What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-08-07 10:50:00 | Protocol gateway flaws reveal a weak point in ICS environments (lien direct) | Security researchers warn about widespread vulnerabilities in protocol gateways, small devices that connect industrial machinery and sensors to TCP/IP networks that are used to automate and control them. New research published this week by Trend Micro and presented at the Black Hat USA virtual security conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors.The identified vulnerabilities can enable various attack scenarios, from issuing stealth commands that could sabotage the operational process to gaining unauthorized access, decrypting configuration databases, exposing sensitive information and crashing critical equipment. | Threat | ||
|
2020-07-24 03:00:00 | Microsoft Office the most targeted platform to carry out attacks (lien direct) | In 2019, Microsoft Office became cybercriminals' preferred platform when carrying out attacks, and the number of incidents keeps increasing, according to Kaspersky Lab researchers. Boris Larin, Vlad Stolyarov and Alexander Liskin showed at the company's Security Analyst Summit that the threat landscape has changed in the past two years and urged users to keep their software up-to-date and to avoid opening files that come from untrusted sources to reduce the risk of infection. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] | Malware Threat | ||
|
2020-06-16 10:10:00 | BrandPost: SecureX: The Connective Tissue for Integrated Security (lien direct) | There's rarely a dull moment for security leaders. Many technology-related things are constantly evolving - the threat landscape, attack surface, business needs, and access to specific skill sets.That's why every security approach must enable both agility and stability - in other words, satisfy the ability to quickly respond to new events, while also providing robust, reliable security. “It comes down to simplifying the security team's day-to-day operations so that they can spend more time on higher-value activities that ultimately make their organization more secure,” says Jeff Reed, Senior Vice President of Product Management, Cisco Systems. | Threat Guideline | ||
|
2020-06-11 00:00:00 | Enterprise internet attack surface is growing, report shows (lien direct) | The attack surface of large enterprises has grown in recent months driven by the new work conditions imposed by the COVID-19 pandemic. The threat has increased in many areas including servers that are directly accessible from the internet, domain names, websites, web forms, certificates, third-party applications and components or mobile apps. While some of those changes might be temporary, many are likely to be permanent, straining the ability of existing IT and security teams to manage and secure them.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Security firm RiskIQ, which specializes in digital asset discovery and protection, has used data collected recently by its technology through internet scans to assess the current global attack surface. Over two weeks, the company saw the addition of 2,959,498 new domain names and 772,786,941 new unique hosts to the web. | Threat | ||
|
2020-05-13 03:00:00 | 9 tips to detect and prevent web shell attacks on Windows networks (lien direct) | One tool that bad guys use to go after your web servers is a web shell. A web shell is a malicious script that masquerades as a legitimate file and provides a backdoor into your server. Recent guidance from the US National Security Agency (NSA) and the Australian Signals Directorate (ASD) offers techniques to detect and prevent web shell malware from affecting web servers. The NSA document describes web shell malware as a long-standing, pervasive threat that continues to evade many security tools. | Malware Tool Threat | ||
|
2020-05-11 03:00:00 | How IoT changes your threat model: 4 key considerations (lien direct) | IoT systems in business and operational environments have increased the attack surface and introduced new risks to the confidentiality, integrity and availability of critical data and systems at many enterprises. [ Find out how 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ] | Threat | ||
|
2020-04-15 03:00:00 | Threat modeling explained: A process for anticipating cyber attacks (lien direct) | Threat modeling definition Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate attack and protect IT resources.This broad definition may just sound like the job description of a cybersecurity professional, but the important thing about a threat model is that it is systematic and structured. Threat modelers walk through a series of concrete steps in order to fully understand the environment they're trying to secure and identify vulnerabilities and potential attackers.That said, threat modeling is still in some ways an art as much as a science, and there is no single canonical threat modeling process. The practice of threat modeling draws from various earlier security practices, most notably the idea of "attack trees" that were developed in the 1990s. In 1999, Microsoft employees Loren Kohnfelder and Praerit Garg circulated a document within the company called "The Threats to Our Products" that is considered by many to be the first definitive description of threat modeling. | Threat | ||
|
2020-03-19 05:45:00 | 6 ways attackers are exploiting the COVID-19 crisis (lien direct) | While organizations can take plenty of steps to ensure employees are well-equipped to work remotely in a secure manner, threat actors of all stripes are already taking advantage of the COVID19/coronavirus situation. Never ones to miss an opportunity, attackers are ramping up operations to spread malware via Covid19-themed emails, apps, websites and social media. Here's a breakdown of potential threat vectors and techniques threat actors are using to attack organizations. | Threat | ||
|
