Security News > 2020

While a prevention layer around your network is important, don't forget you need detection and response practices to deal with threats once they're in your systems - and to mitigate their effects quickly and thoroughly. With such a heavy focus on detection and response now, it makes huge sense to start thinking about how to oversee these operations, especially in increasingly complex cloud and hybrid cloud environments.

The US needs a top-level cybersecurity coordinator and a better strategy of "Deterrence" to protect against hackers and other cyber threats, a congressionally mandated commission said Wednesday. The bipartisan panel which included lawmakers and private sector experts made more than 80 recommendations ranging from reforms in the executive and legislative branches to better cooperation with allies to secure cyberspace.

Fear of coronavirus infections has resulted in organizations ruling out large meetings. Today's worker needs to collaborate with global data amongst international teams requiring robust security measures for identity-based access, secure data collaboration, management of digital rights, data transfers, etc.

Tens of vulnerabilities discovered by Cisco Talos researchers in WAGO products expose some of the company's controllers and human-machine interface panels to remote attacks. He says, attacks exploiting these vulnerabilities can be launched directly from the internet.

This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a...

Researchers uncovered a new variant of the TrickBot malware that relies on new anti-analysis techniques, an updated method for downloading its payload as well as adopting minor changes to the integration of its components. "In this post, we detailed how this TrickBot fresh variant works in a victim's machine, what technologies it uses to perform anti-analysis, as well as how the payload of TrickBot communicates with its C&C server to download the modules," said Xiaopeng Zhang with Fortinet's FortiGuard Labs threat team in a Monday analysis.

Even though the overall volume of malware dropped in 2019, phishing and business email compromise went up sharply, according to Trend Micro's 2019 Cloud App Security Roundup. More than 11 million of the 12.7 million high-risk emails blocked in 2019 were phishing related, making up 89% of all blocked emails.

With TLS 1.0 and TLS 1.1 considered vulnerable to various types of attacks, including BEAST, CRIME and POODLE, the Internet organization last month announced plans to disable them in its popular browser and allow only connections made using TLS 1.2 and TLS 1.3. An override button on the error page will provide users with the option to fallback to TLS 1.0 or TLS 1.1.

In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances...

New Threat With An Old Malware Component The latest threat, designed to steal information from unwitting victims, was first spotted by MalwareHunterTeam last week and has now been analyzed by Shai Alfasi, a cybersecurity researcher at Reason Labs. AZORult malware collects information stored in web browsers, particularly cookies, browsing histories, user IDs, passwords, and even cryptocurrency keys.