What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-17 05:00:00 | Google updates Chronicle to climb on managed detection and response train (lien direct) | Google Cloud Wednesday announced the general availability of what it calls “curated detection” for its Chronicle security analysis platform, placing the company into the ranks of the contenders in the fast-growing managed detection and response market (MDR).Chronicle's new curated detection feature leverages the threat intelligence that Google gains from protecting its own user base into an automated detection service that covers everything from ransomware, infostealers and data theft to simple misconfigured systems and remote access tools.To read this article in full, please click here | Threat | ||
|
2022-08-16 03:52:00 | Exposed VNCs threatens critical infrastructure as attacks spike (lien direct) | New research from threat intelligence and cybersecurity company Cyble has identified a peak in attacks targeting virtual network computing (VNC) – a graphical desktop-sharing system that uses the Remote Frame Buffer (RFB) protocol to control another machine remotely – in critical infrastructure sectors. By analyzing the data from its Global Sensor Intelligence (CGSI), Cyble researchers noticed a spike in attacks on port 5900 (the default port for VNC) between July 9 and August 9, 2022. Most attacks originated from the Netherlands, Russia, and Ukraine, according to the firm, and highlight the risks of exposed VNC in critical infrastructure.Exposed VNC putting ICS at risk, assets frequently distributed on cybercrime forums According to a blog posting detailing Cyble's findings, organizations that expose VNCs over the internet by failing to enable authentication broaden the scope for attackers and increase the likelihood of cyber incidents. It detected more than 8,000 exposed VNC instances with authentication disabled. Cyble also found that exposed assets connected via VNCs are frequently sold, bought, and distributed on cybercrime forums and market.To read this article in full, please click here | Threat | ||
|
2022-08-11 14:17:00 | Top cybersecurity products unveiled at Black Hat 2022 (lien direct) | Zero trust security management, extended detection and response (XDR), and a host of other threat and vulnerability management offerings were among the top products and services launched at Black Hat USA 2022 this week in Las Vegas.Black Hat is an annual global conference of security professionals, enthusiasts and vendors, serving as a stage for innovation in the cybersecurity field. The exhibition and conference is conducted annually in locations in the US, Europe, Asia and the Middle East, with Las Vegas typically being the biggest event. Here below are some of the more interesting product announcements that took place at the show this week.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-08-11 03:53:00 | Cisco admits hack on IT network, links attacker to LAPSUS$ threat group (lien direct) | IT, networking, and cybersecurity solutions giant Cisco has admitted suffering a security incident targeting its corporate IT infrastructure in late May 2022. On August 10, the firm stated that an employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized. Bad actors published a list of files from this security incident to the dark web, Cisco added.“The incident was contained to the corporate IT environment and Cisco did not identify any impact to any Cisco products or services, sensitive customer data or employee information, Cisco intellectual property, or supply chain operations,” the company said. Cisco claimed it took immediate action to contain and eradicate the bad actor, which it has linked to notorious threat group LAPSUS$. It also said that it has taken the decision to publicly announce the incident now as it was previously actively collecting information about the bad actor to help protect the security community.To read this article in full, please click here | Hack Threat | ||
|
2022-08-11 02:00:00 | Black Basta: New ransomware threat aiming for the big league (lien direct) | Many ransomware gangs have risen to the top over the years only to suddenly disband and be replaced by others. Security researchers believe many of these movements in the ransomware space are intentional rebranding efforts to throw off law enforcement when the heat gets too high. This is also the suspicion for Black Basta, a relatively new ransomware operation that saw immediate success in several months of operation. Some believe it has splintered off from the infamous Conti gang.To read this article in full, please click here | Ransomware Threat | ||
|
2022-08-10 05:00:00 | CrowdStrike adds AI-powered indicators of attack to Falcon platform (lien direct) | Cybersecurity vendor CrowdStrike has added new AI-powered indicators of attack (IoA) functionality to its Falcon platform. Announced at the Black Hat USA 2022 Conference, the enhancement leverages AI techniques to create new IoAs at machine speed and scale to help organizations stop emerging attack techniques and enable them to optimize detection and response, the firm said.AI IoAs trained on real-world adversary behavior, rich threat intelligence In a press release, CrowdStrike stated that Falcon now allows organizations to find emerging attack techniques with IoAs created by AI models trained on real-world adversary behavior and rich threat intelligence. Brian Trombley vice president product management, endpoint security at CrowdStrike, tells CSO that the AI-powered IoAs leverage intelligence from the CrowdStrike Security Cloud, where the firm collects over one trillion security events per day from its customer base.To read this article in full, please click here | Threat | ||
|
