What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-02 02:00:00 | Netacea launches malicious bot intelligence service to help customers tackle threats (lien direct) | Cybersecurity vendor Netacea has announced the launch of a new Business Logic Intelligence Service (BLIS) designed to give customers actionable insight to help them tackle malicious bot activity and security threats. The firm said that the tiered, fee-based service will provide organizations with bot threat intelligence based on research including analysis of dark web forums and marketplaces. Earlier this year, the 2022 Imperva Bad Bot Report revealed an uptick in malicious bot activity driving online fraud and cyberattacks with bots becoming more sophisticated and better equipped to evade detection.To read this article in full, please click here | Threat | ||
|
2022-10-31 11:09:00 | BrandPost: Phishing Attacks are on the Rise, and Cyber Awareness is One of Your Best Defenses (lien direct) | Cybersecurity Awareness Month has come to an end, yet security should be a top priority all year round for organizations of all shapes and sizes.The threat landscape is constantly evolving, with cybercriminals finding new ways to trick unsuspecting victims and infiltrate networks. For example, according to the 1H 2022 FortiGuard Labs Threat Report, ransomware is rampant, showing no signs of slowing its pace. These attacks are becoming more sophisticated and aggressive, with attackers introducing new strains and updating, enhancing, and reusing old ones. What's especially concerning as we look back at the first half of 2022 is that we observed 10,666 ransomware variants, compared to just 5,400 in the previous six months. That's nearly 100% growth in ransomware variants in half a year.To read this article in full, please click here | Ransomware Threat | ||
|
2022-10-28 10:01:00 | Phishing attacks increase by over 31% in third quarter: Report (lien direct) | Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.To read this article in full, please click here | Malware Threat | ★★★★ | |
|
2022-10-26 08:23:00 | Microsoft Event Log vulnerabilities threaten some Windows operating systems (lien direct) | A pair of newly discovered vulnerabilities have highlighted the ongoing risks posed by Internet Explorer's (IE) deep integration into the Windows ecosystem, despite Microsoft ending support for IE in June 2022.Discovered by the Varonis Threat Labs team, the exploits affect an IE-specific Event Log that is present on all current Windows operating systems up to, but not including, Windows 11. The vulnerabilities, dubbed LogCrusher and OverLog by the researchers, have been reported to Microsoft, which released a partial patch on October 11, 2022. Teams are urged to patch systems and monitor suspicious activity to mitigate security risks which include event log crashing and remote denial-of-service (DoS) attacks.To read this article in full, please click here | Threat | ||
|
2022-10-26 02:00:00 | How to update your Windows driver blocklist to keep malicious drivers away (lien direct) | For many years, attackers have used and abused various ways to get on our systems. From phishing to tricking us to click on websites, if an attacker can get their code on our systems they are no longer our systems. Attackers will even invest the time, energy, and expense to get their malicious drivers approved and co-designed through the Windows Hardware Compatibility Program in order to gain access to our machines. Ensuring that these malicious drivers are blocked is a key method for protecting systems.Microsoft has long touted a means to update this master listing on our systems and, in theory, the idea was valid: using settings and security hardware on the computer, enabling hypervisor-protected code integrity (HVCI) was supposed to protect systems from malicious drivers. Attackers have used such attacks in the past ranging from RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, to campaigns by the threat actor STRONTIUM. As a Microsoft blog in 2020 pointed out, if a computer had HVCI enabled, it would be able to defend itself against vulnerable and malicious drivers. In the blog post, it was noted that “Microsoft threat research teams continuously monitor the threat ecosystem and update the list of drivers that in the Microsoft-supplied blocklist. This blocklist is pushed down to devices via Windows update.”To read this article in full, please click here | Threat | APT 28 | |
|
2022-10-24 11:05:00 | BrandPost: Cybersecurity Executives Say These are the Most Pressing Challenges They Face (lien direct) | Most cybersecurity teams grapple with similar issues, from defending against the ever-changing threat landscape to finding time for training and upskilling opportunities. I recently had the chance to speak with numerous security executives and industry experts at the Fortinet Security Summit, held in conjunction with the second annual PGA Fortinet Championship in Napa Valley, to discuss some of these challenges, insights, and potential solutions for addressing them.Challenge #1: The Proliferation of New Threat Vectors If the first half of 2022 was any indication, security teams are in for an interesting ride as we look ahead. In just the first six months, data from FortiGuard Labs shows that the number of new ransomware variants identified increased by nearly 100% compared to the previous six-month period.To read this article in full, please click here | Ransomware Threat | ||
|
2022-10-24 07:43:00 | Security by design vital to protecting IoT, smart cities around the world, says CEO of UK NCSC (lien direct) | A secure by design approach is vital to protecting the internet of things (IoT) and smart cities, according to Lindy Cameron, CEO of the UK National Cyber Security Centre (NCSC). Cameron spoke during Singapore International Cyber Week, calling for swift ongoing action to ensure connected devices are designed, built, deployed, and managed securely to prevent malicious actors, improve national resilience, and reap the benefits of emerging technologies.Growth of IoT giving rise to increased security threats The scale of consumer-, enterprise-, and city-level IoT has exploded in the last decade, Cameron said, and the magnitude of changes coupled with growing dependency on connected technology has introduced significant security risks. “That is why now is the time to make sure we're designing and building them properly,” she added. “We all know that connected places are an evolving ecosystem, comprising a range of systems that exchange, process and store sensitive data, as well as controlling critical operational technology. Unfortunately, this makes these systems an attractive target for a range of threat actors. The threat posed by nation states is particularly acute.”To read this article in full, please click here | Threat | ||