2020-03-09 10:15:00 | BrandPost: The Evolution of Linux Threats (lien direct) | 2019 was the year of Linux threats. Our research team observed a significant increase in the number of cyber attacks targeting Linux systems, evidenced by the discoveries of HiddenWasp, QNAPCrypt and EvilGnome.Sadly, the antivirus industry continues to be plagued by low Linux threat detection rates.It's important to understand that in an open-source ecosystem like Linux, there is a large amount of publicly available code that can be quickly copied by attackers to produce their own malware. At the time of its discovery, for example, HiddenWasp contained large portions of code from previously leaked and/or open-sourced threats Mirai and the Azazel rootkit. While Mirai is not a highly complex malware, its code was leaked in 2016. We now see its code being reused often by adversaries to develop their own malware instances within the Linux operating system. | Malware Threat | ||
|
2020-02-19 16:12:00 | BrandPost: How to Maximize Resources in Your Cybersecurity Workforce (lien direct) | There's no denying that skilled people will always be an integral part of cybersecurity operations. After all, every cybersecurity threat requires a conversation around it, intelligent intervention, and thorough analysis to combat future issues.Yet without the right resources at their fingertips, even the most knowledgeable cybersecurity workforce is set up to fail. Consider this in the context of a misconfiguration in the cloud-one of the top cloud security threats. If this issue is buried beneath a pile of other threats and alerts or SecOps need days or maybe even weeks to identify the root of the problem, cyber attackers have more room to make their way in the perimeter and exfiltrate sensitive data. (This year's Capital One data breach is a prime example.) | Data Breach Threat | ||
|
2020-02-10 03:00:00 | More targeted, sophisticated and costly: Why ransomware might be your biggest threat (lien direct) | Ransomware attacks have matured over the years, adopting more stealthy and sophisticated techniques, while at the same time fixing many of the implementation errors that earlier iterations had. Moreover, some attacks are now gaining a new data leak component, which exposes companies to more than the traditional data loss associated with ransomware. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware Threat | ||
|
2019-12-17 12:18:00 | Hackers use free tools in new APT campaign against industrial sector firms (lien direct) | Researchers have recently detected an advanced persistent threat (APT) campaign that targets critical infrastructure equipment manufacturers by using industry-sector-themed spear-phishing emails and a combination of free tools. This tactic fits into the “living off the land” trend of cyberespionage actors reducing their reliance on custom and unique malware programs that could be attributed to them in favor of dual-use tools that are publicly available. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ] | Malware Threat | ||
|
2019-11-25 07:21:00 | BrandPost: Using AI to Level the Cyber Playing Field (lien direct) | Imagine what you would have done differently in your network if you could have just seen a few years into the future. Would you have been quicker to embrace the cloud? What about the time and money spent on technologies that you now don't really use? Every wiring closet has a number of expensive “boat anchors” sitting on a shelf somewhere gathering dust. Of course, if your organization has ever been the victim of a serious breach, it's easy to guess how you may have prepared differently for that.Predicting the FutureThe truth is, that last one isn't really just wishful thinking. Cybersecurity professionals, myself included, have been warning organizations about the threats just around the corner for years. Some requires years of experience to understand threat actor trends and malware trajectories. But others just stare you in the face. For example, much of the recent success of the cybercriminal community has been due to their ability to successfully exploit the expanding attack surface and the resulting security gaps resulting from digital transformation that are not being properly closed. This shouldn't be news to anyone. | Malware Threat | ||
|
2019-11-22 08:07:00 | (Déjà vu) Russia\'s Sandworm hacking group heralds new era of cyber warfare (lien direct) | Speakers at this year's CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history. | Threat | ||
|
2019-11-22 08:07:00 | A new era of cyber warfare: Russia\'s Sandworm shows “we are all Ukraine” on the internet (lien direct) | Speakers at this year's CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history. | Threat | ||
|
2019-11-19 03:00:00 | Why you should consider your managed service provider an insider threat (lien direct) | A growing number of managed services providers (MSPs) from around the world are being targeted and compromised by hackers. Such breaches can have a serious impact on their customers' business, as compromised MSPs can serve as launchpads into their clients' corporate networks. MSP compromises highlight why it's important for organizations to consider the risk they pose and be ready to block threats coming through trusted business partners. | Threat | ||
|
2019-10-29 10:19:00 | BrandPost: Five critical elements for any cyber security awareness program (lien direct) | While nearly 9 in 10 companies not only allow, but actually rely on their employees to access critical business apps using their personal devices, according to a recent Fortinet Threat Landscape Report, Android-based malware now represents 14% of all cyberthreats. And in addition to direct attacks, the number of compromised web sites, email phishing campaigns, and malicious access points continue to grow exponentially, infecting unsuspecting users – regardless of their devices –with spyware, malware, compromised applications, and even ransomware. | Malware Threat | ||
|
