Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Infosec experts’ t ...

 Business

No company is immune to every sophisticated attack. For example, any company might face a takedown by zero-day vulnerabilities or nonstandard, complex tools. To successfully repel an advanced attack and minimize negative consequences, prepare today for the challenges your cybersecurity team could encounter tomorrow.   show more ...

Predicting a specific attack is, of course, impossible, so our colleagues decided to study the experiences of other companies, interviewing representatives of a variety of companies for our IT Security Economics 2021 report. What the respondents had in common was they had all suffered complex cyberincidents. Here are the Top 5 concerns the respondents reported: 1.Insufficient infrastructure visibility Logically enough, without full visibility of the infrastructure, threat search and elimination is nearly impossible. Even fairly complex incidents can go unnoticed by cyberdefenders for quite some time. Moreover, reacting without a full understanding of the situation can worsen matters. Countermeasures. When it comes to providing infrastructure visibility, consider Endpoint Detection and Response–class solutions. 2.Lack of coordination Disparate teams leaping into action instead of coordinating first tends to increase damage and complicate investigation. Teams can also unintentionally hinder one another (for example, IS may try to isolate the infected server from the network while IT is fighting to keep it available). Countermeasures. Develop a contingency plan in advance, and appoint someone to be responsible for implementing it. 3.Lack of qualified personnel The market continues to suffer from a shorta ge of infosec experts, so it is hardly surprising that companies cite as a major challenge the lack of properly trained personnel able to identify threats and respond to critical incidents. Countermeasures. If in-house expertise is lacking, bring in outside teams to perform both incident response and continuous monitoring and threat hunting. 4.Failure to identify real threats among multiple signals It’s bad if your security system fails to spot dangerous symptoms in the infrastructure, but not much better if it sees too many. Alerts about real threats can get lost among thousands of diverse incidents, each of which wastes analysts’ attention and other valuable resources. In a complex network, that’s a very real problem. Countermeasures. Use comprehensive cybersecurity framework with built-in technologies that help to prioritize truly critical incidents. 5. Insufficient visibility of malicious events or behavior Cybercriminals are forever coming up with new attack methods, tools, and exploits. Without fresh information about cyberthreats, security solutions cannot respond to the latest attacks or recognize intruders in the corporate network. Countermeasures. Supply your security solutions and SIEM systems (if any) with essential, up-to-date threat intel. The IT Security Economics 2021 report contains a wealth of other useful information such as data on average corporate losses from cyberincidents. You can download the full report here.

 Threat Actors

Kaspersky documented a new Chinese-speaking threat actor—GhostEmperor—targeting Microsoft Exchange flaws in high-profile attacks in Southeast Asia. The group evades the Windows Driver Signature Enforcement by using an undocumented loading scheme. Organizations are suggested to implement multi-layered security   show more ...

architecture of reliable anti-malware, firewalls, Host-based Intrusion Detection Systems, and Intrusion Prevention Systems.

 Malware and Vulnerabilities

FormBook has been known for exploiting the CVE- 2017-0199 flaw. Now, it has been discovered abusing a new zero-day vulnerability in Office 365. FormBook developers have also added an additional obfuscation mechanism for the exploit code to provide additional protection. Experts suggest following a proper patch management program and using reliable anti-malware solutions.

 Threat Actors

Proofpoint unearthed about 20 threat campaigns by the TA544 group that deploys the Ursnif banking trojan against 2,000 organizations in Italy. It targeted login portals of a large number of sites, including UniCredit Group, Agenziabpb, ING, BNL, eBay, PayPal, Banca Sella, CheBanca!, and IBK. In some of these   show more ...

campaigns, the threat actor employs geofencing tactics to confirm recipients in targeted geographic regions. Organizations are recommended to stay alert and train employees to spot malicious emails.

 Computer, Internet Security

Google is going to automatically enroll 150 million users and two million YouTube creators in to using two-factor authentication for their accounts by the end of the year, it announced on Tuesday.

 Identity Theft, Fraud, Scams

It has been reported that the voucher applications of around 1,000 eligible individuals were denied because their NINO had already been used to successfully complete an earlier voucher application.

 Breaches and Incidents

The cache of 11.9 million confidential files amounting to 2.94 terabytes of data was leaked to the International Consortium of Investigative Journalists (ICIJ) in Washington, DC.

 Trends, Reports, Analysis

The FBI released a Flash alert on March 16th, warning the public of the PYSA ransomware increasingly targeting education institutions in the US and UK. PYSA is short for “Protect Your System Amigo.”

 Malware and Vulnerabilities

Mana Tools was first reported in 2019 by Yoroi researchers who identified it as a fork of the AzoRult 3.2 malware created by a Pakistani actor named Aqib Waseem, better known as Hagga.

 Trends, Reports, Analysis

A new report released by Sift revealed a staggering 307% increase in ATO attacks between April 2019—shortly after many COVID-19 stay-at-home orders were enacted—and June 2021.

 Feed

High Infinity Technology HiKam S6 versions 1.3.26 and below suffer from broken authentication, enumeration, message protocol downgrade, insufficient use of cryptography, insufficient message protocol checks, device spoofing, outdated components, and weak default credential vulnerabilities. suffers from bypass, man-in-the-middle, and spoofing vulnerabilities.

 Feed

Red Hat Security Advisory 2021-3741-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This   show more ...

release of Red Hat JBoss Web Server 5.5.1 serves as a replacement for Red Hat JBoss Web Server 5.5.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

 Feed

Ubuntu Security Notice 5104-1 - Lyu discovered that Squid incorrectly handled WCCP protocol data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information.

 Feed

Microsoft Office OneNote 2007 proof of concept exploit for a OnePKG file parsing remote code execution vulnerability. Upon decompressing files from .ONEPKG archives (using MS CAB format), a failure to sanitize file paths and file contents allows for arbitrary file planting in arbitrary locations on the OS, including the startup folder.

 Feed

Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security. In addition, the internet giant said it also intends to require 2 million YouTube creators to switch on the setting, which it calls two-step verification (2SV),

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service (DoS) conditions. "A Control Component Library (CCL) may be modified

 Feed

Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology while remaining in the dark and successfully evading security solutions. Boston-based cybersecurity company Cybereason dubbed

 Feed only

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Predict 21, the world’s premier virtual event for analysts, network defenders, and cybersecurity executives interested in learning about how intelligence helps companies with   show more ...

their proactive and persistent security, is taking place October … Continue reading "Recorded Future’s intelligence summit, Predict 21, is happening next week – and you’re invited!"

2021-10
Aggregator history
Wednesday, October 06
FRI
SAT
SUN
MON
TUE
WED
THU
OctoberNovemberDecember