2022-08-08 10:05:00 | Ransomware, email compromise are top security threats, but deepfakes increase (lien direct) | While ransomware and business email compromise (BEC) are leading causes of security incidents for businesses, geopolitics and deepfakes are playing an increasing role, according to reports from two leading cybersecurity companies.VMware's 2022 Global Incident Threat Response Report shows a steady rise in extortionary ransomware attacks and BEC, alongside fresh jumps in deepfakes and zero-day exploits.To read this article in full, please click here | Ransomware Threat Guideline | ||
|
2022-08-04 14:35:00 | (Déjà vu) Palo Alto debuts Unit 42 team for managed detection and response (lien direct) | Palo Alto Networks this week announced the immediate availability of Unit 42 Managed Detection and Response (MDR), a service providing on-call cybersecurity specialists to track and respond to security threats in real time.The idea is to back Palo Alto's existing automated Cortex extended detection and response (XDR) platform with human expertise, dedicating members of the company's threat response team and others to minimizing unnecessary alerts and prioritizing those from serious threats. It's a response, the company said in a statement, to an increasingly advanced and complicated threat environment-as well as an in-house security landscape that, in many cases, hasn't matured to match.To read this article in full, please click here | Threat | ||
|
2022-08-04 14:35:00 | Palo Alto debuts Unit 42 team for on-demand cybersecurity (lien direct) | Palo Alto Networks this week announced the immediate availability of Unit 42 Managed Detection and Response (MDR), a service providing on-call cybersecurity specialists to track and respond to security threats in real time.The idea is to back Palo Alto's existing automated Cortex extended detection and response (XDR) platform with human expertise, dedicating members of the company's threat response team and others to minimizing unnecessary alerts and prioritizing those from serious threats. It's a response, the company said in a statement, to an increasingly advanced and complicated threat environment-as well as an in-house security landscape that, in many cases, hasn't matured to match.To read this article in full, please click here | Threat | ||
|
2022-08-04 08:39:00 | (Déjà vu) Microsoft boosts threat intelligence with new Defender programs (lien direct) | Drawing from last year's acquisition of RiskIQ, Microsoft is adding two new threat-intelligence applications to its Defender product family, and separately offering new detection and response capabilities for SAP ERP systems to its Sentinel SIEM (security information and event management) product.Combining intelligence from the security research team at RiskIQ with existing in-house security findings, Microsoft has developed Microsoft Defender Threat Intelligence, a standalone library of raw adversary data. Microsoft says it is offering the library for free, accessible directly by all users, or from within its existing Defender family of security products, according to a blog post from Vasu Jakkal, a Microsoft vice president for security, compliance, identity, and management.To read this article in full, please click here | Threat | ||
|
2022-08-04 08:39:00 | Microsoft bolsters threat intelligence security portfolio with two new products (lien direct) | Drawing from last year's acquisition of RiskIQ, Microsoft is adding two new threat-intelligence applications to its Defender product family, and separately offering new detection and response capabilities for SAP ERP systems to its Sentinel SIEM (security information and event management) product.Combining intelligence from the security research team at RiskIQ with existing in-house security findings, Microsoft has developed Microsoft Defender Threat Intelligence, a standalone library of raw adversary data. Microsoft says it is offering the library for free, accessible directly by all users, or from within its existing Defender family of security products, according to a blog post from Vasu Jakkal, a Microsoft vice president for security, compliance, identity, and management.To read this article in full, please click here | Threat | ||
|
2022-08-04 06:46:00 | Deep Instinct\'s Prevention for Applications detects malicious files in transit (lien direct) | Cybersecurity vendor Deep Instinct has announced the launch of Deep Instinct Prevention for Applications, a new antimalware software product that detects and stops malicious files in transit.Prevention for Applications is deployed via a container within a customer's environment and does not require cloud access, with device and system agnostic flexibility that allows it to be implemented to protect any application. It advances threat protection beyond the endpoint with in-transit file scanning via API.Karen Crowley, Director of Product Solutions at Deep Instinct, tells CSO that PDF and Office files remain a large attack target as they are so widely used. “PDF documents can contain text, images, and codes that can be weaponized with hidden scripts that won't be detected and endanger the organization,” she says. “These files could open a backdoor and allow cybercriminals to access devices and then pivot to other areas of the network.”To read this article in full, please click here | Threat | ||
|
2022-08-04 02:00:00 | China, Huawei, and the eavesdropping threat (lien direct) | In the world of espionage and intrigue, China has always played the long game, planning far beyond the next quarter, looking over the horizon at the next generation. For this reason, it should come as no surprise that China and Chinese government-supported companies like Huawei will look at every avenue to advance the long-term goals of the Chinese Communist Party (CCP).With this in mind, CNN's exclusive report on the FBI's investigation into how Huawei's equipment could be used to disrupt and listen to U.S. nuclear arsenal communications should not have come as a surprise.To read this article in full, please click here | Threat | ★★★ | |