2019-10-03 06:00:00 | Chinese cyberespionage group PKPLUG uses custom and off-the-shelf tools (lien direct) | Security researchers have linked various attack campaigns against organizations and ethnic groups in Asia to a single threat actor they believe is likely serving China's geopolitical interests in the region and is connected to the country's state-sponsored cyberespionage apparatus. Researchers from security firm Palo Alto Networks have been tracking attack campaigns launched by a group, or several closely connected groups, they've dubbed PKPLUG for the past three years. They've found links to older attack campaigns reported independently by other companies over the past six years. According to them, this is the first time all these attacks have been tied together under a single threat actor. | Threat | ||
|
2019-09-30 09:05:00 | BrandPost: The Critical Need for Threat Intelligence (lien direct) | Passive security devices deployed at a network edge waiting for some previously identified threat to trigger a response was the primary mode of security for over a decade. And though that approach has undergone some updating in the interim, it is still the primary mode of protection relied upon by far too many organizations.Today's threats are far more sophisticated. They are designed to evade detection, hijack approved software, disguise themselves as legitimate traffic, and even disable network and security devices. Prevention, as well as detection and response, require active security solutions that can identify attack patterns, detect unusual behaviors, and uncover threats before they can cause harm. And to do that, they need effective and reliable threat intelligence. | Threat | ||
|
2019-09-30 03:00:00 | Marriott data breach FAQ: How did it happen and what was the impact? (lien direct) | In late 2018, the Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. While Marriott has not disclosed the full timeline or technical details of the assault, what we do know tells us quite a bit about the current threat landscape - and offers lessons for other enterprises on how to protect themselves.We answer 10 frequently asked questions.When was the Marriott breach? On September 8, 2018, an internal security tool flagged as suspicious an attempt to access the internal guest reservation database for Marriott's Starwood brands, which include the Westin, Sheraton, St. Regis, and W hotels. This prompted an internal investigation that determined, through a forensics process that Marriott has not discussed in detail, that the Starwood network had been compromised sometime in 2014 - back when Starwood had been a separate company. Marriott purchased Starwood in 2016, but nearly two years later, the former Starwood hotels hadn't been migrated to Marriott's own reservation system and were still using IT infrastructure inherited from Starwood, an important factor that we'll revisit in more detail later. | Data Breach Tool Threat | ||
|
2019-09-10 05:53:00 | IDG Contributor Network: How a small business should respond to a hack (lien direct) | Hacks and data breaches are, unfortunately, part of doing business today. Ten years ago, it was the largest corporations that were most targeted by hackers, but that has changed. As large organizations have improved their cybersecurity, and more and more small businesses go online, hackers have shifted their attention to smaller targets.The threat Putting numbers on the scale of cybercrime is difficult, not least because many companies are resistant to acknowledging that they've been hacked. A huge study from 2010, though, conducted by Verizon working in conjunction with the US Secret Service, found that even then smaller businesses were under huge threat from cybercriminals: over 60% of the data breaches covered in that report were from businesses with less than 100 employees. | Hack Threat | ||
|
2019-08-15 03:00:00 | Black Hat 2019: 3 cybersecurity concerns and 3 things that give hope (lien direct) | Organizations worry more about the volume and sophistication of cyber attacks and are confused about what tools to use. It's not all bad news, though, as this year's Black Hat highlighted several security advancements, including greater emphasis on application security and automating security operations. Here are my take-aways from this year's event: The “vibe” has changed. There used to be a clear difference between Black Hat and its larger cousin, the RSA Conference. RSA has become an industry show where you talk about business relationships, M&A activities, and VC investments. Alternatively, Black Hat was always a practitioners' show where the buzz centered on exploits, IoCs, and defensive tactics. Alas, billions of security dollars are taking its toll on poor Black Hat – there was a definite “hurray for the industry” vibe, fraught with banal cocktail parties, Merlot-drinking VCs, and ambulance-chasing vendors. The industry needs a cold shower to remember that its job is protecting critical digital assets, not celebrating 10-bangers. The scary factor. In a recent ESG research project, 76% of organizations claim that threat detection and response is more difficult today than it was two years ago. More than one-third (34%) say the volume and sophistication of attacks has increased, while 16% claim that the attack surface has grown. Both issues were front and center at Black Hat. For example, we are seeing attacks on cloud infrastructure like the theft of developer passwords on GitHub, break-ins on Amazon S3 buckets, and exploitation of internet of things (IoT) device vulnerabilities. None of the adversary tactics, techniques, and procedures (TTPs) are new, but the cybersecurity diaspora is being asked to safeguard more new stuff all the time. This imbalance is a recipe for disaster, and all CISOs should have a formal plan for bridging this gap. Everything is in play. Cybersecurity technology is installed everywhere – on hosts, networks, virtual infrastructure, in the cloud, etc. A lot of this infrastructure has been in place for years, but much has reached a point of obsolescence. Old antivirus software is being replace by endpoint security suites instrumented with machine learning algorithms and EDR capabilities. Network security devices are giving way to virtual network security services that span physical, virtual, and cloud-based infrastructure with central management and distributed enforcement. Individual security analytics tools are coming together in security operations and analytics platform architectures (SOAPA). All these changes are muddying messages and confusing the industry at large. Rather than a security technology flea market, we need some clarity on new types of security technology architectures for the 2020s at next year's shows (i.e. RSA and Black Hat). 3 ways security is improving While there is a lot of work ahead, all is not doom and gloom. Here are a few positive observations from Black Hat 2019: | Threat | ||