|
2022-10-20 15:49:00 | BrandPost: DDoS Threat Intelligence Report Reveals Troubling Attacker Behavior (lien direct) | If there's one consistent quality shared by all cybercriminals, it's they never fail to innovate to get what they want – whether that's to spy; spread mayhem, or access sensitive corporate data, personal information, or lucrative financial details. This certainly holds true for our findings in the newest DDoS Threat Intelligence Report, which launches September 27, 2022. As we discussed in a previous blog, we have changed the formatting of the report to make the data more accessible and reader-friendly, essentially breaking it into eight vignettes that cover geographical findings as well as several troubling trends. In addition to data for four geographical regions - North America, Latin America; Asia Pacific (APAC); and Europe, Middle East, and Africa (EMEA) - the following new sections cover a number of attack trends.To read this article in full, please click here | Threat | ||
|
2022-10-20 10:28:00 | With Conti gone, LockBit takes lead of the ransomware threat landscape (lien direct) | The number of ransomware attacks observed over the previous three months declined compared to the previous quarter, according to reports from two threat intelligence companies. However, the gap left by the Conti gang has been filled by other players, with LockBit cementing itself in the top position and likely to serve as a future source for ransomware spin-offs.From July to September, security firm Intel 471 counted 455 attacks from 27 ransomware variants, with LockBit 3.0 being responsible for 192 of them (42%). Meanwhile, security firm Digital Shadows tracked around 600 ransomware victims over the same time period, with LockBit accounting for 35% of them.To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-10-20 06:00:00 | Attackers switch to self-extracting password-protected archives to distribute email malware (lien direct) | Distributing malware inside password-protected archives has long been one of the main techniques used by attackers to bypass email security filters. More recently, researchers have spotted a variation that uses nested self-extracting archives that no longer require victims to input the password.“This is significant because one of the most difficult obstacles threat actors face when conducting this type of spam campaign is to convince the target to open the archive using the provided password,” researchers from Trustwave SpiderLabs said in a new report.To read this article in full, please click here | Spam Malware Threat | ||
|
2022-10-20 04:23:00 | High, medium severity vulnerabilities impacting Zimbra Collaboration Suite (lien direct) | Threat actors are actively exploiting multiple Common Vulnerabilities and Exposures (CVEs) against enterprise cloud-hosted collaboration software and email platform Zimbra Collaboration Suite (ZCS), according to an advisory update jointly issued by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The latest update lists CVEs currently being exploited based on a new Malware Analysis Report, MAR-10398871.r1.v2 and warns that threat actors may be targeting unpatched ZCS instances in both government and private sector networks.To read this article in full, please click here | Threat | ||
|
2022-10-18 13:25:00 | BrandPost: 2022 Cloud-Native Threats (lien direct) | The inaugural 2022 Sysdig Cloud-Native Threat Report exposes some of the year's most pervasive and costly cloud threats. As organization's use of containers and cloud services continues to grow, attackers are turning their attention to the cloud.Just one threat actor can make substantial gains by simply taking advantage of misconfigurations and old exploits. They can earn thousands of dollars, almost passively off of their victims' cloud infrastructure.Containers allow developers to get infrastructure up and running fast, but if malicious code is hidden inside by an attacker, the entire infrastructure can be compromised.To read this article in full, please click here | Threat | ||
|
2022-10-13 10:52:00 | New Chinese attack framework Alchimist serves Windows, Linux, and macOS implants (lien direct) | Researchers have discovered a new attack framework of Chinese origin that they believe is being used in the wild. The framework is made up of a command-and-control (C2) backend dubbed Alchimist and an accompanying customizable remote access Trojan (RAT) for Windows and Linux machines. The framework can also be used to generate PowerShell-based attack shellcode or distribute malicious implants for other platforms such as macOS.“Our discovery of Alchimist is yet another indication that threat actors are rapidly adopting off-the-shelf C2 frameworks to carry out their operations,” researchers from Cisco Talos said in a new report. “A similar ready-to-go C2 framework called 'Manjusaka' was recently disclosed by Talos.”To read this article in full, please click here | Threat | ||
|
2022-10-12 08:41:00 | BrandPost: Gain Full Visibility for Threat Detection and Response with Deep Packet Inspection (lien direct) | Deep packet inspection (DPI) is a method of examining the content of data packets as they pass through the network. Contrary to conventional packet (or NetFlow) filters – which are devices that check only the packet headers for information regarding Internet Protocol (IP) address, source, and destination as well as port numbers - DPI examines a much larger range of metadata. The inspection process includes examining not just the header but also the data, or payload, the packet is carrying. So, why DPI for cybersecurity?The only place an attacker can't hide is on the network. DPI tools, as opposed to NetFlow-based tools, provide the most meaningful content possible in threat detection and response. This is because network packets cannot be altered, so they represent the absolute truth. A network detection and response (NDR) solution is the only way to expose bad actors and can work in conjunction with other tools such to increase the strength of your security stack. These include endpoint detection and response (EDR); security information and event management (SIEM); firewalls; security orchestration, automation and response (SOAR); and extended detection and response (XDR).To read this article in full, please click here | Threat | ||
