Security News
A newly released threat report, tracking the biggest trends in the cybercriminal landscape, shows that attackers have been capitalizing on the global pandemic in various ways - from ransomware to web-based malware. Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, said that the semi-annual FortiGuard Labs Global Threat Landscape Report [PDF] for the first half of 2020, released Wednesday, illustrates an "Unprecedented cyber threat landscape."
Less than 50% of security leaders understand the relationship between a cybersecurity threat and how it directly affects a specific business risk, while not enough security leaders believe in a coordination with business stakeholders' needs, regarding cost, performance, and risk-reduction objectives. There's not enough discussion on cybersecurity strategy: 47% of security leaders frequently discuss cybersecurity with business execs, and 42% of business executives rarely, "If ever," consult with security leaders on business strategies.
A wave of bogus job offer emails from leading aerospace and defense companies is actually a cybercrime campaign designed to harvest information about professionals in sensitive industries. Discovered by McAfee Advanced Threat Research, the campaign appears to have begun in April 2020 and was detected until mid-June, and there are telltale signs that the campaign is being orchestrated by known North Korean hacking groups.
CWT, a giant in the corporate travel agency world with a global clientele, may have faced payment of $4.5 million to unknown hackers in the wake of a ransomware attack. A CWT spokesperson declined to comment on whether the ransom was paid, or any technical details of the attack, or how it was able to recover so quickly.
Data breaches are now costing companies nearly $4 million according to a new report from IBM Security and the Ponemon Institute released Wednesday. On average, breaches now cost organizations $3.86 million per attack, with the United States having the highest average cost per breach and healthcare being the most heavily hit industry.
Expert suggests universities take extra care to prevent attacks while students are learning from home. TechRepublic's Karen Roby spoke with Carlos Morales of VP and general manager of DDoS Security Services at NetScout Systems, which provides application and network performance management products, about security concerns with remote learning at universities.
Expert suggests universities take extra care to prevent attacks while students are learning from home.
The U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module. Corresponding with the NSA/CISA alert is an ICS-CERT advisory about a handful of bugs, one critical and ranking 10 out of 10 on the CvSS vulnerability-severity scale, in Triconex SIS equipment from Schneider.
CISOs who are successful at reducing or closing the critical skills gap have the highest probability of minimizing the business impact of cyberattacks - even when budgets and staffing are constrained, according to the results of a new SANS Institute survey. Even with the future uncertainty brought on by the pandemic, the survey covered staff changes in 2019, qualitative responses on what skills security managers see a need for, which needs they plan on staffing internally, and where they plan on using external service providers.
A report released Wednesday by security provider Positive Technologies discusses the trends of ransomware attacks during the first quarter of 2020. For its "Cybersecurity Threatscape Report for Q1 2020," Positive Technologies found that more than a third of malware-based cyberattacks during the quarter were ransomware attacks.