What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-29 12:52:00 | Google Cloud gets new built-in security features (lien direct) | Google has announced that Google Cloud users will have access to two new security features, namely native integration with the MITRE ATT&CK threat classification and response framework and baked-in protection against DDoS attacks.Cloud Armor is Google's brand name for its DDoS mitigation and web application firewall service. It replicates many of the techniques used in traditionally structured DDoS protection systems, including per-client rate limiting, captchas to help weed out bot requests, and machine learning to counteract Layer 7 attacks. MITRE inclusion allows users to map Google Cloud's built-in security controls onto the MITRE ATT&CK rubric of threat classification and response planning, letting users automate certain types of security response.To read this article in full, please click here | Threat | ||
|
2022-06-29 08:42:00 | BrandPost: Four Key Ways CISOs can Strengthen OT Security (lien direct) | The past decade has seen an increase in the number of operational technology (OT) attacks and their impact on organizations. Fortinet recently released its 2022 State of Operational Technology and Cybersecurity Report revealing that 93% of OT organizations experienced one intrusion in the past year and 78% of them experienced more than three intrusions. The survey also found that CISOs and business leaders consider OT security a top concern. Outlined below are steps leaders can take to improve their OT security posture to decrease the risk of threats and keep up with bad actors.To read this article in full, please click here | Threat Guideline | ||
|
2022-06-29 02:00:00 | How and why threat actors target Microsoft Active Directory (lien direct) | Microsoft Active Directory debuted 22 years ago. In computer age, that's old technology. Threat actors like old technology because it often has legacy code or processes that are not secured to modern standards or organizations have not kept up with patches and recommended settings.Derek Melber, chief technology and security strategist for Tenable, discussed Active Directory risks at this year's RSA conference. Attackers target domains. If they see a device joined to Active Directory, they will continue with the attack. If they don't see a domain-joined machine, they will go on to another workstation. Below are some examples of how attackers can exploit legacy Active Directory vulnerabilitiesTo read this article in full, please click here | Threat | ||
|
2022-06-28 08:47:00 | Russian DDoS attack on Lithuania was planned on Telegram, Flashpoint says (lien direct) | Cyberattacks on the Lithuanian government and private institutions conducted by the Russian cybercollective Killnet, and the group's possible collaboration with the Conti hacking gang, were shared on the Telegram messaging service ahead of a major DDoS attack Monday, according to cybersecurity company Flashpoint.Multiple attacks on Lithuanian entities have been claimed by Killnet on its Telegram channel "WE ARE KILLNET," in response to Lithuania's June 18 restrictions of trade routes with Russia.A Flashpoint blog post confirms that Killnet warned about the attacks on the Telegram channel, highlighting the cloud-based instant messaging platform's use as a popular communication channel for threat actors.To read this article in full, please click here | Threat | ||
|
2022-06-28 02:00:00 | Russia-China cybercriminal collaboration could “destabilize” international order (lien direct) | In a riff on the “Field of Dreams” theme, Russian cybercriminals continue to court their Chinese counterparts in hopes of forming mutually beneficial avenues of collaboration and are finding the Chinese to be a tough date. The latest peek into this engagement of Russia-China “frenemies” comes to us from Cybersixgill and its The Bear and The Dragon analysis of the two communities.Russian cybercriminals motivated by money, Chinese by knowledge The Cybersixgill findings have the two cybercriminal communities colliding and attempting to form what appears to be a “fledgling alliance.” This is a step above where the situation stood in November 2021, when Flashpoint Intelligence connected the dots between Chinese and Russian threat actors.To read this article in full, please click here | Threat | ||
|
2022-06-24 05:11:00 | 5 social engineering assumptions that are wrong (lien direct) | Social engineering is involved in the vast majority of cyberattacks, but a new report from Proofpoint has revealed five common social engineering assumptions that are not only wrong but are repeatedly subverted by malicious actors in their attacks.Commenting on the report's findings, Sherrod DeGrippo, Proofpoint's vice president threat research and detection, stated that the vendor has attempted to debunk faulty assumptions made by organizations and security teams so they can better protect employees against cybercrime. “Despite defenders' best efforts, cybercriminals continue to defraud, extort and ransom companies for billions of dollars annually. Security-focused decision makers have prioritized bolstering defenses around physical and cloud-based infrastructure, which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviors and interests.”To read this article in full, please click here | Threat | ||
|