|
2022-08-04 02:00:00 | 11 stakeholder strategies for red team success (lien direct) | Red teams are a necessary evil – literally – in today's cyber threat landscape. Motivations for engaging in offensive testing activities can vary from regulatory requirements to certification aspirations. Truly proactive and progressive security programs incorporate offensive operations almost immediately as security is built and defined.Most organizations start with vulnerability scanning and then move into penetration testing (pentesting), taking the vulnerability scan one step farther from guessing a vulnerability could be exploited to proving exactly how it can be. Red team programs are often, incorrectly, synonymously associated with pentesting, but it is a very different function.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-08-03 07:19:00 | Qualys adds external attack management capability to cloud security platform (lien direct) | Cloud security and compliance software company Qualys on Wednesday announced it is adding external attack surface management (EASM) capabilities to the Qualys Cloud Platform.The new capability will be integrated into Qualys CSAM (cybersecurity asset management) 2.0, an inventory monitoring and resolution tool to help security teams gain visibility into previously unknown internet-facing assets.“Achieving full asset visibility remains one of cybersecurity's most elusive goals,” said Sumedh Thakar, Qualys CEO, in a press release. ”CyberSecurity Asset Management 2.0 solves this by providing both the holistic, external attacker-level and internal view of the attack surface to address the increased threat landscape comprehensively.”To read this article in full, please click here | Tool Threat | ||
|
2022-08-02 06:03:00 | BrandPost: Security Leaders Share 5 Steps to Strengthening Cyber Resilience (lien direct) | With new threat actors emerging every day and a growing number of cyber attacks making headlines, cybersecurity has become a critical business imperative. Security leaders face the dual challenge of needing to stay competitive in a rapidly evolving business landscape while also defending against increasingly serious cyber threats, reducing complexity, and facilitating their organization's digital transformation.To better understand emerging security trends and top concerns among Chief Information Security Officers (CISOs), Microsoft Security conducted a survey of more than 500 security professionals. Based on the responses we received, we developed five steps organizations can take to improve their cyber resilience in the process. Keep reading to uncover our insights.To read this article in full, please click here | Threat Guideline | ||
|
2022-08-01 10:00:00 | BrandPost: Three Pillars of the Autonomous SOC (lien direct) | Security operations center (SOC) leaders face a difficult balancing act. They need to secure complex infrastructures and applications as organizations shift to the cloud, achieve digital transformation, and manage risk – while attracting and retaining skilled cybersecurity talent in a tight labor market.Add in today's fast-evolving threat landscape with its increased volume of sophisticated attacks, and you have the perfect storm: the lack of visibility into complex operating environments, the inability to analyze cloud-scale volumes of data, and the struggle to enhance team performance. All of which lead to lower productivity and higher security risk.To read this article in full, please click here | Threat Guideline | ||
|
2022-08-01 05:07:00 | BrandPost: Solving the Challenges of Remediating Configuration Settings (lien direct) | A data breach can result in catastrophic consequences for any organization. Ensuring that your IT environment is safe from cyber threats can be a real challenge.To keep intruders out of your networks and data, you need more than up-to-date guidance. You also need to continually assess system configurations for conformance to security best practices and harden thousands of individual settings in your environment.But where do you start?Begin with recognized security best Practices The CIS Critical Security Controls (CIS Controls) are a prioritized set of actions that mitigate the most common cyber attacks. They translate cyber threat information into action. The CIS Benchmarks are secure configuration recommendations designed to safeguard systems against today's evolving cyber threats. Both CIS best practices provide organizations of all sizes with specific and actionable recommendations to enhance cyber defenses. Both are also mapped to or referenced by a number of industry standards and frameworks like NIST, HIPAA, PCI DSS, and more.To read this article in full, please click here | Data Breach Threat | ||
|
2022-08-01 05:04:00 | BrandPost: The Key to Regularly Performing Configuration Assessments (lien direct) | There's an old adage in business: "If you're not measuring something, you can't manage it." These days, information technology (IT) and information security professionals know this all too well, especially when it comes to configuration assessments.Network performance requires constant monitoring. Cyber threats demand identification and remediation. Systems need to be securely configured upon implementation and then assessed frequently to ensure they stay that way. What's more, cyber threat actors (CTAs) constantly seek out poorly configured or vulnerable systems. As organizations around the world experienced with the Log4j vulnerability, CTAs are constantly looking for ways try to exploit these weaknesses. After all, when one system is left unsecured, it often means that others are unsecure, as well.To read this article in full, please click here | Threat | ||