|
2019-08-05 03:00:00 | Looking for answers at Black Hat 2019: 5 important cybersecurity issues (lien direct) | Judging by last week's Capital One breach and Equifax settlement, cybersecurity remains a topical, if not ugly, subject. The timing couldn't be better for these unfortunate events. Why? Because the cybersecurity community gets together this week in Las Vegas for Black Hat and DEF CON to discuss how to better deal with security vulnerabilities and improve threat prevention, detection, and response. [ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] I'll be there along with an assortment of my ESG colleagues. Here are some of the things we'll be looking for: | Threat | Equifax | |
|
2019-07-18 08:57:00 | Network traffic analysis tools must include these 6 capabilities (lien direct) | When it comes to threat detection and response, understanding network behavior really matters. According to ESG research, 87% of organizations use network traffic analysis (NTA) tools for threat detection and response, and 43% say NTA is a “first line of defense” for detecting and responding to threats. (Note: I am an ESG employee.) As cybersecurity professionals often state, “the network doesn't lie.” Since cyber attacks use network communications for malware distribution, command and control, and data exfiltration, trained professionals should be able to spot malicious activity with the right tools, time, and oversight. [ Also read: Must-have features in a modern network security architecture | Get the latest from CSO: Sign up for our newsletters ] | Malware Threat | ||
|
2019-06-28 13:12:00 | BrandPost: Sharing Infrastructure: Insights and Strategies from the Latest Global Threat Landscape Report (lien direct) | Cyber threats are evolving so rapidly that they now require constant monitoring. Attacks observed during the first quarter of 2019 make it clear that cybercriminals are not only increasing the sophistication of their methods and tools, but that they are also diversifying. Recent attacks use a wide range of attack strategies, from targeted ransomware, custom coding, living-off-the-land (LoTL) strategies, and exploiting pre-installed tools to move laterally and stealthily across a network to launch or extend an attack.Another interesting trend is that threat actors are increasingly leveraging existing malware components, such as those offered on Dark Web sites either as open code or as Malware as a Service (MaaS). We are also learning that many attacks leverage common infrastructures, such as domains from which they launch attacks or run C2 services. For instance, nearly 60% of threats shared at least one domain from a handful of web service providers, indicating the majority of botnets not only leverage established infrastructure for distribution, but gravitate towards the same resources. | Malware Threat | ★★ | |
|
2019-06-03 09:04:00 | BrandPost: Protecting Today\'s Evolving Digital Landscape (lien direct) | Over the past couple of decades, changes in the threat landscape have driven changes in how we design, implement, and manage security. Organizations have spent the last two decades updating their security gear to keep up with the latest threats and attack vectors. In the late 1990s, the creation of viruses and worms forced the development of anti-virus and IDS solutions. Spam and phishing drove the development of advanced email gateways. The list is long, with organizations adding things like Anti-DDoS, Secure Web Gateways, and Reputation filters to their security closets on an almost annual basis. The thing these security tools tended to have in common is that they were all signature based. And because cybercriminals tend to be as invested in ROI and TCO as their victims, they learned that attacks that could be countered by a new signature were less profitable. | Spam Threat | ||
|
2019-05-30 11:36:00 | (Déjà vu) Best new Windows 10 security features: Windows Sandbox, more update options (lien direct) | With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year. Many of those changes will allow you to improve your security posture and offer more security choices. You no longer have to wait for a new operating system to deploy new security features. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] Below is a summary of all the new security features and options in Windows 10 version 1903, which features Windows Defender Advanced Threat Protection (ATP) enhancements, more options for enterprises to defer updates, and Windows Sandbox, which provides a safe area to run untrusted software. Bookmark this article, because we will be adding new security features as Microsoft releases future Windows updates. | Malware Threat | ||
|
2019-05-23 07:25:00 | BrandPost: Threat Intelligence and the Evolving Threat Landscape (lien direct) | As organizations continue to adopt and drive digital transformation (DX), staying ahead of the threat landscape and attack chain curves is becoming increasingly difficult to achieve. Today, rather than having a single network to secure, most organizations now own and manage a variety of environments, including physical networks, private cloud and virtual SDN environments, multiple public clouds, an expanding WAN edge, IT/OT convergence, and an increasingly mobile workforce.This also includes things like ongoing DevOps application development, containerized environments, and the adoption of IaaS and SaaS solutions-including Shadow IT. And given the advent of more deeply integrated solutions, such as smart cars, companies, and cities, and the looming launch of 5G and the myriad of new immersive applications and rich media sources that will result from that, the impact of DX seems to stretch out over the horizon. | Threat | ||