2022-06-23 11:36:00 | Kaseya closes $6.2 billion Datto deal, vows to cut prices (lien direct) | Kaseya, a maker of IT service and security management software, announced Thursday that it had finalized its $6.2 billion acquisition of cybersecurity company Datto, promising tight integration between the two companies' products and lower pricing for customers.The deal's closure marks the third high-profile acquisition for Kaseya in the past 18 months, as the company acquired security threat response company Infocyte in January, and threat detection company BitDam in March 2021. A total of 12 acquisitions have been completed by Kaseya under CEO Fred Voccola.The company's public messaging about the Datto deal emphasized impending price cuts-an average of 10% across the board, according to Kaseya. Some products are expected to remain at the same price point, while others will drop significantly more, Kaseya said. Datto will continue to operate as an independent brand, Kaseya added.To read this article in full, please click here | Threat | ||
|
2022-06-23 02:00:00 | MITRE\'s Inside-R Protect goes deep into the behavior side of insider threats (lien direct) | Insider threat and risk management programs are the Achilles heel of every corporate and information security program, as many a CISO can attest to. The MITRE Inside-R Protect program is the organization's latest initiative to assist both public and private sector efforts in addressing the insider threat. The Inside-R program's bar for success is high. The focus of Inside-R is on evolving analytic capabilities focused on the behavior of the insider. To that end, MITRE invites the participation of government and private organizations to provide their historical insider incident data to the organization's corpora of information from which findings are derived.To read this article in full, please click here | Threat | ||
|
2022-06-21 21:00:00 | BrandPost: What Every Enterprise Can Learn from Russia\'s Cyber Assault on Ukraine (lien direct) | In January, the Microsoft Threat Intelligence Center (MSTIC) discovered wiper malware in more than a dozen networks in Ukraine. Designed to look like ransomware but lacking a ransom recovery mechanism, we believe this malware was intended to be destructive and designed to render targeted devices inoperable rather than obtain a ransom. We alerted the Ukrainian government and published our findings.To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-06-21 13:28:00 | APT actor ToddyCat hits government and military targets in Europe and Asia (lien direct) | Researchers from Kaspersky Lab have published an analysis of a previously undocumented advanced persistent threat (APT) group that they have dubbed ToddyCat.The threat actor, which has targeted high-profile organizations in Asia and Europe, often breaks into organizations by hacking into internet-facing Microsoft Exchange servers, following up with a multi-stage infection chain that deploys two custom malware programs."We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call 'Samurai backdoor' and 'Ninja Trojan'," the researchers said.To read this article in full, please click here | Malware Tool Threat | ||
|
2022-06-17 07:52:00 | BrandPost: Is Stopping a Ransomware Attack More Important than Preventing One? (lien direct) | The sophistication and frequency of ransomware attacks is growing. According to Akamai CTO Robert Blumofe, ransomware has become “a repeatable, scalable, money-making business model that has completely changed the cyberattack landscape.” Conti, for example, the cybercrime giant that operates much like the businesses it targets – with an HR department and employee of the month – not only aims to make money but to carry out politically motivated attacks. (Learn more in our Ransomware Threat Report H1 2022.)To read this article in full, please click here | Ransomware Threat | ||
|
2022-06-16 11:28:00 | BrandPost: 4 Multi-Cloud Misconceptions that Put Organizations at Risk (lien direct) | What makes cloud computing appealing is also a reason to worry. It is easy to access your cloud environment anywhere with internet access, but that also means it's easy for cybercriminals and digital adversaries to access it.With the explosion of data over the past 10 years, the adoption of 5G, and the global nature of business, embracing a multi-cloud strategy is almost non-negotiable. But there's an overlooked factor in this shift that a lot of organizations still underestimate today. And that's cybersecurity.Traditional security strategies and tools intended to protect on-premises networks simply don't work when defending in the cloud. Instead, design and implement a comprehensive security solution that can protect against an expanding array of threats and increasingly sophisticated attacks targeting multi-cloud environments.To read this article in full, please click here | Tool Threat | ||
|
2022-06-14 02:00:00 | Ransomware attacks are increasing with more dangerous hybrids ahead (lien direct) | Over the past several years, the emergence of big-ticket, destructive ransomware attacks jolted the U.S. government into action to circumscribe the predominately Russian-based threat actors behind the scourge. At the same time, ransomware has been a critical factor driving the growth in corporate cybersecurity budgets as organizations grapple with the often-crippling threat.Despite the policy measures and increased private sector funding to slow down the drumbeat of attacks, ransomware threats remained a top topic at this year's RSA conference. Experts at the event underscored that Russian state-sanctioned criminal actors are not the only ransomware threat actors to fear, nor are ransomware attacks decreasing despite the intensified efforts to nip them in the bud. The same actions taken to quash ransomware activity might end up forging alliances among financially motivated threat actors to create hybrid cyber-attacks that meld social engineering with ransomware.To read this article in full, please click here | Ransomware Threat | ||