|
2022-07-28 10:08:00 | Attacks using Office macros decline in wake of Microsoft action (lien direct) | Microsoft's decision to turn off Office macros by default has had a significant impact on the use of the mini-programs by hackers, according to enterprise security company Proofpoint. In a blog posted today, the company noted its researchers have found that the use of macro-enabled attachments by threat actors has decreased approximately 66% between October 2021 and June 2022."We've seen them switch their tactics away from leveraging malicious macros into other kinds of attacks like LNK files," says Proofpoint Vice President for Threat Research and Detection Sherrod DeGrippo. "We've seen a 1,600% increase over the past ten months or so around using other tactics aside from malicious Office macros. The threat actors got the message that this is coming and are stifling their use of macros against individuals and organizations."To read this article in full, please click here | Threat | ||
|
2022-07-27 12:49:00 | BrandPost: How to Minimize Misconfigurations Across Your Systems (lien direct) | Misconfigurations are one of the most common causes of data breaches. According to the Identity Theft Resource Center (ITRC), configuration mistakes were responsible for a third of data breaches that resulted from human error in 2021. Some of these incidents involved misconfigured firewalls that allowed access to internal systems. Others involved unauthorized access to corporate cloud systems and servers.Misconfigurations and state-sponsored attacks Looking ahead, misconfigurations won't likely diminish in prevalence. In fact, Gartner predicted that 99% of cloud security incidents "will be the customer's fault" as a result of misconfigurations by 2023. Threat actors are just too familiar with misconfigurations to give them up as an attack vector. This holds true even for nation-state actors like those in Russia.To read this article in full, please click here | Threat | ||
|
2022-07-27 02:00:00 | 5 trends making cybersecurity threats riskier and more expensive (lien direct) | Since the pandemic the cyber world has become a far riskier place. According to the Hiscox Cyber Readiness Report 2022, almost half (48%) of organizations across the U.S. and Europe experienced a cyberattack in the past 12 months. Even more alarming is that these attacks are happening despite businesses doubling down on their cybersecurity spend.Cybersecurity is at a critical inflection point where five megatrends are making the threat landscape riskier, more complicated, and costlier to manage than previously reported. To better understand the evolution of this threat landscape, let's examine these trends in more detail.To read this article in full, please click here | Threat | ||
|
2022-07-26 13:16:00 | New Facebook malware targets business accounts (lien direct) | Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts.The company said that it has “high confidence” that a Vietnamese threat actor is behind the attacks, which aim malicious messages at LinkedIn users who are likely to have admin access to their companies' Facebook accounts. The threat actor also targets email addresses of potential victims directly.What makes the attack unique, according to WithSecure, is the infostealer malware component, which is designed specifically to gain access to Facebook Business accounts. Previous attacks targeting Facebook did not target Facebook Business accounts in particular. If a victim can be induced to open a malicious link, the malware scans the infected computer for browsers and extracts cookies that indicate authenticated Facebook sessions for use in gaining access to those accounts. Command and control is handled via the Telegram messaging service, using the Telegram Bot system, and private data is also sent back to the hacker in this way.To read this article in full, please click here | Malware Threat | ||
|
2022-07-26 07:26:00 | CrowdStrike enhances container visibility and threat hunting capabilities (lien direct) | Cloud-native security provider CrowdStrike has launched a cloud threat hunting service called Falcon Overwatch, while also adding greater container visibility capabilities to its Cloud Native Application Protection Platform (CNAPP).Falcon Overwatch includes agent and agentless threat hunting Falcon Overwatch is a standalone threat hunting service that uses CrowdStrike's cloud-oriented indicators of attack to gain visibility into evolved and sophisticated cloud threats across the entire control plane, which includes the network components and functions used for cloud workloads.The service leverages both of the CrowdStrike CNAPP's agent-based (Falcon cloud workload protection) and agentless (Falcon Horizon cloud security posture management) solutions, to provide greater visibility across multiple clouds, including Amazon Web Services, Azure, and Google Cloud.To read this article in full, please click here | Threat | ||
|
2022-07-26 02:00:00 | What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security (lien direct) | ISAC and ISAO definition [Editor's note: This article, originally published on July 3, 2019, has been updated with a directory of ISACs and ISAOs.]An Information Sharing and Analysis Center (ISAC) is an industry-specific organization that gathers and shares information on cyber threats to critical infrastructure. ISACs also facilitate the sharing of data between public and private sector groups.[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ] ISACs were established under a presidential directive in 1998 to enable critical infrastructure owners and operators to share cyber threat information and best practices. Besides being sector specific, most ISACs are comprised of large companies with a different set of priorities and challenges than a vast majority of smaller organizations and entities, according to Michael Echols, CEO of the International Association of Certified ISAO's (IACI) at the Kennedy Space Center.To read this article in full, please click here | Threat | ||