|
2022-10-12 02:00:00 | China\'s attack motivations, tactics, and how CISOs can mitigate threats (lien direct) | A new report published by Booz Allen Hamilton provides detailed insight into global cyber threats posed by the People's Republic of China (PRC). The China Cyber Threat Report outlines Beijing's chief motivations for carrying out cyberattacks or espionage, the key tactics it employs, and provides strategies for CISOs to help their organizations to better identify and prepare for PRC cyber campaigns.Security, sovereignty, development: key PRC cyberattack motivators The report identifies three “core interests” over which China is willing to authorize offensive cyber operations if threatened, related to the nation's political system, territory, and economy:To read this article in full, please click here | Threat | ||
|
2022-10-06 10:34:00 | BrandPost: Overcoming Cybersecurity Implementation Challenges (lien direct) | Cybersecurity has long been one of the most complex landscapes an organization must navigate; with each new threat or vulnerability, complexity continues to grow. This is especially true for organizations that have traditionally taken a point product approach to their security because implementing new security measures properly and reliably takes time and expertise. Today, as more businesses look to digitize their services, dealing with these cybersecurity challenges is no longer optional.Every new tool must be installed, tested, and validated, and then people must be trained to leverage them well. On average, organizations are adopting dozens of different products, services, and tools for their cybersecurity. So, finding ways to make implementing cybersecurity smoother, faster, and more efficient has become a key goal for cybersecurity professionals. As businesses plan for a post-pandemic and digitally accelerated era, many CISOs across multiple industries strive for simplicity and focus on reducing their security vendor blueprint as part of their annual KPIs. Implementation, in particular, has always been an important consideration for successful cybersecurity programs because of the time, expense, personnel, and expertise often required not only to implement individual point products but to stitch them together in order to avoid security gaps while also eliminating redundancies. In the event of a serious incident, security operations center (SOC) analysts typically confess to switching between multiple vendor consoles and event types in order to decipher alerts. Organizations and teams need a better approach, so they're not either continually exposed or overworked from the alerts created by overlap.To read this article in full, please click here | Tool Threat | ||
|
2022-10-06 05:00:00 | Dashlane launches new Dark Web Insights tool, MFA authenticator app, small biz Starter plan (lien direct) | Password manager vendor Dashlane has announced updates to its suite of enterprise offerings. These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses. The firm has also introduced new live phone support service whereby users can request and book a call directly with Dashlane's support team.Breached employee credentials on dark web pose significant threat to businesses In a press release, Dashlane stated that its new Dark Web Insights tool “continuously scans” more than 20 billion records attached to hacks or data breaches on the dark web, providing users with a bespoke breakdown of compromised passwords across their organization. Dark Web Insights also provides admins the ability to scan their organization for incidences of breached credentials and invite non-Dashlane using, breached employees to begin using Dashlane through built-in seat provisioning. The firm said that, by pairing this alert function with the ability to generate new, random, and unique passwords, admins can take action quickly once alerted about compromised credentials.To read this article in full, please click here | Tool Threat | ★★★ | |
|
2022-10-06 02:00:00 | 5 reasons why security operations are getting harder (lien direct) | Recent ESG research reveals that 52% of security professionals believe security operations are more difficult today than they were two years ago. Why? Security operations center (SOC) teams point to issues such as: A rapidly evolving and changing threat landscape: Forty-one percent of security professionals find it difficult to understand and counteract modern threats like ransomware or supply chain attacks and then build this knowledge into a comprehensive security operations program. Most react to threats and indicators of compromise (IoCs) rather than study cyber-adversaries and plan ahead. A growing attack surface: This issue came up with 39% of respondents, but attack surface challenges are no surprise. Other ESG research indicates that the attack surface is growing at two-thirds (67%) of organizations, driven by third-party IT connections, support for remote workers, increased public cloud usage, and adoption of SaaS applications. A growing attack surface means more work, vulnerabilities, and blind spots for SOC teams. Little wonder then why 69% of organizations admit to a cyber-incident emanating from an unknown, unmanaged, or poorly managed internet-facing asset. The volume and complexity of security alerts: We've all heard about “alert storms” and “alert fatigue.” Based on the ESG data, these conditions aren't just marketing hype, as 37% of SOC teams say that alert volume and complexity is making security operations more difficult. It's easy to understand this one: Imagine viewing, triaging, prioritizing, and investigating a constant barrage of amorphous security alerts from a variety of different detection tools and you'll get the picture. Seems overwhelming but that's the