|
2019-05-15 09:46:00 | Microsoft urges Windows customers to patch wormable RDP flaw (lien direct) | Microsoft has fixed a critical vulnerability in some versions of Windows that can be exploited to create a powerful worm. The company even took the unusual step of releasing patches for Windows XP and Windows Server 2003, which haven't been supported in years, because it believes the threat to be very high. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] The vulnerability, tracked as CVE-2019-0708, is located in Remote Desktop Services, formerly known as Terminal Services. This component handles connections over the Remote Desktop Protocol (RDP), a widely used protocol for remotely managing Windows systems on corporate networks. | Malware Vulnerability Threat | ||
|
2019-05-07 11:46:00 | BrandPost: The Problem with Too Many Security Options (lien direct) | The challenge of securing our networks is accelerating, primarily in direct response to digital transformation efforts that are expanding the attack surface. Cybercriminals are all too eager to exploit new attack vectors and take advantage of new limitations in our visibility and span of control.The problem is that too many of our security solutions not only operate in relative isolation-meaning that they don't do a very good job of sharing threat intelligence with other security tools-they also still tend to be perimeter-based, which is ironic given that the industry has been touting borderless networks for quite some time. Part of the problem is that even as the border is eroding, we still tend to think of our networks in traditional terms, with an assumption that the data center sits at the core, the network is reasonably static, and that all other elements - mobile users and devices, branch offices, and multi-cloud environments- branch off from that central network in a hub and spoke design. | Threat | ||
|
2019-04-29 03:00:00 | How a data-driven approach to security helps a small healthcare team embrace automation (lien direct) | The healthcare industry is an inviting and lucrative target for threat actors. It holds lots of valuable personal, health and finance data living in environments that often depend on legacy technology that is hard to patch and is defended by small teams with limited resources. Worse, the cost for data breaches at healthcare organizations is high. Not only does the healthcare industry have the highest cost per record breached according to the 2018 Ponemon Cost of a Data Breach study ($408, nearly double the next-highest industry), but research published last year suggested healthcare data breaches may cause as many as 2,100 deaths per year in the United States. | Data Breach Threat | ||
|
2019-04-25 12:31:00 | The growing demand for managed detection and response (MDR) (lien direct) | According to ESG research, 82% of cybersecurity professionals agree that improving threat detection and response (i.e. mean-time to detect (MTTD), mean-time to respond (MTTR), etc.) is a high priority at their organization. Furthermore, 77% of cybersecurity professionals surveyed say business managers are pressuring the cybersecurity team to improve threat detection and response. (Note: I am an ESG employee.)So, what's the problem? Threat detection and response ain't easy. In fact, 76% of those surveyed claim that threat detection and response is either much more difficult or somewhat more difficult than it was two years ago. Why? Cybersecurity professionals point to issues such as an upsurge in the volume and sophistication of threats, an increasing cybersecurity workload, and a growing attack surface. Oh, and let's not forget the impact of the cybersecurity skills shortage. Many firms lack the right staff and skills to make a significant dent in this area. | Threat | ||
|
2019-04-12 03:00:00 | What is Emotet? And how to guard against this persistent Trojan malware (lien direct) | Emotet is a banking Trojan that started out stealing information from individuals, like credit card details. It has been lurking around since 2014 and has evolved tremendously over the years, becoming major threat that infiltrates corporate networks and spreads other strains of malware.The U.S. Department of Homeland Security published an alert on Emotet in July 2018, describing it as “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans,” and warning that it's very difficult to combat, capable of evading typical signature-based detection, and determined to spread itself. The alert explains that “Emotet infections have cost SLTT (state, local, tribal, and territorial) governments up to $1 million per incident to remediate.” | Malware Threat | ||
|
2019-04-10 12:33:00 | (Déjà vu) You Can Now Get This Award-Winning VPN For Just $1/month (lien direct) | If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location - but they can also run frustratingly slowly, delaying the way you'd usually use the internet for entertainment and work. That's where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced. | Malware Threat | ||
|
2019-03-25 13:56:00 | Get a two-year subscription to Ivacy VPN for only $2.03/mo (lien direct) | If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location - but they can also run frustratingly slowly, delaying the way you'd usually use the internet for entertainment and work. That's where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced. | Malware Threat | ||
|