|
2022-07-26 02:00:00 | How a sex worker became a defense contractor employee -- and an insider threat (lien direct) | The headline read, “How an unqualified sex worker allegedly infiltrated a top Air Force lab” and our eyes immediately rolled as we read the bizarre case of Dr. James Gord. He maneuvered a 32-year-old sex worker into a position of trust within Spectral Energies, a government contractor associated with the U.S. Air Force Research Laboratory located at Wright Paterson Air Force Base. His motivation? He wished to keep his sexual liaison sub rosa.Stuff right out of Ripley's Believe It or Not. While we sit and smirk at the ridiculousness of the situation, a deeper dive gives CISOs and their organizations food for thought as we dissect how Gord was able to manipulate his business partner and others to successfully place an individual within his company who had no business being there. Specifically, it underscores the value of background checks on individuals being placed into sensitive roles.To read this article in full, please click here | Threat | Yahoo | |
|
2022-07-21 14:28:00 | BrandPost: Identity-first Security: How to Keep Your Security Team Strategic (lien direct) | The technological arc as we knew it pre-COVID is moving toward a new perimeter. How we work, where we work, and who we work with have all drastically changed in the last three years.Security teams across the globe have been forced to adapt to that change at an incredible pace just to keep up, prioritizing security approaches that align with the evolving threat landscape.That shift in prioritization may have begun as a means to ward off threats and to minimize increased risk, but it has also opened the door for security teams in every organization to play a strategic role in accelerating their businesses. In no area is this opportunity greater than identity.To read this article in full, please click here | Threat | ||
|
2022-07-21 11:38:00 | Deloitte expands its managed XDR platform (lien direct) | Deloitte announced an update this week to its Managed Extended Detection and Response platform. The upgrade boosts the platform's capabilities to collect intelligence, hunt for threats, and secure mobile devices. Among the new modules added to Deloitte's MXDR offering: Cyber Security Intelligence, which adds to Deloitte's tools and proprietary sources intelligence from CrowdStrike Falcon X. The combination will provide users with actionable indicators of compromise (IoCs), threat notifications, threat actor profiles, industry landscapes, automated sandbox analysis, and threat briefing requests for information. "CSI allows us to be much more proactive in our detection, prevention, and understanding of threats so we can be more proactive in planning with our clients," says Deloitte MXDR leader Curt Aubley. Dynamic Adversary Intelligence, which provides clients with "over-the-horizon" adversary investigations. DAI uses passive intelligence collection methods, including global telemetry, industry-leading application programming interface integrations, refined tradecraft, proprietary analytics of publicly available information, and proprietary sources via Splunk. "DAI gives clients an inside-out view of attackers," Aubley explains. "It can also give a client the information they need to give to authorities to track down adversaries." Digital Risk Protection, which lets a client follow their digital footprint online. "We can fingerprint a client's intellectual property," Aubley says. "Using that information, along with data like domain names, email addresses, and others, we can look on the open web, deep web, and dark web and see if that information has gotten into the hands of an adversary. Then we can let a client know how to best manage any potential crisis that might arise from that leak. We can also look inside their environment to determine how the leak happened." Active Hunt and Response, which includes the use of a "dissolvable agent" that can be planted in the memory of an endpoint and collect data about an attacker while remaining invisible to them. In addition, a new Mobile Prevent, Detection, and Response module has been added to the MXDR platform. It has expanded hunting capabilities and is fully integrated with CrowdStrike Falcon for Mobile Endpoint Detection and Response and CrowdStrike's mobile threat defense.To read this article in full, please click here | Threat Guideline | Deloitte Deloitte | |
|
2022-07-21 02:00:00 | Cybersecurity is a constant fire drill-that\'s not just bad, it\'s dangerous (lien direct) | As part of my job as an industry analyst, I do lots of quantitative research with security professionals. One question we often pose to security professionals is around their biggest challenges. The research results often include issues like coping with alert storms, addressing the dangerous threat landscape, managing a multitude of point tools, scaling manual processes, and staffing shortages, along with one. other challenge that comes up on nearly every survey, often with the highest percentage of responses: Security professionals report that they are challenged because the cybersecurity team at their organization spends most of its time addressing high-priority/emergency issues and not enough time on strategy and process improvement.To read this article in full, please click here | Threat | ||
|