reality for level 1 SOC analysts at many organizations. Public cloud usage: Beyond just expanding the attack surface, more than one-third (34%) say that security operations are more difficult as a direct result of growing use of the public cloud. This is not just a numbers game. Securing cloud workloads is difficult due to multi-cloud deployment, ephemeral cloud instances, and developer use of new cloud services that security teams may be unfamiliar with. Chasing cloud evolution and associated software developer whims has become part of the job. Keeping up with the care and feeding of security technologies: More than half (54%) of organizations use more than 26 different commercial, homegrown, or open-source tools for security operations. The burden of managing and maintaining all these disparate technologies alone can be difficult. This is one reason why many firms are replacing on-site security tools with cloud-based alternatives. Growing scale complicates security operations In analyzing this data, it's easy to see a common theme across these different responses – scale. Everything is growing – threats, IT, alerts, tools, everything. The research illustrates the fact that we don't have the people, processes, or technologies to keep up with these scaling needs.To read this article in full, please click here | Ransomware Threat | ||
|
2022-10-05 13:02:00 | BrandPost: Executive Briefing: Unit 42 Cloud Threat Report (lien direct) | The key headline of the latest Unit 42 Cloud Threat Report isn't about the most sophisticated attacks. It's that nearly all organizations we analyzed lack the proper controls to keep their cloud resources secure.The term for this in cloud security is identity and access management (IAM), and it refers to the policies that define who has permission to do what in a cloud environment. A fundamental best practice for policies like this is to apply least privilege access – ensuring that each user or group has the minimum access required to perform necessary functions. This helps minimize the damage an attacker can do in the event of a compromise as the attacker will only gain access to the limited information and capabilities of that one compromised cloud resource.To read this article in full, please click here | Threat | ||
|
2022-10-03 11:41:00 | BrandPost: The Cyberthreat Minute: The Scale and Scope of Worldwide Cybercrime in 60 Seconds (lien direct) | By Steve Ginty, Principal Program Manager, Microsoft Defender Threat Intelligence (MDTI)Cybercrime is big and growing bigger. So much so that it can often be difficult to fully understand the impact online attacks have driven over the past decades. To better illustrate the scale and scope of worldwide cybercrime, we've used data from across Microsoft-owned properties and a mix of external sources to create the Cyberthreat Minute, a comprehensive report on malicious activity that is happening within any given 60-second window across the world.To read this article in full, please click here | Threat | ||
|
2022-10-03 08:42:00 | LiveAction adds new SOC-focused features to ThreatEye NDR platform (lien direct) | End-to-end network security and performance visibility vendor LiveAction has announced new security operations center (SOC) focused updates to its Network Detection and Response (NDR) platform, ThreatEye. In a press release, the firm stated that the platform features a new user interface (UI) designed to enhance the ability of SOC analysts to correlate findings and policy violations to track incidents.The platform offers enhanced predicative threat intelligence capabilities that allow SOC analysts to identify and track domains and IP addresses not yet active but registered by threat actors and associated malware campaigns. It also includes packet-based behavioral fingerprinting to identify behavior in encrypted traffic streams and host-based behavioral analysis, LiveAction added.To read this article in full, please click here | Malware Threat | ||
|
2022-09-29 02:00:00 | Recent cases highlight need for insider threat awareness and action (lien direct) | On September 1, a crew of US government offices launched the fourth-annual National Insider Threat Awareness Month (NITAM). The goal of the month-long event is to educate the government and industry about the dangers posed by insider threats and the role of insider threat programs. This year's campaign focuses on the importance of critical thinking to help workforces guard against risk in digital spaces.The NITAM launch announcement cited recent examples of insider threats in the digital space:To read this article in full, please click here | Threat | ||
|
2022-09-26 16:51:00 | BrandPost: Extortion Economics: Ransomware\'s New Business Model (lien direct) | Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.And yet, many threat actors are working within a limited pool of ransomware groups. Although ransomware is a headline-grabbing topic, it's ultimately being driven forward by a relatively small and interconnected ecosystem of players. The specialization and consolidation of the cybercrime economy has fueled ransomware as a service (RaaS) to become a dominant business model - enabling a wider range of criminals to deploy ransomware regardless of their technical expertise. This, in turn, has forced all of us to become cybersecurity defenders.To read this article in full, please click here | Ransomware Threat | ||
|
2022-09-26 13:59:00 | Zoho ManageEngine flaw is actively exploited, CISA warns (lien direct) | A remote code execution vulnerability in Zoho's ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities last week, highlighting an immediate threat for organizations that haven't yet patched their vulnerable deployments.The vulnerability, tracked as CVE-2022-3540, was privately reported to Zoho in June by a security researcher identified as Vinicius and was fixed later that same month. The researcher posted a more detailed writeup at the beginning of this month and, according to him, it's a Java deserialization flaw inherited from an outdated version of Apache OFBiz, an open-source enterprise resource planning system, where it was patched in 2020 (CVE-2020-9496). This means that the Zoho ManageEngine products were vulnerable for two years due a failure to update a third-party component.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-09-26 08:43:00 | US CISA/NSA release new OT/ICS security guidance, reveal 5 steps threat actors take to compromise assets (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have published a new Cybersecurity Advisory (CSA) for protecting operational technology (OT) and industrial control systems (ICS). The CSA outlines the Tactics, Techniques and Procedures (TTPs) malicious actors use to compromise OT/ICS assets and recommends security mitigations that owners and operators should implement to defend systems. The new advisory builds on previous NSA/CISA guidance on stopping malicious ICS activity and reducing OT exposure, and comes as the cybersecurity risks surrounding OT and ICS continue to threaten to safety of data and critical systems.To read this article in full, please click here | Threat | ||
