Security News

The U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module. Corresponding with the NSA/CISA alert is an ICS-CERT advisory about a handful of bugs, one critical and ranking 10 out of 10 on the CvSS vulnerability-severity scale, in Triconex SIS equipment from Schneider.

CISOs who are successful at reducing or closing the critical skills gap have the highest probability of minimizing the business impact of cyberattacks - even when budgets and staffing are constrained, according to the results of a new SANS Institute survey. Even with the future uncertainty brought on by the pandemic, the survey covered staff changes in 2019, qualitative responses on what skills security managers see a need for, which needs they plan on staffing internally, and where they plan on using external service providers.

A report released Wednesday by security provider Positive Technologies discusses the trends of ransomware attacks during the first quarter of 2020. For its "Cybersecurity Threatscape Report for Q1 2020," Positive Technologies found that more than a third of malware-based cyberattacks during the quarter were ransomware attacks.

U.S. President Donald Trump has confirmed that a cyberattack was launched in 2018 against a Russian company believed to be behind some major disinformation campaigns, including ones targeting elections. The Washington Post reported in February 2019 that the U.S. Cyber Command, supported by the NSA, had launched an attack on the Internet Research Agency, a Saint Petersburg-based firm that is said to conduct online influence operations for the Russian government.

XM Cyber, an Israel-based company that offers a cyberattack simulation platform, announced on Thursday that it raised $17 million in a Series B funding round. XM Cyber offers an automated breach and attack simulation platform that continuously tests an organization's security posture, including on premises and in the cloud, and provides them information on how to remediate any identified issue.

Recent fires and explosions at important Iranian facilities may have been caused deliberately as part of an operation that involved cyberattacks, according to reports. There have been several incidents at major Iranian industrial facilities in recent weeks, including a fire at the Natanz nuclear enrichment site and an explosion at the Parchin military complex near Tehran, which is believed to be involved in the production of missiles.

Cyberattacks bypass the WAF. 49% of security professionals reported more than a quarter of attempts to sidestep their WAF protocols had been successful in the last 12 months. 29% of respondents admitted they had found it difficult to alter their WAF policies to guard against new web application attacks, while just 15% said they had found the process very easy.

Based on a survey commissioned by IBM Security and conducted by the Ponemon Institute, "The 2020 Cyber Resilient Organization Study" found that organizations have gradually improved their ability to plan for, detect, and even respond to cyberattacks over the past five years. The ability of organizations to contain an actual attack dropped by 13% over the past five years, which IBM Security attributed to several factors.

Less than one-third of Americans said they are concerned about their data security while working from home during the COVID-19 pandemic, a Unisys Security report found. The Unisys Security Index, released on Tuesday, calculates a score out of 300 that measures consumer attitudes over eight areas of security in four categories.

Australia's prime minister said Friday his country was under a broad cyberattack from a "State-based actor" targeting government, public services and businesses, with suspicions falling on China. Australia enraged China by calling for an investigation into the origins of the coronavirus pandemic and by accusing China of fuelling a virus "Infodemic" and engaging in economic "Coercion".