2022-07-20 14:58:00 | Sophos unifies threat analysis and response units into X-Ops team (lien direct) | UK-based cybersecurity vendor Sophos announced today that it had reorganized its SophosLabs, Sophos SecOps and Sophos AI teams into an umbrella group called Sophos X-Ops, in order to provide a more unified response to advanced threats.The company said that while its security teams routinely share information among themselves, the creation of the X-Ops team makes that process faster and more streamlined.According to Joe Levy, CTO and chief product officer at Sophos, the new organizational move is a recognition of the fact that the threat landscape has changed rapidly of late, and that there's an increasing need for collaboration."Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged," he said in a statement. "Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops."To read this article in full, please click here | Threat | ||
|
2022-07-20 08:41:00 | BrandPost: The Changing Use of Botnets will Impact Networks Around the World (lien direct) | Although it's sometimes easy to think about threat actors as evil geniuses, the reality is they're like any other group of people whose goal is to make money with as little effort as possible.That's clearly seen throughout Netscout's 2H 2021 Threat Intelligence Report, which highlights several examples where threat actors have improved the efficacy of long-established attack methods via new modifications and strategies. Such is the case for botnets, which have been around since the 1980s.Innovation throughout historyIndeed, a quick history of botnets illustrates how attackers have modified their strategies for using them over the course of 20 years. The first botnets were deployed on server-class computers. Later, attackers began building distributed denial-of-service (DDoS)-capable botnets by compromising personal computers (PCs) – and attackers continue using compromised PCs to create botnets for launching DDoS attacks today.To read this article in full, please click here | Threat | ||
|
2022-07-20 02:00:00 | How to conduct a tabletop exercise (lien direct) | Tabletop exercises give your organization an opportunity to practice incident response plans. They are both an opportunity to rehearse and revise existing plans and a training opportunity for new employees.Done well, tabletop exercises “allow for the discovery of ways to reduce your threat surface,” says Stephen Jensen, senior director of operations at the Center for Internet Security (CIS). “When you rehearse in a tabletop format, your written policies go from just being plain policies to becoming well-written policies and procedures.”To read this article in full, please click here | Threat | ||
|
2022-07-15 02:00:00 | New US CISO appointments, July 2022 (lien direct) | The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Amy Bennett, executive editor.To read this article in full, please click here | Threat Guideline | ||
|
2022-07-14 16:38:00 | BrandPost: Let\'s Talk About Cloud Threat Hunting (lien direct) | Threat hunting is a proactive approach for finding and remediating undetected cyber-attacks. It is a process that involves searching for indicators of compromise (IoC), investigating, classifying, and remediating. Threat hunting can be IoC-driven, in which the hunter investigates an indicator provided by external or internal sources. It can also be hypothesis-driven, in which the hunt begins with an initial hypothesis or question. For example, have we been affected by a recent campaign covered in the news?It's best to assume you've been compromisedThreat hunting is necessary simply because no cybersecurity protections are always 100% effective. An active defense is needed, rather than relying on “set it and forget it” security tools.To read this article in full, please click here | Threat | ||
|
2022-07-14 13:41:00 | Cyberespionage groups increasingly target journalists and media organizations (lien direct) | Since early 2021 researchers have observed multiple attack campaigns by state-sponsored advanced persistent threat (APT) groups aimed at journalists and the media organizations they work for. The attacks targeted their work emails and social media accounts and often followed journalists' coverage of stories that painted certain regimes in a bad light or were timed to sensitive political events in the U.S.Journalists have always been an appealing target for spies due to the access they have to sensitive information and the trust that organizations and individuals generally place in them, which is why it's imperative for members of the media to undergo online security training and be aware of the techniques used by state-linked hackers.To read this article in full, please click here | Threat | ||
|
2022-07-14 03:27:00 | New Flashpoint offering automates incident response workflows (lien direct) | A new low-code security automation platform designed for ease of use was introduced Tuesday by Flashpoint, a threat intelligence company. Called Automate, the platform aims to lower the barriers typically associated with security automation."Automation solutions can be great, but oftentimes they require a team of engineers or developers, sometimes both," explains Flashpoint Executive Director of Automation Robert D'Aveta.As everyone in the tech industry knows, engineers and developers can be tough to find. "Unless your organization has a staff of unicorns that can do automation work, that leaves it to ordinary people," D'Aveta says. "That's a barrier to entry for typical automation solutions that low-code automation can help solve."To read this article in full, please click here | Threat | ||
|
