Security News > 2022 > March

The United States' Cybersecurity and Infrastructure Security Agency, working with security vendor Symantec, has found an extremely sophisticated network attack tool that can invisibly create backdoors, has been plausibly linked to Chinese actors, and may have been in use since 2013. Symantec's threat hunting team has named the malware "Daxin" and described it as "a stealthy backdoor designed for attacks on hardened networks".

Runecast is a patented enterprise IT platform created for administrators, by administrators, and is tailored to the needs of those teams and enterprise leaders. "There are 'influencers' in the virtualization community who are posting articles or tweeting about specific problems even before they're officially recognized by the vendor," Stanimir Markov, one of the Runecast co-founders and current CEO, told Help Net Security, and pointed out that that is one of the things that allows Runecast to be proactive.

With the ability for true zero-trust access to securely connect users to data no matter which network connection the user chooses, enterprises have newfound freedom and flexibility when designing their information technology and security infrastructure and ecosystem. Imagine a world in which the software, hardware, and cloud technology ecosystem starts to absorb and bundle zero-trust access components directly into specific applications, devices, and workloads that enterprises purchase to support modern digital transformation.

Dragos released its report on cyber threats facing industrial organizations, naming the emergence of three new threat groups targeting ICS/OT environments, including two that have gained access into the OT systems of industrial organizations. Ransomware became the number-one attack vector among industrial organizations, with manufacturing as the most targeted sector representing 65%, or 211, of the ransomware cases detected at industrial organizations.

The majority of IT decision-makers plan to increase their organization's use of public cloud and private cloud infrastructure over the next 18-24 months. Despite recognizing the benefits of the cloud, not all workloads are destined for cloud platforms, and some organizations are experiencing a 'cloud boomerang effect' among specific applications.

The annual barometer of industry perceptions and intentions around IoT security surveyed 1,038 technology decision makers across Europe, USA, and APAC, and signals a positive turning point for security with organizations placing it at the center of IoT strategy and organizational culture. Despite almost universal acceptance that IoT security commands a premium, nearly a third of those asked identified cost as inhibiting them from implementing stronger security, while perceived expense and a lack of ROI were the biggest barriers to conducting external lab testing.

LastPass released the findings of an IDC survey which revealed that "Balancing company security requirements and the employee user experience" is the number one identity challenge, followed by "Employees struggling with too many passwords." According to the survey, 83% of the organizations who have suffered a security breach believe the breach resulted from a compromised password or identity compromise such as phishing, highlighting a greater need for organizations to adopt identity and access management solutions that work with all employees, are capable of securing every credential in the company, and promote the right security behaviours.

The global security and vulnerability management market is expected to grow from $6.7 billion in 2020 to $15.86 billion by 2030, at a CAGR of 9% during the forecast period 2021-2030, according to The Brainy Insights. An increase in vulnerabilities across the globe, high monetary losses due to the absence of security and vulnerability management solutions, stringent regulatory standards and data privacy compliances, surge in the adoption of IoT and cloud trends, and integration of advanced technologies such as AI and ML with security and vulnerability management solutions are some of the major driving factors contributing to the high growth rate of the security and vulnerability management market.

ShiftLeft Velocity Update enables application security and development teams to automate security controls. F5 announced a major expansion of its application security and delivery portfolio with F5 Distributed Cloud Services that provide security, multi-cloud networking, and edge-based computing solutions on a unified software-as-a-service platform.

Open XDR Summit is a community of cybersecurity professionals who are using Open XDR to cost-effectively reduce risk while dramatically improving productivity and confidence. The Open XDR Summit brings together security practitioners and vendors from the Open XDR ecosystem to share their experience with deployment, integration, detection, and response.