|
2022-06-13 09:14:00 | (Déjà vu) BrandPost: Fortinet Helps Restaurant Chain Prepare its Network for Cutting-Edge Digital Experiences (lien direct) | There are few industries as competitive as the quick-service restaurant sector. In such a crowded market, standing out means more than offering great menu items. One such restaurant with thousands of locations across the U.S. is doubling down on innovation. Its aim is to create compelling, personalized, digital-first customer and employee experiences that will enable next-level differentiation.As the company looks to extend its digital footprint by leveraging cloud-based resources, network security and resilience have become priorities. With a growing attack surface, its legacy firewall infrastructure was no longer adequate. It required a modern, capability-rich security platform capable of tackling the biggest cyber threats facing the business.To read this article in full, please click here | Threat | ||
|
2022-06-13 04:20:00 | Threat actors becoming more creative exploiting the human factor (lien direct) | Threat actors exhibited "ceaseless creativity" last year when attacking the Achilles heel of every organization-its human capital-according to Proofpoint's annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company's deployments to identify the latest attack trends by malicious players."Last year, attackers demonstrated just how unscrupulous they really are, making protecting people from cyber threats an ongoing-and often eye-opening-challenge for organizations,” Proofpoint Executive Vice President for Cybersecurity Strategy Ryan Kalember said in a statement.To read this article in full, please click here | Threat | ||
|
2022-06-13 02:00:00 | 9 ways hackers will use machine learning to launch attacks (lien direct) | Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly and automatically adapt to changing cyberthreats give security teams an advantage.However, some threat actors are also using machine learning and AI a to scale up their cyberattacks, evade security controls, and find new vulnerabilities all at an unprecedented pace and to devastating results. Here are the nine most common ways attackers leverage these technologies.1. Spam, spam, spam, spam Defenders have been using machine learning to detect spam for decades, says Fernando Montenegro, analyst at Omdia. "Spam prevention is the best initial use case for machine learning," he says.To read this article in full, please click here | Spam Threat | ★★★ | |
|
2022-06-09 07:48:00 | Hackers using stealthy Linux backdoor Symbiote to steal credentials (lien direct) | Researchers have come across a stealthy Linux backdoor that uses sophisticated techniques to hide itself on compromised servers and steal credentials. Dubbed Symbiote because it injects itself into existing processes, the threat has been in development since at least November 2021 and seems to have been used against the financial sector in Latin America."Symbiote is a malware that is highly evasive," researchers from BlackBerry said in a new report. "Since the malware operates as a userland level rootkit, detecting an infection may be difficult. Network telemetry can be used to detect anomalous DNS requests and security tools such as AVs and EDRs should be statically linked to ensure they are not “infected” by userland rootkits."To read this article in full, please click here | Malware Tool Threat | ||
|
2022-06-09 03:40:00 | ConcealBrowse isolates malicious software before it can work its mischief (lien direct) | More threat actors are exploiting the browser as an attack vector, largely because it's becoming a popular way to access corporate applications and resources. As a means to counter browser-borne malicious software-such as Trojans, worms or ransomware-Conceal, an endpoint security company, introduced this week ConcealBrowse.ConcealBrowse, which supports all popular operating systems, can be planted on an endpoint by a network administrator where it will monitor all code as it runs to determine if it presents a threat to an organization. Suspicious content is run in isolation where, if the software is malicious, any damage it might cause can be contained.To read this article in full, please click here | Threat | ||
|
2022-06-07 07:34:00 | How the Colonial Pipeline attack has changed cybersecurity (lien direct) | It's been just over a year since the American public got a taste of what a cyberattack could do to their way of life. A ransomware sortie on Colonial Pipeline forced its owners to shut down operations and leave half the country's East Coast in a lurch for refined oil. Since that time, efforts have aimed at making the nation's critical infrastructure more resilient and to counter the scourge of ransomware. The question is whether enough is being done fast enough."The attack on Colonial Pipeline was an eye-opener-not so much because of the risks about ransomware, but because of the threat landscape moving dangerously close to the critical infrastructure that underpins societies," says Gartner Vice President, Analyst Katell Thielemann . "On that front, it was a wake-up call that spurred all kinds of activities, from cybersecurity sprints in the electric utility sector led by the Department of Energy to security directives from the TSA to pipeline, rail, and airport operators, to a new law establishing upcoming mandates for incident reporting."To read this article in full, please click here | Ransomware Threat | ||
