring the Microsoft Digital Defense Report (lien direct) | Microsoft has worked to illuminate the evolving digital threat landscape with in-depth security reports for more than 15 years. Our mission first began with the Microsoft Security Intelligence Report, which ran from 2005 to 2018. It has since evolved into the Microsoft Digital Defense Report, which was first released in 2020. This latest edition explores the most pressing cyber threats while also providing insight and guidance on how organizations can strengthen their cyber defenses.To read this article in full, please click here | Threat | ★★★★ | |
|
2023-01-18 06:00:00 | Trustwave relaunches Advanced Continual Threat Hunting with human-led methodology (lien direct) | Cybersecurity vendor Trustwave has announced the relaunch of its Advanced Continual Threat Hunting platform with new, patent-pending human-led threat hunting methodology. The firm claimed the enhancement will allow its SpiderLabs threat hunting teams to conduct increased human-led threat hunts and discover more behavior-based findings that could go undetected by traditional endpoint detection and response (EDR) tools.New method hunts for behaviors associated with known threat actors In a press release, Trustwave stated that its security teams regularly perform advanced threat hunting to study the tactics, techniques, and procedures (TTPs) of sophisticated threat actors. Trustwave's new intellectual property (IP) goes beyond indicators of compromise (IoC) to uncover new or unknown threats by hunting for indicators of behavior (IoB) associated with specific attackers.To read this article in full, please click here | Threat | ★★ | |
|
2023-01-18 06:00:00 | Perception Point launches Advanced Threat Protection for Zendesk (lien direct) | Threat protection company Perception Point has launched Advanced Threat Protection for Zendesk to provide detection and remediation services for Zendesk customers. Perception Point said that customers can now protect customer service software Zendesk a single, consolidated platform alongside their email, web browsers and other cloud collaboration apps. Advanced Threat Protection for Zendesk has been built to help secure vulnerable help desks and customer support teams from external threats such as malicious content within tickets, the firm stated.Help desk, customer service teams key attack targets In organizations, help desk and customer support staff often have access to workstations, mobile devices, routers, and servers, as well as the complete digital workplace system and the data associated with it. They also typically communicate regularly with people outside of the organization. These factors make them attractive attack targets and particularly vulnerable to external threats originating from malicious content. Content uploaded externally can potentially be used as a vehicle for cyberattacks, allowing malicious payloads to enter an organization's system, Perception Point noted in its announcement.To read this article in full, please click here | Threat | ★★ | |
|
2023-01-12 10:00:00 | BrandPost: How Financial Institutions Can SOAR to Success with Devo SOAR (lien direct) | According to the 2022 IBM Cost of a Data Breach Report, the global average cost of a data breach is $4.35 million. Data breaches in the US are even more costly, averaging over $9 million. However, it isn't just the big players caught in the line of fire. IBM's report also found that 83% of companies will experience a data breach soon, meaning financial institutions of all sizes - from local credit unions to Fortune 500s - are at risk. While ransomware attacks get the most time in the financial headlines, most breaches aren't caused by external factors or threat actors. The majority of system availability problems actually occur due to a lack of staff knowledge and protective protocols, software issues and limited security visibility across the institution. However, “more visibility” is not synonymous with “seeing more alerts.” In fact, the opposite is true. Keep reading to see how Devo SOAR helped a leading US bank streamline its SOC.To read this article in full, please click here | Ransomware Data Breach Threat Guideline | ★★ | |
|
2023-01-10 09:48:00 | BrandPost: The converging future of XDR and Threat Hunting (lien direct) | The cybersecurity challenge for organizations of all sizes continues to get more difficult. Complex threats and a growing cybersecurity skills gap is making life harder for often overworked IT teams. Without automation, they find it difficult to process and act on a steadily increasing flow of data and security alerts from across the network. As a result, many organizations are considering extended detection and response (XDR) tools to make better sense of incoming threat information. The market is projected to reach $2.36 billion by 2027, and small to mid-size enterprises are leading the way.To read this article in full, please click here | Threat Guideline | ★ | |
|