2019-03-22 05:27:00 | IDG Contributor Network: Facebook stashing plain text passwords is a wake-up call to improve GRC (lien direct) | As details emerged of how Facebook captured hundreds of millions of plain text passwords and stored them on internal company servers, my entire IT career flashed before my eyes. While it is criminal that there is apparently no adult supervision or oversight on what developers at Facebook can do with a user's credentials when logging into their apps, they are certainly not alone in their handling of plain text passwords.During my time as CEO at VeriClouds (a provider of identity threat intelligence that uses analytics on top a data lake of more than 10 billion compromised credentials) I was in a meeting with an executive of Twitter when he admitted to using a competitor's service whereby his team received “dumps” of compromised credentials – yes ladies and gentlemen, in plain text. I can understand that being a normal and accepted practice a decade ago before the President of the United States started using his service. I am bewildered as to why any security officer worth his title would allow a practice to occur, let alone continue at a massive social media site such as Twitter. | Threat | ||
|
2019-02-27 10:23:00 | What is ethical hacking? How to get paid to break into computers (lien direct) | What is ethical hacking? Ethical hacking, also known as penetration testing or pen testing, is legally breaking into computers and devices to test an organization's defenses. It's among the most exciting IT jobs any person can be involved in. You are literally getting paid to keep up with the latest technology and get to break into computers without the threat of being arrested. Companies engage ethical hackers to identify vulnerabilities in their systems. From the penetration tester's point of view, there is no downside: If you hack in past the current defenses, you've given the client a chance to close the hole before an attacker discovers it. If you don't find anything, your client is even happier because they now get to declare their systems “secure enough that even paid hackers couldn't break into it.” Win-win! | Hack Threat | ||
|
2019-02-20 05:47:00 | BrandPost: Addressing Today\'s Risks Requires Reliable Threat Intelligence (lien direct) | Two of the biggest challenges that CISOs face today are ensuring that security and business strategies are in alignment and that security solutions are focused on solving the right problems. More often than anyone wants to admit, security teams spend significant resources trying to resolve a specific set of security challenges only to find out that they either don't support critical business objectives or that the organization has been compromised by an attack coming from an unrecognized threat vector.Having a sense of urgency but not knowing where the threat is coming from is the equivalent of frantically wading around through flood water carrying a fire extinguisher. As it turns out, getting security right is just as important as having it in place. And ensuring that you have the right tool for the job starts by asking three key questions. | Tool Threat | ||
|
2019-02-07 03:54:00 | What is an advanced persistent threat (APT)? And 5 signs you\'ve been hit with one (lien direct) | Advanced persistent threat definition An advanced persistent threat (APT) is a cyberattack executed by criminals or nation-states with the intent to steal data or surveil systems over an extended time period. The attacker has a specific target and goal, and has spent time and resources to identify which vulnerabilities they can exploit to gain access, and to design an attack that will likely remain undetected for a long time. That attack often includes the use of custom malware.The motive for an APT can be either financial gain or political espionage. APTs were originally associated mainly with nation-state actors who wanted to steal government or industrial secrets. Cyber criminals now use APTs to steal data or intellectual property that they can sell or otherwise monetize. | Threat | ||
|
2019-02-05 06:12:00 | Phishing has become the root of most cyber-evil (lien direct) | Companies spend a huge amount of time and billions of dollars on security technology to keep threat actors out - on firewalls, IPS systems, endpoint security, and the like - and employees are letting those bad guys in by clicking on phishing links. In fact, a recent F5 Labs report says phishing was the root cause of 48 percent of the breaches they investigated.This corroborates my own research, as I have talked to many people that do penetration testing and they told me the number one way to breach a company is by stealing a user's credentials via phishing. Indeed, one of them showed me how quickly they could do up a mock email from the CEO that entices a user to click and enter user information. Another interesting thing he told me: In about 90 percent of the cases, he can get the credentials in under four hours. | Threat | ||
|
2019-01-30 03:00:00 | (Déjà vu) How to defend Office 365 from spear-phishing attacks (lien direct) | A recent Windows Defender Advanced Threat Protection (ATP) alert described an Adobe Flash zero-day vulnerability (CVE-2018-15982) that was used in a spear-phishing attack against a medical institution in Russia. Adobe released a patch on December 5, 2018. This vulnerability and attack sequence highlighted a number of mitigations that you can use to block such attacks. | Vulnerability Threat | ||
|
2019-01-30 03:00:00 | (Déjà vu) How to defend Office 386 from spear-phishing attacks (lien direct) | A recent Windows Defender Advanced Threat Protection (ATP) alert described an Adobe Flash zero-day vulnerability (CVE-2018-15982) that was used in a spear-phishing attack against a medical institution in Russia. Adobe released a patch on December 5, 2018. This vulnerability and attack sequence highlighted a number of mitigations that you can use to block such attacks. | Vulnerability Threat | ||
|