|
2022-05-30 02:00:00 | Linux malware is on the rise-6 types of attacks to look for (lien direct) | Linux is a coveted target. It is the host operating system for numerous application backends and servers and powers a wide variety of internet of things (IoT) devices. Still, not enough is done to protect the machines running it."Linux malware has been massively overlooked," says Giovanni Vigna, senior director of threat intelligence at VMware. "Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources or to inflict substantial damage through ransomware and wipers."To read this article in full, please click here | Malware Threat | ||
|
2022-05-26 03:27:00 | Mastercard expands cybersecurity, risk services with new attack simulation and assessment platform (lien direct) | Financial services giant Mastercard has announced the launch of a new attack simulation and assessment platform designed to help businesses and governments enhance their cybersecurity operational resilience. Cyber Front, enabled by a strategic minority investment in cybersecurity vendor Picus Security, reveals organizations' security gaps and provides real-time mitigation insights so they can improve upon cybersecurity investments with continuous validation, Mastercard stated. The launch comes as Mastercard continues to invest in cybersecurity and risk management capabilities.Cyber Front leverages more than 3,500 real-world threat scenarios In a press release, Mastercard said that Cyber Front, built as an always-on platform, supports customers in strengthening digital ecosystems by validating the effectiveness of their cybersecurity controls to prevent and detect threats, leveraging a continuously updated library of more than 3,500 real-world threat scenarios. Its ultimate goal is to aid businesses in understanding if their systems are effective and identifying areas of exposure to ensure greater protection in both the immediate and long term, it continued.To read this article in full, please click here | Threat | ||
|
2022-05-25 07:02:00 | Chaos ransomware explained: A rapidly evolving threat (lien direct) | The Chaos ransomware builder started out last year as a buggy and unconvincing impersonation of the notorious Ryuk ransomware kit. It has since gone through active development and rapid improvements that have convinced different attacker groups to adopt it. The latest version, dubbed Yashma, was first observed in the wild in mid-May and contains several enhancements.One successful ransomware operation known as Onyx hit U.S.-based emergency services, medical facilities and organizations from several other industries over the past year. It uses a variation of the Chaos ransomware, according to security researchers."What makes Chaos/Yashma dangerous going forward is its flexibility and its widespread availability," researchers from BlackBerry said in a new report. "As the malware is initially sold and distributed as a malware builder, any threat actor who purchases the malware can replicate the actions of the threat group behind Onyx, developing their own ransomware strains and targeting chosen victims."To read this article in full, please click here | Ransomware Malware Threat | ||
|
2022-05-24 02:00:00 | 7 machine identity management best practices (lien direct) | Machine identities are a large, and fast-growing part of the enterprise attack surface. The number of machines-servers, devices, and services-is growing rapidly and efforts to secure them often fall short.Cybercriminals and other threat actors have been quick to take advantage. Cyberattacks that involved the misuse of machine identities increased by 1,600% over the last five years, according to a report released last spring by cybersecurity vendor Venafi.Research firm Gartner named machine identity as one of the top cybersecurity trends of the year, in a report released last fall. In 2020, 50% of cloud security failures resulted from inadequate management of identities, access, and privileges, according to another Gartner report. In 2023, that percentage will rise to 75%.To read this article in full, please click here | Threat | ||
|
2022-05-19 05:00:00 | QuSecure launches end-to-end post-quantum cybersecurity solution (lien direct) | Post-quantum cryptography company QuSecure has announced its debut with the launch of a new post-quantum cybersecurity solution, QuSecure Nucleus. The firm claimed that Nucleus is the industry's first end-to-end quantum software-based platform designed to protect encrypted communications and data using a quantum secure channel.The solution addresses present classical attacks and future quantum computing threats for commercial enterprises and government agencies, QuSecure added. The release comes as increasing numbers of solutions providers are coming to market with quantum-resilient offerings built to withstand quantum computing security risks that threaten traditional public key cryptography.To read this article in full, please click here | Threat | ||