2022-07-13 08:13:00 | BrandPost: Why Hackers are Increasingly Targeting Digital Supply Chains (lien direct) | For a large majority of the world, the SolarWinds hack in December 2020 was the first real introduction to digital supply chains and their vulnerabilities. But the reality is that hackers increasingly have been vested in software supply chain attacks, which increased 650% from July 2019 to May 2020 alone.Likewise, data from Netscout's 2H 2021 Threat Intelligence Report shows that hackers remain laser-focused on attacking the digital supply chain. Specifically, there was a 606% increase in attacks against software publishers from 1H 2021, as well as a 162% increase in attacks on computer manufacturers and a 263% increase against computer storage manufacturing. To read this article in full, please click here | Hack Threat | ||
|
2022-07-13 02:09:00 | Consulting firms jump on the Zero Trust bandwagon (lien direct) | Within a day of each other, the consulting and outsourcing firms Deloitte and HCL Technologies have both launched new managed cybersecurity services, as consultants look to capitalize on the growing appetite for the Zero Trust security model.On Tuesday, Deloitte unveiled its Zero Trust Access managed service, which is heavily influenced by its recent acquisition of TransientX. Then, on Wednesday, HCL announced a collaboration with Palo Alto Networks to offer managed SASE, cloud security, and threat detection and response for its customers.To read this article in full, please click here | Threat | Deloitte Deloitte | |
|
2022-07-13 02:00:00 | 10 tasks for a mid-year Microsoft network security review (lien direct) | It's the middle of 2022 and it's a perfect time to review your plans, goals and risks to your network, especially given the changing threat landscape. Ransomware, for example, has become more human targeted. Ransomware operators are now looking for additional methods and payloads as well as using extortion. Ransomware entry points range from targeting email and phishing lures as well as unpatched vulnerabilities to more targeted attacks.With that in mind, these are the ten tasks you should do for your mid-year security review:1. Review access and credential policies for third parties Attackers will scan for Remote Desktop Protocol (RDP) access and use brute-force attacks like credential stuffing. They know that people tend to reuse credentials that the attackers obtain from stolen databases to attempt to gain access in your network.To read this article in full, please click here | Ransomware Threat | ||
|
2022-07-12 12:06:00 | BrandPost: Enterprises Need More Protection Against DDoS Attacks (lien direct) | Cloud-only distributed denial-of-service (DDoS) protection providers have been available for some time, but as services have become more mission-critical with less tolerance for downtime – and application-layer DDoS attacks have also become more complex – cloud-only solutions are not enough.Research and experience have proved that a multilayered DDoS defense strategy is the only holistic approach for protecting against modern DDoS threats. The analyst community has for a few years voiced strong support for a multilayered DDoS defense strategy backed by continuous threat intelligence. Some aspects of today's targeted complex attacks require on-premises components. In fact, because of the elusiveness of some attack types with regard to cloud solutions, on-premises purpose-built DDoS protection devices should be considered the foundation for a network DDoS protection posture.To read this article in full, please click here | Threat | ||
|
2022-07-12 07:06:00 | Barracuda report: Almost everyone faced an industrial attack in the last year (lien direct) | A report commissioned by cloud security company Barracuda found that 94% of respondents have experienced some form of attack on their industrial IoT (IIoT) or operational technology (OT) systems during the last 12 months.The State of Industrial Security in 2022 report surveyed 800 senior IT and security officers responsible for these industrial systems.“In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organizations at risk,” said Tim Jefferson, senior vice president for data protection, network, and application security at Barracuda said in a statement accompanying the report.To read this article in full, please click here | Threat | ||
|
2022-07-08 13:08:00 | Feds wave red flag over Maui ransomware (lien direct) | A cybersecurity advisory about the ransomware known as Maui has been issued by the FBI, CISA and U.S. Treasury Department. The agencies assert that North Korean state-sponsored cyber actors have used the malware since at least May 2021 to target healthcare and public health sector organizations.The FBI surmises that the threat actors are targeting healthcare organizations because those entities are critical to human life and health, so they're more likely to pay ransoms rather than risk disruption to their services. For that reason, the FBI and other agencies issuing the advisory maintain the state-sponsored actors will continue to target healthcare organizations.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-07-07 04:26:00 | U.S. and UK warn local governments, businesses of China\'s influence operations (lien direct) | In a concerted effort to spread the word on the threat posed by China to governments at the state and local level as well as businesses of all sizes, the U.S. National Counterintelligence and Security Centre (NSCS), issued a “Safeguarding Our Future” bulletin. “Protecting Government and Business Leaders at the U.S. State and Local Level from People's Republic of China (PRC) Influence Operations” differs from previous warnings on China's use of social networks, pseudo-state-sponsored hackers, etc. The NSCS highlights how the Chinese intelligence apparatus uses the whole-of-government approach as they work to acquire information in support of the Communist Party of China (CCP) directives.To read this article in full, please click here | Threat Guideline | ||
|