|
2022-09-23 13:42:00 | SEO poisoning campaign directs search engine visitors from multiple industries to JavaScript malware (lien direct) | Researchers have discovered a high-effort search engine optimization (SEO) poisoning campaign that seems to be targeting employees from multiple industries and government sectors when they search for specific terms that are relevant to their work. Clicking on the malicious search results, which are artificially pushed higher in ranking, lead visitors to a known JavaScript malware downloader."Our findings suggest the campaign may have foreign intelligence service influence through analysis of the blog post subjects," researchers from security firm Deepwatch said in a new report. "The threat actors used blog post titles that an individual would search for whose organization may be of interest to a foreign intelligence service e.g., 'Confidentiality Agreement for Interpreters.' The Threat Intel Team discovered the threat actors highly likely created 192 blog posts on one site."To read this article in full, please click here | Malware Threat Guideline | ||
|
2022-09-22 13:55:00 | Ransomware operators might be dropping file encryption in favor of corrupting files (lien direct) | Ransomware started out many years as scams where users were being tricked into paying fictitious fines for allegedly engaging in illegal online behavior or, in more serious cases, were blackmailed with compromising videos taken through their webcams by malware. The threat has since come a long way, moving from consumers to enterprises, adding data leak threats on the side and sometimes distributed denial-of-service (DDoS) blackmail.The attacks have become so widespread that they now impact all types of organizations and even entire national governments. The cybercriminal groups behind them are well organized, sophisticated, and even innovative, always coming up with new extortion techniques that could earn them more money. But sometimes, the best way to achieve something is not to complexity but to simplify and this seems to be the case in new attacks seen by researchers from security firms Stairwell and Cyderes where known ransomware actors opted to destroy files instead of encrypting them.To read this article in full, please click here | Ransomware Threat | ||
|
2022-09-21 11:55:00 | BrandPost: Great Cyber Hygiene Starts with a Culture of Security Awareness (lien direct) | With October fast approaching, we are reminded by Cybersecurity Awareness Month that cybersecurity affects everyone and is everyone's responsibility. This is why organizations are focusing more and more on implementing cybersecurity awareness training to improve cyber hygiene and behaviors across their entire workforce. Having the right cybersecurity solutions is critical, but if an organization's workforce doesn't utilize the security tools in place or doesn't know what to avoid in their day-to-day activities, they're putting themselves at risk and, ultimately, their organizations at risk of being breached. Every person at an organization-regardless of their role-must be on top of their game to defend the enterprise against threat actors.To read this article in full, please click here | Threat | ||
|
2022-09-21 02:00:00 | Top 5 attack surface challenges related to security operations (lien direct) | According to newly published ESG research, just over half of all organizations (52%) say that security operations are more difficult today than they were two years ago. When asked why, 41% pointed to an evolving and dangerous threat landscape, 38% identified a growing and changing attack surface, 37% said that alert volume and complexity are driving this change, and 34% blamed growing use of public cloud computing services.Now most of these challenges are déjà vu all over again, impacting security teams year after year. There is one exception, however: The growing attack surface. Certainly, the attack surface has been growing steadily since we all started using Mosaic browsers, but things really took off over the past few years. Blame Amazon, COVID, or digital transformation, but organizations are connecting IT systems to third parties, supporting remote workers, developing cloud-native applications, and using SaaS services in record numbers. When you take all these factors into consideration, enterprise organizations typically use tens of thousands of internet-facing assets.To read this article in full, please click here | Threat | ||
|
2022-09-20 11:51:00 | BrandPost: Threat Actors Are Launching More Direct-Path DDoS Attacks (lien direct) | Just as the emergence of COVID-19 led to changes in how threat actors launched attacks, the return to work and school that began in the second half of 2021 (before Omicron reared its ugly head in November) resulted in a number of changes on the part of cyber attackers.One of the more noticeable changes has been an increase in attacks that target specific industries. With these direct-path attacks, threat actors target individual organizations rather than indiscriminately targeting customers of communications service providers (CSPs) such as internet service providers (ISPs) and wireless carriers.Specifically, threat actors launched two direct-path packet-flooding attacks of more than 2.5 terabits per second using server-based botnets in 2H 2021. These are the first terabit-class, direct-path distributed denial-of-service (DDoS) attacks that have been identified, and they signal that changes are afoot in attacker strategy.To read this article in full, please click here | Threat | ||