|
2022-05-19 02:00:00 | WannaCry 5 years on: Still a top threat (lien direct) | Who doesn't love an anniversary and the opportunity to reminisce about “where we were” when an historical event happened? Such is the case over the last several days when it comes to remembering WannaCry, the ransomware that infected thousands of computers five years ago and cost companies all over the world billions of dollars in damages.WannaCry broke onto the infosec scene on May 12, 2017. Taking advantage of the vulnerable version of the Server Message Block (SMB) protocol, it ultimately infected approximately 200,000+ machines in more than 150 countries. While Microsoft had issued a patch for the SMB flaw more than a month before the attacks began, millions of computers had not been unpatched against the bug. The largest ransomware attack ever, it impacted several big names globally, including the UK's National Health Service, US delivery giant FedEx, and Deutsche Bahn, the German railway company.To read this article in full, please click here | Ransomware Threat | FedEx Wannacry | |
|
2022-05-18 06:09:00 | NanoLock\'s zero-trust cybersecurity suite to protect industrial machinery, production lines (lien direct) | NanoLock has announced the launch of a new suite of zero-trust cybersecurity solutions for the industrial and manufacturing market. In a press release, the firm claimed to be the first to offer device-level protection solutions designed specifically for legacy and new industrial machinery and smart factory production lines. The launch comes in the wake of a joint cybersecurity alert surrounding advanced persistent threat (APT) attacks on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.To read this article in full, please click here | Threat | ||
|
2022-05-17 08:44:00 | BrandPost: DDos Extortion Takes VoIP Providers Offline (lien direct) | Threat actors are continually innovating and rethinking their attack patterns – as well as who they target with attacks. This is clearly seen in their targeting of Voice over Internet Protocol (VoIP) providers, as highlighted in NETSCOUT's 2H 2021 Threat Report. Why target VoIP providers? The short answer is financial gain. Attackers know bringing down VoIP providers that service a large number of customers causes a lot of pain and therefore is ripe for extortion.Cyber attackers launched three worldwide distributed denial-of-service (DDoS) extortion attack campaigns in 2021 – a startling new achievement carried out by a REvil copycat, Lazarus Bear Armada (LBA), and Fancy Lazarus. But threat actors did more than simply increase such global attacks.To read this article in full, please click here | Threat | APT 38 | |
|
2022-05-17 02:00:00 | CISOs worried about material attacks, boardroom backing (lien direct) | The threat of substantial material attacks and getting board support for their efforts are top-of-mind issues among the world's CISOs, according to a new report released by Proofpoint Tuesday. While nearly half of the 1,400 CISOs surveyed for the annual Voice of the CISO report (48%) say their organization is at risk of suffering a material cyberattack in the next 12 months. That's substantially lower than 2021, when nearly two-thirds of the CISOs (64%) expressed similar sentiments."That drop was a bit surprising," Proofpoint Global Resident CISO Lucia Milica, who supervised the survey, tells CSO Online. When the pandemic hit, CISOs were scrambling to put temporary controls in place to deal with the explosion of remote workers and enable a business to operate securely, she explains. "Over the last two years, CISOs have had time to bring in more permanent controls to support hybrid work. That's put more CISOs at ease in terms of feeling that they can protect their organizations."To read this article in full, please click here | Threat | ||
|
2022-05-17 02:00:00 | MITRE ATT@CK v11 adds ICS matrix, sub-techniques for mobile threats (lien direct) | The MITRE Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) Framework has become a mainstay of the cybersecurity industry. The framework represents relevant adversary behavior, and organizations can leverage it to bolster their cybersecurity defenses and improve their ability to detect common adversary behavior. It details adversary behavior across the attack lifecycle.The framework has been around since 2013 and continues to get better. The framework and associated matrices have evolved to address emerging technology areas that organizations are increasingly adopting such as infrastructure as a service (IaaS), software as a service (SaaS), and containers. The latest release, MITRE ATT@CK v11, includes sub-techniques for both mobile and the addition of an industrial control systems (ICS) matrix. Those v11 updates are explained below along with insights you can use to help meet recent government requirements as well.To read this article in full, please click here | Threat | ||
|
2022-05-13 03:50:00 | Five Eyes nations warn MSPs of stepped-up cybersecurity threats (lien direct) | In an unexpected development, the cybersecurity authorities of the "Five Eyes" countries issued an alert warning of an increase in malicious cyber activity targeting managed service providers (MSPs), with these agencies saying they expect this trend to continue. The alert is the result of a collaborative effort among the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA, NSA, FBI).The agencies said they are "aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue" and point to a report by a significant MSP IT solutions provider, N-Able. That report notes that "almost all MSPs have suffered a successful cyberattack in the past 18 months, and 90% have seen an increase in attacks since the pandemic started."To read this article in full, please click here | Threat | ||