2022-07-06 16:17:00 | Attacker groups adopt new penetration testing tool Brute Ratel (lien direct) | Security researchers have recently identified several attack campaigns that use APT-like targeting techniques and deploy Brute Ratel C4 (BRc4), a relatively new adversary simulation framework. While hackers abusing penetration testing tools is not a new development -- Cobalt Strike and Metasploit's Meterpreter have been used by threat groups for years -- Brute Ratel is focused on detection evasion techniques, so it might pose a real challenge to defense teams."The emergence of a new penetration testing and adversary emulation capability is significant," researchers from security firm Palo Alto Networks said in a new report analyzing several recent samples. "Yet more alarming is the effectiveness of BRc4 at defeating modern defensive EDR and AV detection capabilities."To read this article in full, please click here | Tool Threat | ||
|
2022-07-06 08:33:00 | BrandPost: Advancing Cybersecurity Skillsets Helps Organizations Against Threats (lien direct) | Worldwide, 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and/or awareness according to Fortinet's recently published 2022 Cybersecurity Skills Gap research report. The lack of qualified cybersecurity professionals is a massive global problem affecting all types of organizations. Because the cybersecurity workforce is not growing fast enough to keep up with new threats, Fortinet has pledged to do something about it. By 2026, Fortinet is committed to training at least one million people in cybersecurity via our Training Advancement Agenda (TAA) and Training Institute programs.To read this article in full, please click here | Threat | ||
|
2022-07-05 11:52:00 | APT campaign targeting SOHO routers highlights risks to remote workers (lien direct) | A targeted attack campaign has been compromising home and small-business routers since late 2020 with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself."The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defense-in-depth protections by targeting the weakest points of the new network perimeter -- devices which are routinely purchased by consumers but rarely monitored or patched -- small office/home office (SOHO) routers," researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.To read this article in full, please click here | Threat | ||
|
2022-07-05 03:40:00 | SQL injection, XSS vulnerabilities continue to plague organizations (lien direct) | Despite years topping vulnerability lists, SQL injection and cross-site scripting errors (XSS) remain the bane of security teams, according to a new report by a penetration-testing-as-a-service company.The report by BreachLock, based on 8,000 security tests performed in 2021, organizes its findings based on risk. Critical risk findings pose a very high threat to a company's data. High risks could have a catastrophic effect on an organization's operations, assets or individuals. Medium risks could have an adverse impact on operations, assets or individuals.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-07-04 02:00:00 | 11 top cloud security threats (lien direct) | Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance's annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. "Data breaches and data loss were the top concerns last year," says CSA Global Vice President of Research John Yeoh. "This year, they weren't even in the top 11.""What that tells me is the cloud customer is getting a lot smarter," Yeoh continues. "They're getting away from worrying about end results-a data breach or loss is an end result-and looking at the causes of those results (data access, misconfigurations, insecure applications) and taking control of them."To read this article in full, please click here | Data Breach Threat | ||
|
2022-06-30 02:00:00 | How you handle independent contractors may determine your insider threat risk (lien direct) | If one was to build a Venn diagram to compare the onboarding, educating, supervising, and offboarding of staff versus contract workers, the areas differences might offer a surprise. In this case, surprises aren't what a CISO wants to encounter. Thus, such a diagram as part of their insider risk threat management program highlights the delta between the two types of workers and how they are handled.The concept of core and context when it comes to separating the duties of the full-time-equivalent workforce into staff and independent contractors has long been an ongoing challenge for every enterprise and small- to medium-sized business. Add to the mix the contracted service offerings -- for example, a managed security service provider -- and entities find themselves handing the keys to the kingdom over to a third party to handle tasks at hand. On top of that, the past two-plus years have caused many an entity to undergo a momentous change to how employees/independent contractors engage, with a noted influx in the remote work option.To read this article in full, please click here | Threat | ||
|
2022-06-29 16:25:00 | SolarWinds creates new software build system in wake of Sunburst attack (lien direct) | SolarWinds became the poster child for attacks on software supply chains last year when a group of threat actors injected malicious code known as Sunburst into the company's software development system. It was subsequently distributed through an upgrade to it Orion product to thousands of government and enterprise customers worldwide.SolarWinds learned from the experience and has introduced new software development practices and technology to strengthen the integrity of its build environment. It includes what SolarWinds says is the first-of-its-kind “parallel build” process, where the software development takes place through multiple highly secure duplicate paths to establish a basis for integrity checks.To read this article in full, please click here | Threat | Solardwinds |
To see everything:
Our RSS (filtrered)
