Security News > 2022 > June

If you Google "How often should I do penetration testing?", the first answer that pops up is "Once a year." Indeed, even industry-leading standards like PCI-DSS dictate that external penetration testing be conducted annually, while internal penetration testing takes place annually, with segmentation testing occurring every six months. Gartner calls these threats "High momentum threats" and recommends that organizations at risk adopt a more streamlined approach to cybersecurity - including pen testing.

Deepwatch released the State of the Modern SOC report, which found that most IT security professionals believe they could have stopped business impacting cyber events if equipped with better response capabilities. Many seek more automation and less alert noise to shorten response times.

The Essential Eight is essentially a cyber security framework that is made up of objectives and controls. The Essential Eight is "Based on the ACSC's experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organizations to implement the Essential Eight".

Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model - for the vendors, anyway. A zero trust security framework essentially boils down to trusting no-one on the network, let alone anyone connecting in from the outside, and assuming there has been a security breach.

The Gallium group, believed to be a Chinese state-sponsored team, is going on the warpath with an upgraded remote access trojan that threat hunters say is difficult to detect. The backdoor, once in a compromised system, comes in three variants, each of which can communicate with the command-and-control system in one of three protocols: ICMP, HTTPS and raw TCP. All three PingPull variants have the same functionality, but each creates a custom string of code that it sends to the C2 server, which will use the unique string to identify the compromised system.

In this video for Help Net Security, Patrick Sullivan, VP of Customer Success at A-LIGN, talks about the value of modern compliance programs. As organizations work on compliance with existing legislation, it's imperative, first and foremost, that they decide what it is that they really intend to create with the compliance program itself.

SaaS applications have become synonymous with modern business environments, and CISOs and security teams struggle to find a happy medium between ensuring the security of their SaaS portfolio and empowering the organization's streamlined business workflows and productivity. In recent conversations with leading CISOs in the global market, including Frank Kim, fellow and former CSO at the SANS Institute; Sounil Yu, CSO at JupiterOne; Ray Espinoza, VP Cloud Security at Medallia; Leon Ravenna, CISO at KAR Global; Alex Manea, CISO at Georgian and Tim Fitzgerald, CISO at Arm, we took a deep dive into the CISO perspective on SaaS challenges, security pitfalls, actionable tips for successful SaaS management and to avoid the dreaded "Death by 1000 apps."

The research found that 53% of the 1.6 million organizations assessed had at least one exposed vulnerability to the internet, while 22% of organizations amassed more than 1,000 vulnerabilities each, confirming more progress is required to protect organizations' critical assets. Regardless of how many total vulnerabilities existed across their domain(s), organizations typically fixed about 10% of weaknesses each month.

Hitachi Vantara and Enterprise Strategy Group announced the findings of a survey of more than 600 IT and cybersecurity professionals, which revealed that 79% respondents reported a ransomware attack at their company within the last year. More troubling for organizations is the degree with which these attacks are successful.

A Chinese advanced persistent threat known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull, the "Difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol for command-and-control communications, according to new research published by Palo Alto Networks Unit 42 today.