|
2022-05-11 11:22:00 | Threat hunters expose novel IceApple attack framework (lien direct) | A novel post-exploitation framework that allows the activity of its malicious actors to persist on their targets was exposed Wednesday by Crowdsrike's Falcon OverWatch threat hunters. Dubbed IceApple, the .NET-based framework has been observed since late 2021 in multiple victim environments in geographically diverse locations with targets spanning the technology, academic and government sectors, according to CrowdStrike's report.Up to now, Falcon OverWatch's threat hunters have found the framework only on Microsoft Exchange instances, but they said it's capable of running under any Internet Information Services (IIS) web application and advise organizations to make sure their web apps are fully patched to avoid infection.To read this article in full, please click here | Threat | ||
|
2022-05-11 06:59:00 | Stealthy Linux implant BPFdoor compromised organizations globally for years (lien direct) | Malware researchers warn about a stealthy backdoor program that has been used by a Chinese threat actor to compromise Linux servers at government and private organizations around the world. While the backdoor is not new and variants have been in use for the past five years, it has managed to fly under the radar and have very low detection rates. One reason for its success is that it leverages a feature called the Berkeley Packet Filter (BPF) on Unix-based systems to hide malicious traffic.BPFdoor was named by researchers from PwC Threat Intelligence who attribute it to a Chinese group they call Red Menshen. The PwC team found the threat while investigating several intrusions throughout Asia last year and included a short section about it in their annual threat report released late last monthTo read this article in full, please click here | Threat | ||
|
2022-05-11 03:54:00 | New RAT malware uses sophisticated evasion techniques, leverages COVID-19 messaging (lien direct) | Researchers at cybersecurity vendor Proofpoint have analyzed a new remote access Trojan (RAT) malware campaign using sophisticated evasion techniques and leveraging COVID-19 themed messaging to target global organizations. The malware, dubbed “Nerbian RAT” and written in the Go programming language, uses significant anti-analysis and anti-reversing capabilities and open-source Go libraries to conduct malicious activities, the researchers stated.The campaign was first analyzed by Proofpoint in late April and disproportionately impacts entities in Italy, Spain and the UK. In a statement, Proofpoint Vice President Threat Research and Detection Sherrod DeGrippo said the research demonstrates how malware authors continue to operate at the intersection of open-source capability and criminal opportunity.To read this article in full, please click here | Malware Threat | ||
|
2022-05-10 11:24:00 | BrandPost: Geopolitical Unrest Creates Breeding Ground for Cyberattacks (lien direct) | As detailed in NETSCOUT's 2H 2021 Threat Report, the total number of distributed denial-of-service (DDoS) attacks decreased from 5.4 million in the first half of 2021 to 4.4 million in the second half of the year, totaling 9.8 million DDoS attacks for all of 2021. Most geographical regions experienced decreases in attacks during the second half of 2021. But a notable exception was the Asia Pacific (APAC) region, which had more than 1.2 million attacks during this timeframe – a 7% increase from the second half of 2021. This becomes even more significant in light of the fact that the past three Threat Intelligence reports chronicle back-to-back declines in this region.To read this article in full, please click here | Threat | ||
|
2021-01-06 02:00:00 | SolarWinds hack is a wakeup call for taking cybersecurity action (lien direct) | Advanced Persistent Threats (APTs) have long been a concern of the cybersecurity community. Well-organized teams with significant resources and targets they are not willing to give up attacking until their mission is accomplished are certainly not a threat to be underestimated. The tactics deployed by such groups involve a combination of attack types, from exploiting zero-day vulnerabilities to social engineering, gaining access, establishing a foothold and deepening access, and then remaining in a target's systems undetected until realizing their goal. | Hack Threat | ||
|
2020-12-21 02:00:00 | How to prepare for the next SolarWinds-like threat (lien direct) | The insertion of malware into SolarWinds' popular Orion network management software sent the federal government and major parts of corporate America scrambling this week to investigate and mitigate what could be the most damaging breach in US history. The malware, which cybersecurity company FireEye (itself the first public victim of the supply chain interference) named SUNBURST, is a backdoor that can transfer and execute files, profile systems, reboot machines and disable system services. | Malware Threat | Solardwinds | |
|
