Security News > 2020 > September
The New York Times wrote about a still-unreleased report from Chckpoint and the Miaan Group: The reports, which were reviewed by The New York Times in advance of their release, say that the...
TikTok is urging a federal court to block US President Donald Trump from banning the video app, arguing the move is motivated by election politics rather than legitimate national security concerns. The Chinese-owned app - which is wildly popular in the US - has come under fire as tensions escalate between Beijing and Washington, with Trump threatening a ban if it is not sold to an American company.
Google this week announced the availability of Chronicle Detect, a threat detection solution for enterprises from Google Cloud. The tool is meant to help organizations depart from legacy security tools and adopt a modern threat detection system, Google says.
Some claim that the Dark Web is another definition of the anonymizing network TOR, while others claim that the Dark Web is mainly comprised of dissident sites, with illegal activity only being a small part of it. Considering the fact that in the security industry, the Dark Web is mainly referenced in the context of intelligence work, to best define the scope of the Dark Web we need to look at it from that perspective - with the eyes of an intelligence operation.
Phishers are using a bogus GDPR compliance reminder to trick recipients - employees of businesses across several industry verticals - into handing over their email login credentials. "The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action. For many who are not versed in GDPR regulations, this phish could be merely taken as more red tape to contend with rather than being identified as a malicious message," Area 1 Security researchers noted.
Credential stuffing attacks are taking up a lot of the oxygen in cybersecurity rooms these days. Unlike automated flood-the-zone, volume-based credential attacks, other API attacks are conducted almost one-to-one and carried out in elusive ways, targeting the distinct vulnerabilities of each API, making them even harder to detect than attacks happening on a large scale.
Attitudes toward cybersecurity roles are now overwhelmingly positive, although most people still don't view the field as a career fit for themselves, even as 29% of respondents say they are considering a career change, an² study reveals. 71% of the survey's respondents, all of whom do not work in the industry, say they consider cybersecurity professionals to be smart and technically skilled, while 51% also described them as "The good guys fighting cybercrime." 69% of respondents replied that cybersecurity seems like a good career path, just not one they see themselves pursuing.
The National Institute of Standards and Technology has published a cybersecurity practice guide enterprises can use to recover from data integrity attacks, i.e., destructive malware and ransomware attacks, malicious insider activity or simply mistakes by employees that have resulted in the modification or destruction of company data. Special Publication 1800-11, Data Integrity: Recovering from Ransomware and Other Destructive Events can help organizations to develop a strategy for recovering from an attack affecting data integrity, recover from such an event while maintaining operations, and manage enterprise risk.
"An influx of data from multiple tools, coupled with low levels of automation, can have a paralyzing effect on IT incident management processes," said Jen Garofalo, IDG's Research Director. "More than 40% of respondents indicate IT incident remediation is handled with a mix of manual and automated processes, while another 20% report these processes are mostly manual."
High volumes of attacks were used to target video game companies and players between 2018 and 2020, an Akamai report reveals. "Criminals are launching relentless waves of attacks against games and players alike in order to compromise accounts, steal and profit from personal information and in-game assets, and gain competitive advantages."