2023-01-10 08:14:00 | BrandPost: Cybercrime-as-a-Service, Ransomware Still on the Rise (lien direct) | Today, cybercrime-as-a-service is a lucrative and growing business model among criminals. Ransomware is still a massive threat to organizations. Demand for stolen credentials continues to grow. These are among the findings of the Sophos' 2023 Threat Report, which details how the cyberthreat landscape has changed due to an easier barrier of entry for criminal hopefuls.Threat researchers with Sophos say the expansion is due to the commoditization of “malware-as-a-service” and the sale of stolen credentials and other sensitive data. Today, nearly every aspect of the cybercrime toolkit - from initial infection to ways to avoid detection - is available for purchase on the dark web, say researchers. This thriving business selling what once would have been considered “advanced persistent threat” tools and tactics means any would-be criminal can buy their way into exploitation for profit.To read this article in full, please click here | Ransomware Threat | ★★ | |
|
2023-01-09 02:00:00 | 11 top XDR tools and how to evaluate them (lien direct) | Little in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat detection, possibly even automating aspects of threat mitigation. This need has given rise to extended detection and response (XDR) tools.What is XDR and what does it do? XDR is a relatively new class of security tool that combines and builds on the strongest elements of security incident and event management (SIEM), endpoint detection and response (EDR), and even security orchestration and response (SOAR). In fact, some XDR platforms listed here are the fusion of existing tools the vendor has offered for some time.To read this article in full, please click here | Tool Threat | ★★ | |
|
2022-12-28 02:00:00 | Log4Shell remains a big threat and a common cause for security breaches (lien direct) | The Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is expected to remain a popular target for some time to come. Its long-lasting impact highlights the major risks posed by flaws in transitive software dependencies and the need for enterprises to urgently adopt software composition analysis and secure supply chain management practicesLog4Shell, officially tracked as CVE-2021-44228, was discovered in December 2021 in Log4j, a widely popular open-source Java library that's used for logging. Initially disclosed as a zero-day, the project's developers quickly created a patch, but getting that patch widely adopted and deployed proved challenging because it relies on developers who used this component in their software to release their own updates.To read this article in full, please click here | Vulnerability Threat | ★★ | |
|
2022-12-20 07:32:00 | BrandPost: Managing Risk Would be Easier if It Weren\'t for People (lien direct) | Businesses are as much at risk from human error as from threat actors. Typos, configuration errors, and other human errors can lead to disaster on the same scale as any modern cyberthreat. Great technology defenses can only get you so far with managing risk.It is generally agreed upon that Zero Trust principles are a more effective approach to securing your organization than defense in depth (though they aren't mutually exclusive). This approach entails defining exactly what user or application has access to what resource, using a validation identity control, and continually validating that the behavior is acceptable. Nearly every organization has a progressive plan for deploying elements that achieve this depending on where they are on their adoption path. However, the technology side of the equation is discrete and primarily solvable. The challenge lies with the keyboard to monitor interface - the human.To read this article in full, please click here | Threat Guideline | ★ | |
|
2022-12-14 14:07:00 | Cuba ransomware group used Microsoft developer accounts to sign malicious drivers (lien direct) | Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. The driver certificates have been revoked and the drivers will be added to a blocklist that Windows users can optionally deploy."In most ransomware incidents, attackers kill the target's security software in an essential precursor step before deploying the ransomware itself," researchers from security firm Sophos said in a new report about the incident. "In recent attacks, some threat actors have turned to the use of Windows drivers to disable security products."To read this article in full, please click here | Ransomware Threat | ★★ | |
|
2022-12-13 15:57:00 | BrandPost: 3 Common DDoS Myths (lien direct) | There are several trends evident in the latest DDoS Threat Intelligence Report from NETSCOUT. These include adaptive distributed denial-of-service (DDoS), direct-path TCP-based DDoS, proliferation of botnets, sociopolitical fallout, and collateral damage. The thing these trends all have in common is they are designed to evade common DDoS defense measures and cause maximum harm to targets and others in their proximity. DDoS always attempts to disrupt, destabilize, and deny availability and often succeeds. The only thing that can prevent its success is a well-designed network with intelligent DDoS mitigation systems (IDMSs). For many organizations, common myths can lead to poor choices and overconfidence when it comes to properly architecting a solution.To read this article in full, please click here | Threat Guideline | ★★ | |
|