2020-12-18 07:46:00 | BrandPost: Protecting Online Holiday Shopping this Season (lien direct) | With the holiday shopping season settling in, eCommerce growth has continued to skyrocket. In November, the U.S. Department of Commerce reports an almost 37% increase in quarterly retail e-commerce sales, when compared to the previous year. However, with growth come challenges, including a concurrent spike in cyberattacks on e-commerce web infrastructure as more and more consumers flock to these websites. In fact, since the beginning of September, Fortinet's FortiGuard Labs global threat intelligence and research team showed a very steady, consistent wave of e-commerce attack type attempts. A month later, the team saw over a billion different attempts which is almost a 140% increase. Those responsible for protecting their customers data should operate with two key responsibilities in mind: delivering dynamic and engaging shopping experiences to their customers and securing the web applications that deliver that experience. | Threat | ||
|
2020-12-18 02:00:00 | What is typosquatting? A simple but effective attack technique (lien direct) | Typosquatting definition A typosquatting attack, also known as a URL hijacking, a sting site, or a fake URL, is a type of social engineering where threat actors impersonate legitimate domains for malicious purposes such as fraud or malware spreading. They register domain names that are similar to legitimate domains of targeted, trusted entities in the hope of fooling victims into believing they are interacting with the real organization.[ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. | Sign up for CSO newsletters. ] How typosquatting works Threat actors can impersonate domains using: | Malware Threat | ||
|
2020-12-08 09:00:00 | Publicly known support credentials expose GE Healthcare imaging devices to hacking (lien direct) | Over 100 device models from GE Healthcare that are used primarily for radiological and imaging purposes in hospitals and other healthcare facilities can easily be compromised by hackers because of default support credentials that are publicly known but can't be changed easily by users. This insecure implementation of remote management functionality allows hackers to access sensitive data stored on the impacted devices as well as infect them with malicious code that would be very hard to detect.Healthcare organizations have increasingly been targeted by cybercriminals groups this year, particularly those distributing ransomware. Three US agencies-the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security (DHS)-jointly issued an alert, warning that groups like TrickBot, Ryuk and Conti pose an imminent threat to US hospitals and healthcare providers. Vulnerabilities like the one found in GE Healthcare devices can enhance those attacks giving hackers access to critical devices that organizations can't afford to be offline. | Threat | ||
|
2020-12-07 03:00:00 | 6 new ways threat actors will attack in 2021 (lien direct) | When COVID-19 hit and then started forcing massive enterprise changes in March, it caused a significant change in the enterprise threat landscape. That is even more troubling given that it all happened within a few days, which required the cutting of security corners for everything, especially the creation of remote sites. | Threat | ||
|
2020-12-03 12:42:00 | BrandPost: Cybersecurity Best Practices for Protecting Brand Trust (lien direct) | Your brand is a valuable asset, but it's also an attack vector. Threat actors exploit the public's trust of your brand when they phish under your name or when they counterfeit your products. The problem gets harder because you engage with the world across so many digital platforms – the web, social media, mobile apps. These engagements are obviously crucial to your business.Something else should be obvious as well: guarding your digital trust – public confidence in your digital security – is make-or-break for your business, not just part of your compliance checklist.COVID-19 has put a renewed spotlight on the importance of defending against cyberattacks and data breaches as more users access data from remote or non-traditional locations. Crisis fuels cybercrime and we have seen that hacking has increased substantially as digital transformation initiatives have accelerated and many employees work from home without adequate firewalls and back-up protection. | Threat | ||
|
2020-11-24 03:00:00 | (Déjà vu) 8 types of phishing attacks and how to identify them (lien direct) | Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. Indeed, Verizon's 2020 Data Breach Investigations Report finds that phishing is the top threat action associated with breaches.Enterprises regularly remind users to beware of phishing attacks, but many users don't really know how to recognize them. And humans tend to be bad at recognizing scams. | Data Breach Threat | ||
|
2020-11-24 03:00:00 | New US IoT law aims to improve edge device security (lien direct) | As the world moves toward interconnection of all electronic devices, the proverbial internet of things (IoT), device manufacturers prioritize speed to market and price over security. According to Nokia's most recent threat intelligence report, IoT devices are responsible for almost a third of all mobile and Wi-Fi network infections.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] This ratio will likely grow dramatically as the number of IoT devices continues its exponential growth. A recent report from Fortinet warns that the rapid introduction of edge devices will create opportunities for more advanced threats, allowing sophisticated attackers and advanced malware to “discover even more valuable data and trends using new EATs [edge access Trojans] and perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands.” | Threat | ||