|
2022-09-20 04:03:00 | Uber links cyberattack to LAPSUS$, says sensitive user data remains protected (lien direct) | Uber has linked its recent cyberattack to an actor (or actors) affiliated with the notorious LAPSUS$ threat group, responsible for breaching the likes of Microsoft, Cisco, Samsung, Nvidia and Okta this year. The announcement came as the ride-hailing giant continues to investigate a network data breach that occurred on Thursday, September 15.Attacker gained elevated permissions to tools including G-Suite and Slack In a security update published on Monday, September 19, Uber wrote, “An Uber EXT contractor had their account compromised by an attacker. It is likely that the attacker purchased the contractor's Uber corporate password on the dark web, after the contractor's personal device had been infected with malware, exposing those credentials. The attacker then repeatedly tried to log in to the contractor's Uber account.” Each time, the contractor received a two-factor login approval request, which initially blocked access, it added.To read this article in full, please click here | Threat | Uber Uber | |
|
2022-09-19 05:05:00 | 5 ways to grow the cybersecurity workforce (lien direct) | The demand for cybersecurity professionals has surged over the past decade. According to (ISC)2's 2020 Cybersecurity Workforce Study, while the global cybersecurity workforce need stands at 3.1 million, with nearly 400,000 open cybersecurity positions in the U.S. In addition, more than half of survey respondents (56%) say that cybersecurity staff shortages are putting their organizations at risk.“This remains an emerging industry with threats shifting almost on a daily basis, including new threat actors, new technologies and the evolution of 5G,” says Erin Weiss Kaya, a Booz Allen talent strategy expert for cyber organizations. “Yet we're still dealing with an 0% unemployment rate, with far more demand than we have current supply.”To read this article in full, please click here | Threat | ||
|
2022-09-19 02:00:00 | International cooperation is key to fighting threat actors and cybercrime (lien direct) | In this era of cybersecurity, when nation-state digital attacks and cybercrime quickly cut across country borders and create global crises, international cooperation has become an urgent priority. The need for global collaboration to cope with various pressing threats, from electronic espionage to ransomware attacks on critical infrastructure, is imperative to prevent economic and social disasters, top cybersecurity professionals and government officials say.At this year's Billington Cybersecurity Summit, leaders from across the globe gathered to discuss the importance of international partnerships in managing the persistent threats governments must address. The near-total digitalization of every aspect of society that exposes virtually all public and private sector services to escalating cyber threats dictates a more robust, collective defense. Moreover, as cyber risks intensify and multiply, governments worldwide are stepping up their own independent efforts to protect against the rising tide of digital threats.To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-09-14 06:00:00 | One in 10 employees leaks sensitive company data every 6 months: report (lien direct) | Insider threats are an ongoing menace that enterprise security teams need to handle. It's a global problem but especially acute in the US-with 47 million Americans quitting their jobs in 2021, the threat of ex-employees taking sensitive information to competitors, selling it to criminals in exchange for cash, and leaking files to media is making data exfiltration a growing concern. About 1.4 million people who handle sensitive information in their organization globally were tracked over the period from January to June 30 this year by cybersecurity firm Cyberhaven to find out when, how and who is involved in data exfiltration.On average, 2.5% of employees exfiltrate sensitive information in a month, but over a six-month period, nearly one in 10, or 9.4% of employees, do so, Cyberhaven noted in its report. Data exfiltration incident occurs when data is transferred outside the organization in unapproved ways.To read this article in full, please click here | Threat | ||
|
2022-09-13 02:00:00 | CNAPP buyers guide: Top tools compared (lien direct) | Cloud security continues to be a vexing situation, and the tool set continues to become more complex, riddled with acronyms representing possible solutions. Now there's another: the cloud native application protection platform, or CNAPP. This tool combines the coverage of four separate products: A cloud infrastructure entitlements manager (CIEM) that manages overall access controls and risk management tasks A cloud workload protection platform (CWPP) that secures code across all kinds of cloud-based repositories and provides runtime protection across the entire development environment and code pipelines A cloud access security broker (CASB) that handles authentication and encryption tasks A cloud security posture manager (CSPM) that combines threat intelligence and remediation IT and security managers are looking for a few basic elements from these products, including more accurate threat detection, support for all workloads across multiple cloud deployments, and ways to implement preventable controls.To read this article in full, please click here | Tool Threat | ||
|
2022-09-13 00:00:00 | Hands-on cyberattacks jump 50%, CrowdStrike reports (lien direct) | Enterprises monitored by CrowdStrike's Falcon OverWatch threat hunters faced 77,000 attempts of hands-on, interactive intrusions, or approximately one potential intrusion every seven minutes, between July 1, 2021, and June 30, 2022-a 50% year-over-year increase, according to a new report from the cybersecurity company.Breakout time, or the time an adversary takes to move laterally from an initially compromised host to another host within the victim's environment, fell to one hour and 24 minutes compared to one hour and 38 minutes during the year-earlier period, demonstrating that adversaries continue to sharpen their tradecraft, according to CrowdStrike. To read this article in full, please click here | Threat | ||