2022-12-13 12:37:00 | Palo Alto Networks flags top cyberthreats, offers new zero-day protections (lien direct) | Firewall and security software vendor Palo Alto Network's annual Ignite conference kicked off Tuesday, highlighted by several product announcements, which were unveiled alongside the company's latest threat report.Palo Alto's “What's Next in Cyber” report named ransomware and business email compromise as the most common attacks faced by businesses worldwide, with supply chain threats, malicious insiders and DDoS attacks rounding out the top five. Over the course of the past year, 96% of respondents to the company's executive survey said that they'd experienced at least one security breach, and over half said that they'd experienced three or more. Fully 84% said that they pin the responsibility for increased security incidents in the past year on the growing prevalence of remote work.To read this article in full, please click here | Threat | ★★ | |
|
2022-12-13 11:30:00 | BrandPost: Staying Cyber Safe This Holiday Season with Security Awareness Training (lien direct) | The holiday season is the most wonderful time of the year for cybercriminals. Threat adversaries inevitably have more opportunities to carry out targeted attacks as more people are online shopping and checking emails for coupons that could actually be phishing attacks.Well-staffed security teams using the right technologies can undoubtedly go a long way in protecting organizations against cybercrime. Still, the reality is that employees are an organization's first line of defense when it comes to halting bad actors. Cybersecurity is everyone's job, not just the responsibility of the security and IT teams.To read this article in full, please click here | Threat | ★★ | |
|
2022-12-08 05:35:00 | BrandPost: Want to Help Your Analysts? Embrace Automation and Outsourcing. (lien direct) | While the security tools we choose to invest in can undoubtedly make or break our success, one area we tend to focus less on is the human component of cybersecurity. Yet today, two-thirds of global leaders claim that the global skills shortage creates additional cyber risks for their organization, including 80% who reported experiencing at least one breach during the last 12 months that they attributed to the cybersecurity skills gap.The always-changing threat landscape, with fewer skilled people makes it nearly impossible to keep ahead of threats. That's why it's time to talk about the human element – specifically your Security Operations Center (SOC) analysts – and their role in your cybersecurity framework.To read this article in full, please click here | Threat Guideline | ★★ | |
|
2022-12-06 06:00:00 | Action1 launches threat actor filtering to block remote management platform abuse (lien direct) | Action1 has announced new AI-based threat actor filtering to detect and block abuse of its remote management platform. The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry out malicious activity. The release comes amid a trend of hackers misusing legitimate systems management platforms to deploy ransomware or steal data from corporate environments.Action1 platform enhanced to identify and terminate RMM abuse In an announcement, Action1 stated that the new enhancement helps ensure that any attempt at misuse of its remote management platform is identified and terminated before cybercriminals accomplish their goals. “It scans user activity for suspicious patterns of behavior, automatically suspends potentially malicious accounts, and alerts Action1's dedicated security team to investigate the issue,” it added.To read this article in full, please click here | Ransomware Tool Threat | ★★ | |
|
2022-12-06 02:00:00 | The changing role of the MITRE ATT@CK framework (lien direct) | Since its creation in 2013, the MITRE ATT&CK framework has been of interest to security operations professionals. In the early years, the security operations center (SOC) team used MITRE as a reference architecture, comparing alerts and threat intelligence nuggets with the taxonomy's breakdown of adversary tactics and techniques. Based on ESG research, MITRE ATT&CK usage has reached an inflection point. Security teams not only recognize its value as a security operations foundation but also want to build upon this foundation with more use cases and greater benefits.To read this article in full, please click here | Threat | ★★ | |
|
2022-12-05 02:00:00 | When blaming the user for a security breach is unfair – or just wrong (lien direct) | In his career in IT security leadership, Aaron de Montmorency has seen a lot - an employee phished on their first day by someone impersonating the CEO, an HR department head asked to change the company's direct deposit information by a bogus CFO, not to mention multichannel criminal engagement with threat actors attacking from social media to email to SMS text.In these cases, the users almost fell for it, but something didn't feel right. So, they manually verified by calling the executives who were being impersonated. De Montmorency, director of IT, security, and compliance with Tacoma, Washington-based Elevate Health, praises the instincts that stopped the attacks from causing financial or reputational damage. Yet, he contends that expecting users to be the frontline defense against rampant phishing, pharming, whaling, and other credential-based attacks increasingly taking place over out-of-band channels is a recipe for disaster.To read this article in full, please click here | Threat Guideline | ★★★ | |