|
2020-11-24 03:00:00 | 8 types of phishing attack and how to identify them (lien direct) | Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. Indeed, Verizon's 2020 Data Breach Investigations Report finds that phishing is the top threat action associated with breaches.Enterprises regularly remind users to beware of phishing attacks, but many users don't really know how to recognize them. And humans tend to be bad at recognizing scams. | Data Breach Threat | ||
|
2020-10-16 03:00:00 | Common pitfalls in attributing cyberattacks (lien direct) | Attributing cyberattacks to a particular threat actor is challenging, particularly an intricate attack that stems from a nation-state actor, because attackers are good at hiding or erasing their tracks or deflecting the blame to others. | Threat | ||
|
2020-10-09 03:00:00 | Elusive hacker-for-hire group Bahamut linked to historical attack campaigns (lien direct) | Attack attribution is one of the most difficult aspects of malware research and it's not uncommon for different security companies to attribute attack campaigns to different threat actors only to later discover that they were the work of the same group. However, a new paper by researchers at Blackberry stands out by exposing an elusive group dubbed Bahamut as responsible for a spider web of carefully constructed and carried out phishing and malware attacks. [ How much does a cyber attack really cost? Take a look at the numbers.. | Get the latest from CSO by signing up for our newsletters. ] | Malware Threat | Bahamut | |
|
2020-10-06 03:00:00 | Alien malware a rising threat to mobile banking users (lien direct) | For over a decade, computer users have been plagued by malicious programs designed to steal their online banking credentials and initiate fraudulent transactions from their accounts. As mobile banking gained more adoption over the years, these programs followed the trend and jumped from computers to smartphones. One of the most widely used Android banking Trojans was abandoned by its creators last month, but the gap left in the cybercrime ecosystem is rapidly being filled by an even more potent one dubbed Alien. | Malware Threat | ||
|
2020-10-05 06:45:00 | BrandPost: From Botnets to Phishing: A Discussion on the 2020 Threat Landscape (lien direct) | An unforeseeable shift in network structures and attack strategies was dropped on the cybersecurity industry in 2020. As the COVID-19 pandemic continues to take its toll on organizations and individuals around the globe, we are now dealing with a threat landscape that's become more intense, complex, and saturated than ever before. And many organizations are finding it challenging to allot sufficient resources towards managing and mitigating these growing and evolving threats, having already faced operational setbacks prompted by the sudden transition to a fully remote workplace. Considering the ever-evolving nature of today's cyber threats, business leaders must continually familiarize themselves with up-to-date threat intelligence and invest in the resources necessary to protect what is now – and will remain indefinitely – a larger, more fluid attack surface. This time, the changes happening across the cyber threat landscape are more dramatic, and the risks due to recent network changes are greater than ever. This makes accurate and actionable threat intelligence even more crucial. The following threat summary highlights the cyber criminal community's ability to adapt and take advantage of low-hanging fruit to achieve their goals. | Threat Guideline | ||
|
2020-09-29 06:05:00 | BrandPost: How to Defend Against Today\'s Top 5 Cyber Threats (lien direct) | Cyber threats are constantly evolving. As recently as 2016, Trojan malware accounted for nearly 50% of all breaches. Today, they are responsible for less than 7%.That's not to say that Trojans are any less harmful. According to the 2020 Verizon Data Breach Investigations Report (DBIR), their backdoor and remote-control capabilities are still used by advanced threat actors to conduct sophisticated attacks.Staying ahead of evolving threats is a challenge that keeps many IT professionals awake at night. Understanding today's most important cyber threats is the first step toward protecting any organization from attack. | Data Breach Malware Threat | ||
|
2020-09-03 08:32:00 | Evilnum group targets FinTech firms with new Python-based RAT (lien direct) | Evilnum, a group known for targeting financial technology companies, has added new malware and infection tricks to its arsenal, researchers warn. The group is suspected of offering APT-style hacker-for-hire services to other entities, a growing and worrying trend that's changing the threat landscape.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Evilnum appeared on the radar of security companies in 2018 when it started targeting FinTech companies throughout Europe with spear-phishing emails that try to pass malicious files as scans of credit cards, utility bills, ID cards, drivers licenses and other identity verification documents required by know-your-customer (KYC) regulations in the financial sector. | Malware Threat | ★★★★★ |
To see everything:
Our RSS (filtrered)