|
2022-09-08 14:14:00 | North Korean state-sponsored hacker group Lazarus adds new RAT to its malware toolset (lien direct) | Security researchers have discovered a new remote access Trojan (RAT) being used in attack campaigns this year by Lazarus, a threat actor tied to the North Korean government. The new RAT has been used alongside other malware implants attributed to Lazarus and it's mainly used in the first stages of an attack.Dubbed MagicRAT, the new Lazarus malware program was developed using Qt, a framework commonly used to develop graphical user interfaces for cross-platform applications. Since the Trojan doesn't have a GUI, researchers from Cisco Talos believe the reason for using Qt was to make detection harder.To read this article in full, please click here | Malware Threat | APT 38 | |
|
2022-09-06 10:09:00 | Transparency and policy shapes Cloudflare\'s Kiwi Farms decisions (lien direct) | Cloudflare percolated back into the news cycle last week when the company, which provides security services to websites, blocked Kiwi Farms as a client. Kiwi Farms has a reputation as being the worst trolling site on the internet, where individuals meet to collate and create action plans targeting individuals for both online and physical harassment including doxing and swatting (taking action that results in a police SWAT team arriving at a given address to neutralize the reported threat to life).Social networks were aflame with calls for Cloudflare to cease providing their services to Kiwi Farms. Indeed, a recent Vice article highlighted the case of Clara Sorrenti, also known as Keffals, an online streamer who has been doxed multiple times and was arrested on August 5 amidst a raid on her home as a result of swatting, highlighted how there have been at least three cases of individuals committing suicide as a result of the targeted harassment received as a result of the actions taking place on Kiwifarms.To read this article in full, please click here | Threat | ||
|
2022-09-05 02:00:00 | Top 12 managed detection and response solutions (lien direct) | Of all foundational elements for information security, logging requires far more care and feeding than its fellow cornerstones such as encryption, authentication or permissions. Log data must be captured, correlated and analyzed to be of any use. Due to typical log volume, software tools to manage log events is a must-have for businesses of any size.Traditionally, log events have been processed and handled using security information and event management (SIEM) tools. SIEM systems at the minimum provide a central repository for log data and tools to analyze, monitor and alert on relevant events. SIEM tools (and data analysis capabilities) have evolved more sophisticated capabilities such as machine learning and the ability to ingest third-party threat data.To read this article in full, please click here | Threat | ||
|
2022-09-01 13:30:00 | Ragnar Locker continues trend of ransomware targeting energy sector (lien direct) | The recent attack on Greece's largest natural gas transmission operator DESFA by ransomware gang Ragnar Locker is the latest on a growing list of incidents where ransomware groups attacked energy companies. This gang seems to prefer critical infrastructure sectors, having targeted over 50 such organizations in the U.S. over the past two years.According to a new analysis by researchers from Cybereason, Ragnar Locker is a growing threat that uses layers of encryption to hide instructions in its binary and kills various processes associated with remote login and support.To read this article in full, please click here | Ransomware Threat | ||
|
2022-09-01 06:15:00 | BrandPost: CIS Hardened Images Built on Google Cloud\'s Shielded VMs (lien direct) | Today, attackers use various types of malware to target organizations' cloud environments. Those threats include rootkits and bootkits. According to Malwarebytes, rootkits are tools through which cyber threat actors (CTAs) can achieve root (i.e. the highest level) permissions on an infected system for conducting reconnaissance, moving laterally to other network devices, and/or stealing sensitive information. Bootkits are similar to rootkits, noted Positive Technologies, the major difference being that bootkits activate before an operating system (OS) and, by extension, its various security mechanisms finish booting up.To read this article in full, please click here | Malware Threat | ★★ | |
|
2022-09-01 06:14:00 | BrandPost: How to Avoid Cloud Misconfigurations (lien direct) | Organizations with cloud workloads need to protect themselves against a variety of risks. While most organizations focus on security against attackers, breaches resulting from simple misconfigurations can be just as commonplace.For instance, the 2022 Verizon Data Breach Investigation Report (DBIR) found that cloud misconfigurations pose an ongoing threat to organizations. Error, especially misconfigured cloud storage, factored in 13% of data breaches analyzed by Verizon this year.To read this article in full, please click here | Data Breach Threat | ||
|
2022-08-31 11:23:00 | BrandPost: Attackers are Launching Successful Application-layer Attacks Using Encryption (lien direct) | As we have said many times before, threat actors are always looking for ways to improve on their attack strategies. This nefarious behavior is clearly seen in the ways attackers are utilizing application-layer DDoS attacks, as detailed in the 2H 2021 Threat Intelligence Report.To read this article in full, please click here | Threat | ||
|
2022-08-31 05:15:00 | Palo Alto adds new SaaS compliance, threat prevention, URL filtering features to Prisma solution (lien direct) | Cybersecurity vendor Palo Alto Networks has announced new updates to its Prisma Secure Access Service Edge (SASE) platform that introduce new Software as a Service (SaaS) security and compliance support for customers, along with enhanced threat prevention and URL filtering capabilities. The firm has also released a new native artificial intelligence for IT operations (AIOps) solution for SASE to help simplify networking and security operations. The launches come as the hybrid working era persists with organizations increasingly implementing and relying on SaaS applications, introducing new and complex security challenges.New Prisma features address SaaS security and compliance challenges, help prevent phishing, ransomware, C2 attacks In a press release, Palo Alto estimated that the average business now uses more than 115 SaaS applications. With vast amounts of sensitive data typically stored in SaaS apps, security misconfigurations pose serious threats to organizations. Its latest features are therefore partly designed to help customers improve their SaaS security and risk management positions, along with enhancing other key elements of modern cyber resilience.To read this article in full, please click here | Threat | ||