|
2022-11-28 13:58:00 | BrandPost: Threat Notification Isn\'t the Solution – It\'s a Starting Point (lien direct) | Most organizations have the tools in place to receive notification of attacks or suspicious events. But taking the information gleaned from cybersecurity tools is only step one in handling a security threat.“The goal of a security practitioner is to link those data sets together and do something with the information,” says Mat Gangwer, VP of managed detection and response at Sophos. “The threat notification is just the beginning.”It's a common misconception that a tool has effectively blocked or remediated an issue simply because the IT or security team have received a notification of malicious activity.To read this article in full, please click here | Tool Threat | ★★ | |
|
2022-11-28 02:00:00 | Here is why you should have Cobalt Strike detection in place (lien direct) | Google recently released a list of YARA detection rules for malicious variants of the legitimate Cobalt Strike penetration testing framework that are being used by hackers in the wild. Cobalt Strike is a commercial attack framework designed for red teams that has also been adopted by many threat actors, from APT groups to ransomware gangs and other cybercriminals.Living off the land is a common tactic The abuse by attackers of system administration, forensic, or security tools that are either already installed on systems or can be easily deployed without raising suspicion has become extremely common. The use of this tactic, known as living off the land (LOTL), used to be a telltale sign of sophisticated cyberespionage groups who moved laterally through environments using manual hacking and placed great value on stealth.To read this article in full, please click here | Ransomware Threat | ★★★★ | |
|
2022-11-22 02:00:00 | Know thy enemy: thinking like a hacker can boost cybersecurity strategy (lien direct) | As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they're after.That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says. Or it could mean deliberately disorienting them by creating scenarios that don't match up to those expectations. “It's about how to drive defenses by knowing how the adversaries actually behave,” says Morovitz, who is also group leader for MITRE Engage, a cyber adversary engagement framework.To read this article in full, please click here | Hack Threat Guideline | ★★★ | |
|
2022-11-21 07:02:00 | Luna Moth callback phishing campaign leverages extortion without malware (lien direct) | Palo Alto's Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and are evolving their tactics over time. Unit 42 stated that the campaign has cost victims hundreds of thousands of dollars and is expanding in scope.Luna Moth removes malware portion of phishing callback attack Callback phishing – or telephone-oriented attack delivery (TOAD) – is a social engineering attack that requires a threat actor to interact with the target to accomplish their objectives. It is more resource intensive but less complex than script-based attacks and it tends to have a much higher success rate, Unit 42 wrote in a blog posting. Actors linked to the Conti ransomware group had success with this type of attack with the BazarCall campaign, which focused on tricking victims into downloading the BazarLoader malware. This malware element is synonymous with traditional callback phishing attacks. Interestingly, in this campaign, Luna Moth does away with the malware portion of the attack, instead using legitimate and trusted systems management tools to interact directly with a victim's computer to manually exfiltrate data for extortion. “As these tools are not malicious, they're not likely to be flagged by traditional antivirus products,” the researchers wrote.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-11-16 05:15:00 | Palo Alto releases PAN-OS 11.0 Nova with new evasive malware, injection attack protection (lien direct) | Palo Alto Networks has announced PAN-OS 11.0 Nova, the latest version of its PAN-OS software, featuring new product updates and features. These include the Advanced WildFire cloud-delivered security service to help protect against evasive malware and the Advanced Threat Prevention (ATP) service, which protects against injection attacks. The cybersecurity vendor also revealed new web proxy support and enhanced cloud access security broker (CASB) integration with new SaaS security posture management (SSPM) capabilities.In a press release, Anand Oswal, senior VP network security at Palo Alto Networks, said that the new version of Nova is now able to stop 26% more zero-day malware than traditional sandboxes and detect 60% more injection attacks. The updates are the latest in a series of security releases from Palo Alto in 2022.To read this article in full, please click here | Malware Threat | ||
|
