Security News > 2020

These organizations must now not only defend IT infrastructures, but also manage risks caused by increased DDoS attacks on customer-facing services and applications, mobile networks, and unsecured IoT devices. "By weaponizing new attack vectors, leveraging mobile hotspots, and targeting compromised endpoint IoT devices, attackers are increasingly finding ways to infiltrate our internet-connected world. They are getting more sophisticated by using a minuscule portion of the available vulnerable devices to carry out a successful attack. The largest OpenVPN DDoS attack we observed used less than one percent of the available reflectors connected to the internet. Botmasters are waiting in the wings, since the risk will only increase in 2020 when an estimated 20.4 billion more devices are connected to the internet."

For the 2020 Webroot Threat Report, researchers analyzed samples from more than 37 billion URLs, 842 million domains, 4 billion IP addresses, 31 million active mobile apps, and 36 billion file behavior records. Surge in malware targeting Windows 7 93.6 percent of malware seen was unique to a single PC - the highest rate ever observed.

Study for the CISSP exam anytime, anywhere using Official² CISSP flash cards. This free interactive self-study tool tests knowledge across all eight CISSP domains and gives you immediate feedback to reinforce learning.

LUMU is a cloud-based solution that collects and standardizes metadata from across the network, including DNS queries, Network Flows, access logs from perimeter proxies and/or firewalls, and spam box filters, and then applies AI to correlate threat intelligence from these disparate data sources to isolate confirmed points of compromise. Proactive and accelerated compromise detection: Unlike other network threat analysis tools, LUMU unlocks the value of an organization's own data by closing the feedback loop to inform and improve its self-learning capabilities while generating actionable insights that security teams can use to proactively detect existing compromises in their network.

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days.

SentinelOne unveiled its Singularity Platform, an industry first data lake that fuses together the data, access, control, and integration planes of its endpoint protection, endpoint detection and response, IoT security, and cloud workload protection into a centralized platform. SentinelOne is the first security offering to expand from cloud-native yet autonomous protection to a full cybersecurity platform - with the same single codebase and deployment model - and the first to incorporate IoT and CWPP into an XDR platform.

Veeam Software announced the general availability of NEW Veeam Availability Suite 10, ushering in the next generation of data protection capabilities that increase data availability, portability, and extensibility. First introduced in 2008 as Veeam Backup & Replication, Veeam Availability Suite - now delivers modern file data protection for Networked Attached Storage, Multi-VM Instant Recovery to automate disaster recovery and enhanced ransomware protection.

This indicates that, after a detailed validation process, the Kingston IronKey D300, IronKey D300S and IronKey D300SM have been listed in the NATO Information Assurance Product Catalogue for security products that meet NATO's nations, civil and military bodies' operational requirements. The IronKey D300 series is now included on this list, which means it is qualified as an encrypted Flash drive that meets the data protection levels established by NATO to protect information against loss or cyber-attacks.

You already have some sort of third party security program in place - perhaps you've built a security questionnaire based on internal policies or an industry standard such as ISO or NIST. You may have even "Right-sized" your questionnaire specifically for different types of supplier relationships and developed a few templates for mitigating risk. It's now time to up that program - scaling it effectively, and continuously monitoring suppliers, so you can ensure they properly respond to incidents.

Just ahead of its Champion's League Round of 16 appearance next week, FC Barcelona's official Twitter account was hacked in an apparent credential-stuffing attack. "FC Barcelona's Twitter accounts have been hacked, which is why messages from outside our club have appeared, and which have been reported and deleted," the team announced on Twitter once it regained control of its social-media presence.