|
2022-08-25 09:24:00 | BrandPost: Beyond the Cyber Buzzwords: What Executives Should Know About Zero Trust (lien direct) | Invented in 2010 by Forrester Research, Zero Trust is a cybersecurity model enterprises can leverage to remove risky, implicitly trusted interactions between users, machines and data. The Zero Trust model provides a process for organizations to protect themselves from threats no matter what vector the threat originates from-whether from across the world or from Sandy down the hall. The three main principles to follow to realize the benefits of this model were: Ensure that all resources are accessed securely, regardless of location. Adopt a least-privileged strategy and strictly enforce access control. Inspect and log all traffic. After 11 years, these ideas and principles have matured in the face of growing digital transformation, remote work, and bring-your-own-device proliferation. New principles have developed in light of the U.S. Federal Government mandating Zero Trust, codified in the NIST 800-207 with further details in the NCCoE's Zero Trust Architecture. Those principles are:To read this article in full, please click here | Threat | ||
|
2022-08-24 22:54:00 | BrandPost: Doing More with Less: The Case for SOC Consolidation (lien direct) | The traditional security operations center (SOC) is based on a model that has persisted for decades, yet it's no longer effective. Too much has shifted in organizations and in the threat landscape for the “old ways” to work.Now is the time for a change to enable a modern SOC-taking on SOC consolidation to achieve better outcomes, with faster remediation, reduced risk and an overall stronger security posture.So, what exactly has changed for SOCs? In legacy SOCs, IT security staff are seated shoulder-to-shoulder in close proximity, looking at screens loaded with myriad details, providing views and data from dozens of security tools delivering a never-ending stream of alerts. This traditional SOC model was always about trying to keep up in a race against alerts and resource constraints that could never really be won.To read this article in full, please click here | Threat | ||
|
2022-08-24 03:00:00 | Why business email compromise still tops ransomware for total losses (lien direct) | While businesses are busy trying to protect themselves against ransomware attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques-business email compromise (BEC).Enterprise security has skewed toward ransomware in recent years, but FBI data highlights that enterprises in aggregate are losing 51 times more money through BEC attacks. In 2021, BEC attacks in the US caused total losses of $2.4 billion, a 39% increase from 2020. In contrast, at the same time, companies in the US lost only $49.2 million to ransomware.To read this article in full, please click here | Ransomware Threat | ||
|
2022-08-18 12:29:00 | BrandPost: Staging a Cyberattack Can be as Easy as Using DDoS-for-hire Services (lien direct) | If you partake in fairly current movies, television shows, games, and books, it's likely you've seen (and maybe even believed?) the stereotypes often associated with threat actors. They're often portrayed as antisocial/awkward geniuses (think “Mr. Robot” and “The Girl with the Dragon Tattoo”), super-sleuth law enforcement types (think “Untraceable”), and even groups formed to take down/assist government organizations (think “Homeland” and “24”).And although those entertainment options sometimes provide interesting, enjoyable or ridiculous narratives, the reality is that cyberattacks can be launched with much less effort via underground DDoS-for-hire services.To read this article in full, please click here | Threat | ||
|
2022-08-18 04:44:00 | BrandPost: Zscaler Security Service Edge: Why it Just Works (lien direct) | Today's forward-looking organizations are enabling better productivity and agility by adopting a globally-delivered cloud platform that provides unified threat prevention, data protection, and zero trust remote access.Legacy network security offerings cannot support the requirements of a cloud-first world. Data is now distributed outside the data center in cloud applications, and users are off the corporate network accessing content that is also off-network. Gartner has developed a new framework that defines the security services needed to support this new reality: Security Service Edge (SSE).Zscaler SSE key capabilities A cloud-first architecture: The Zscaler SSE architecture helps accelerate cloud adoption by removing IT friction through consolidating and simplifying security services. Without the need for appliance management, Zscaler offers a unified platform for risk reduction that helps secure all users on- or off-network and reduces IT cost and complexity.To read this article in full, please click here | Threat | ||
|
2022-08-17 05:00:00 | (Déjà vu) Google updates Chronicle with enhanced threat detection (lien direct) | Google Cloud Wednesday announced the general availability of what it calls “curated detection” for its Chronicle security analysis platform. The new detection feature leverages the threat intelligence that Google gains from protecting its own user base into an automated detection service that covers everything from ransomware, infostealers and data theft to simple misconfigured systems and remote access tools.The new product will integrate authoritative data sources like MITRE ATT&CK to help organizations contextualize and better understand potential threats, as well as providing constantly updated threat information from Google's own security team.To read this article in full, please click here | Threat |
To see everything:
Our RSS (filtrered)