2022-11-15 03:53:00 | Meta\'s new kill chain model tackles online threats (lien direct) | In April 2014, Lockheed Martin revolutionized the cyber defense business by publishing a seminal white paper Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. This document sparked a new wave of thinking about digital adversaries, specifically, nation-state advanced persistent threat groups (APTs).The authors of the paper argued that by leveraging the knowledge of how these adversaries operate, cyber defenders “can create an intelligence feedback loop, enabling defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt.” This so-called kill chain model could “describe phases of intrusions, mapping adversary kill chain indicators to defender courses of action, identifying patterns that link individual intrusions into broader campaigns, and understanding the iterative nature of intelligence gathering form the basis of intelligence-driven computer network defense.”To read this article in full, please click here | Threat | ★★ | |
|
2022-11-14 12:16:00 | BrandPost: Cybersecurity as a Service: What Is It? And Is It Right for Your Business? (lien direct) | With budgets tightening and security talent difficult to find, a growing number of organizations are taking a close look at Cybersecurity as a Service (CSaaS) – an outsourced model of managing risk on a pay-as-you-go basis.Managed security services are not new, but the CSaaS market has changed in recent years as data sharing and digital work systems have shifted. Organizations that may not have prioritized security are increasingly turning to outside specialists to meet their cybersecurity needs. Some of the services CSaaS provides include threat monitoring and detection and incident response.To read this article in full, please click here | Threat | ||
|
2022-11-10 10:14:00 | BrandPost: What is Top of Mind for CISOs Right Now (lien direct) | Every quarter, we interview CISOs and ask them what is top of mind and what trends or challenges they are experiencing in the threat landscape. From this, we create the CISO Insider - an actionable report that explores the top three issues that are most relevant in today's threat landscape. This quarter, we're exploring rising ransomware rates, the need for increased automation and better tools to empower security teams to do more with limited resources, and the opportunity for extended detection and response (XDR) to help rapidly address emergent threats.Keep reading to learn what steps CISOs are taking to protect against these threats and how you can apply that guidance to your own operations. For even more information, download the full CISO Insider report.To read this article in full, please click here | Ransomware Threat | ||
|
2022-11-08 07:46:00 | BrandPost: 4 Reasons SMBs Should Consider an MSP for Threat Hunting (lien direct) | In today's complex, ever-changing cybersecurity landscape, organizations need a strong, layered defense that spans everything from endpoints to the network core. Sometimes, however, that's not enough. Cybercriminals continuously evolve their strategies and tactics and can evade detection by even well-constructed defenses. But if attackers have already penetrated your network, how can you find them?Threat hunting is a human-led activity that supplements your existing defensive measures. Put simply, threat hunters start by assuming your network has already been breached. By monitoring everyday activities across your network and investigating possible anomalies, threat hunters seek to find any yet-to-be-discovered malicious activities that could lead to a full-blown breach or uncover unaddressed vulnerabilities in your security posture.To read this article in full, please click here | Threat Guideline | ||
|
2022-11-04 09:56:00 | Geopolitics plays major role in cyberattacks, says EU cybersecurity agency (lien direct) | The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report. The report-this year titled Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape-notes that in general, geopolitical situations continue to have a high impact on cybersecurity.To read this article in full, please click here | Threat | ||
|
2022-11-03 04:22:00 | White House ransomware summit highlights need for borderless solutions (lien direct) | The US White House this week convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021. At a press briefing before the Summit, a White House spokesperson said, "While the United States is facilitating this meeting, we don't view this solely as a US initiative. It's an international partnership that spans most of the world's time zones, and it really reflects the threat that criminals and cyberattacks bring.”To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-11-03 02:00:00 | Making the case for security operation automation (lien direct) | According to ESG research, 52% of organizations believe that security operations are more difficult today than they were two years ago, due to factors such as the dangerous threat landscape, growing attack surface, and the volume/complexity of security alerts. In analyzing this data, I see a common theme: scale. Security teams must be able to scale operations to deal with the increasing volume of everything coming at them. Faced with a global cybersecurity skills shortage, CISOs need alternatives to hiring their way out of this quagmire.To read this article in full, please click here | Threat |
To see everything:
Our RSS (filtrered)