2018-12-10 05:23:00 | BrandPost: A Layered Approach to Cybersecurity: People, Processes, and Technology (lien direct) | Cybercrime is an ever-present threat facing organizations of all sizes. In order to safeguard themselves against a successful data breach, IT teams must stay a step ahead of cybercriminals by defending against a barrage of increasingly-sophisticated attacks at high volumes. In Q3 of 2018 alone, FortiGuard Labs detected 1,114 exploits per firm, each representing an opportunity for a cybercriminal to infiltrate a network and exfiltrate or compromise valuable data.What complicates this challenge further is that the strategies and attack vectors that cybercriminals rely on are always evolving. It's the classic problem of security teams having to cover every contingency, while cybercriminals only need to slip past defenses once. Because of this, IT teams must continuously update their defenses based on current threat trends. Today, IoT, mobile malware, cryptojacking, and botnets are top focuses for cybercriminals, but they may have moved on to new threats by Q4. | Threat | ||
|
2018-11-27 02:57:00 | DDoS protection, mitigation and defense: 8 essential tips (lien direct) | DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. According to Verizon's latest DDoS trends report, the first half of 2018 saw an increase of 111 percent in attack peak sizes, compared to last year. "The attackers are getting their hands on more and more machines that they can misuse for DDoS attacks," says Candid Wueest, threat researcher with Symantec Security Response at Symantec. | Threat | ||
|
2018-11-15 05:11:00 | What is the cyber kill chain? Why it\'s not always the right approach to cyber attacks (lien direct) | As an infosec professional, you've likely heard about using a cyber kill chain, also known as a cyber attack lifecycle, to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is a recap of what the cyber kill chain approach to security is and how you might employ it in today's threat environment. | Threat | ||
|
2018-11-06 08:56:00 | Worst malware and threat actors of 2018 so far (lien direct) | What's the worst malware so far into 2018? The worst botnets and banking trojans, according to Webroot, were Emotet, Trickbot, and Zeus Panda. Crysis/Dharma, GandCrab, and SamSam were the worst among ransomware. The top three in cryptomining/cryptojacking were GhostMiner, Wanna Mine, and Coinhive.And included in the list of top 10 threat actors so far this year, we find Lazarus Group, Sofacy and MuddyWater coming in the top three spots, according to AlienVault. Lazarus Group took the top spot from Sofacy this year. The reported locations for the top 10 threat actors are North Korea, with two groups; Russia, with three groups; Iran, with two groups; China, with two groups; and India, with one. Microsoft Office was the most exploited application, but Adobe Flash, WebLogic, Microsoft Windows, Drupal and GPON routers were also listed in the top 10. | Malware Threat Medical | APT 38 | |
|
2018-11-05 12:59:00 | BrandPost: Up-Close Look at Threat Response in 2 Industries (lien direct) | A new global survey by Ponemon and ServiceNow of nearly 3,000 cybersecurity professionals reveals that more than half the companies have experienced a breach in the past year.In this session Bob Bragdon, Senior Vice President and Publisher of CSO, and Piero DePaoli, Sr. Director for Security and Risk, ServiceNow, explore how respondents in 2 specific industries – financial services and healthcare – are handling threats.The survey found that both sectors had similar responses regarding breaches: 45% of financial services companies have had one or more breach in the last 2 years, and 50% of healthcare organizations. But the survey also revealed that financial services organizations appear better at handling those breaches. Why is this the case? | Threat | ||
|
2018-10-22 14:04:00 | BrandPost: The Answer to Cyber Threats: People or Technology? (lien direct) | A new global survey by Ponemon and ServiceNow of nearly 3,000 cybersecurity professionals reveals that more than half the companies have experienced a breach in the past year. Compounding this issue: the volume of cyberattacks continue to increase, and the industry is facing a shortage of qualified security pros.But experts agree that hiring more people isn't necessarily the answer to solving this cyber threat puzzle. In this session Bob Bragdon, Senior Vice President and Publisher of CSO, and Myke Lyons, Security Transformational Leader at ServiceNow, explore the answers. | Threat Guideline | ||
|
2018-10-19 11:22:00 | (Déjà vu) Trend Micro shines a light on its new cybersecurity solutions (lien direct) | Last week, Trend Micro came to Boston for its annual Trend Insights industry analyst event. The company provided an overview of its business, products, and strategy. Here are a few of my take-aways: Trend Micro is prepared for the next chapter in endpoint security. To maintain its market leadership, Trend Micro is rolling out Apex One, its newest endpoint security product. Apex One provides more prevention/detection capabilities while consolidating all endpoint security functions onto a single agent. Trend Micro has also decided to swim against the industry tide by including EDR as part of its core commercial endpoint security product (note: EDR requires a licensing change), thus all customers who upgrade will get Trend Micro EDR, alleviating the need to shop elsewhere. Apex One will be an easy decision for existing Trend Micro customers and may be an attractive alternative for CISOs looking for an endpoint security solution will all the bells and whistles. Trend Micro product strategy: Better together. Trend Micro talks about connected threat defense, which brings together several its individual endpoint, network, and cloud products together as an integrated cybersecurity technology architecture. Good timing, as ESG research indicates that 62% of organizations would be willing to buy a majority of their cybersecurity products from a single enterprise-class vendor. For example, TippingPoint IDS/IPS is tightly integrated with Deep Discovery, Trend Micro's malware detection sandbox, while Deep Security, Trend Micro's cloud workload security offering, integrates with both of these products. As part of its business strategy, Trend Micro is working with customers to replace discrete point tools with Trend Micro products and reap integration benefits such as improved threat prevention/detection while streamlining security operations. Moving toward managed services. While Trend Micro engineered its EDR offering for ease of use, it recognizes that many organizations don't have the resources or skills to deploy, learn, or operate detection/response tools on their own. To work with these customers, Trend Micro is rolling out a managed detection and response service (MDR) as a complement to its products. Furthermore, Trend Micro is spinning out a new company called Cysiv, which offers several other advanced managed security services. With these moves, Trend Micro is demonstrating that it wants to play a direct role in the growing market for security services – rather than an indirect role as an arms dealer alone. All in on cloud security. Trend Micro jumped on the server virtualization and cloud computing bandwagons early by forming tight partnerships with VMware, Amazon, and Microsoft. Now that every other established vendor and VC-backed startup is all in on the cloud, Trend Micro is moving beyond basic cloud security support. For example, Trend Micro cloud security products are tightly-coupled with its connected threat defense for prevention/detection. From a cloud perspective, Trend Micro has gotten very familiar with application developers and DevOps to make sure that Trend Micro cloud security products fit seamlessly into a CI/CD pipeline. Trend Micro has also expanded its purview to cover containers micro-services, and even cloud-based application security. In this way, Trend Micro is aligning with cloud innovation and culture – not just hawking security products. More business investment. Over the past five years, Trend Micro business has gone through some significant shifts. For example, a larger percentage of the company's revenue comes from commercial sales rather than consumer sales, while Trend Micro has seen rapid market growth in North America. Trend Micro will hire engineers, expand sales staff, and service channel partners to keep this momentum going. | Malware Threat Guideline | ||
|
2018-10-19 11:22:00 | (Déjà vu) Cybersecurity Trends – With Trend Micro (lien direct) | Last week, Trend Micro came to Boston for its annual Trend Insights industry analyst event. The company provided an overview of its business, products, and strategy. Here are a few of my take-aways: Trend is prepared for the next chapter in endpoint security. To maintain its market leadership, Trend Micro is rolling out ApexOne, its newest endpoint security product. ApexOne provides more prevention/detection capabilities while consolidating all endpoint security functions onto a single agent. Trend has also decided to swim against the industry tide by including EDR as part of its core commercial endpoint security product, thus all customers who upgrade will get Trend EDR, alleviating the need to shop elsewhere. ApexOne will be an easy decision for existing Trend Micro customers and may be an attractive alternative for CISOs looking for an endpoint security solution will all the bells and whistles. Trend product strategy: Better together. Trend talks about connected threat defense which brings together several its individual endpoint, network, and cloud products together as an integrated cybersecurity technology architecture. Good timing as ESG research indicates that 62% of organizations would be willing to buy a majority of their cybersecurity products from a single enterprise-class vendor. For example, TippingPoint IDS/IPS is tightly integrated with Deep Discovery, Trend's malware detection sandbox while Deep Security, Trend's cloud workload security offering integrates with both of these products. As part of its business strategy, Trend is working with customers to replace discrete point tools with Trend products and reap integration benefits like improved threat prevention/detection while streamlining security operations. Moving toward managed services. While Trend engineered its EDR offering for ease-of-use, it recognizes that many organizations don't have the resources or skills to deploy, learn, or operate detection/response tools on their own. To work with these customers, Trend Micro is rolling out a managed detection and response service (MDR) as a complement to its products. Furthermore, Trend is spinning out a new company called Cysiv which offers several other advanced managed security services. With these moves, Trend is demonstrating that it wants to play a direct role in the growing market for security services – rather than an indirect role as an arms dealer alone. All in on cloud security. Trend Micro jumped on the server virtualization and cloud computing bandwagons early by forming tight partnerships with VMware, Amazon, and Microsoft. Now that every other established vendor and VC-backed startup are all-in on the cloud, Trend is moving beyond basic cloud security support. For example, Trend cloud security products are tightly-coupled with its connected threat defense for prevention/detection. From a cloud perspective, Trend has gotten very familiar with application developers and DevOps to make sure that Trend cloud security products fit seamlessly into a CI/CD pipeline. Trend has also expanded its purview to cover containers micro-services, and even cloud-based application security. In this way, Trend Micro is aligning with cloud innovation and culture – not just hawking security products. More business investment. Over the past 5 years, Trend Micro business has gone through some significant shifts. For example, a larger percentage of the company's revenue comes from commercial sales rather than consumer sales, while Trend has seen rapid market growth in North America. Trend Micro will hire engineers, expand sales staff, and service channel partners to keep this momentum going. In my humble opinion, Trend Micro remains a bit of a diamond in the rough – its security expertise and advanced techno | Malware Threat Guideline |
To see everything:
Our RSS (filtrered)
