Security News

Even as cryptocurrencies lose value - and some crypto companies file for bankruptcy - cryptojacking still poses an urgent threat to enterprises across industries, from financial services to healthcare to industry 4.0 and beyond. Broadly speaking, cryptojacking is defined as the unauthorized and illegitimate use of an unwitting party's compute and/or server power by a malicious actor to mine cryptocurrencies.

As schools have become more digital, they've taken a somewhat backward approach to cybersecurity, historically moving slowly, and have weak cybersecurity controls and protocols. In this Help Net Security video, Raj Dodhiawala, CEO at Remediant, talks about how this situation is due to longer cycles for IT budgetary and staffing processes, a higher turnover rate, and lower continuity in IT security projects and skills.

The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was "One of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare," according to Dmitri Alperovitch, a co-founder of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator. The two suggested that the primary purpose of the attack on satellite comms provider Viasat was to disrupt Ukrainian communications during the invasion, by wiping the modems' firmware remotely, it also disabled thousands of small-aperture terminals in Ukraine and across Europe.

Today's threat landscape is constantly evolving. Threat actors and tactics are becoming more determined and advanced.

China has begun talking to ten nations in the South Pacific with an offer to help them improve their network infrastructure, cyber security, digital forensics and other capabilities - all with the help of Chinese tech vendors. That's a nod to accusations that China practices what's been labelled "Debt trap diplomacy" whereby development assistance comes with repayment plans small nations may not be able to afford.

An offensive mindset is key to ensuring the best cyber defense. To ensure success, there are three main components for organizations to consider when developing a defensive strategy based on an offensive cyber model: re-envisioning recruitment, thinking like a hacker, and promoting offensive training in tangent with defensive training.

In a September 2021 report from the nonprofit Cloud Security Alliance, nearly 70 percent of respondents - comprising 1,090 IT and security professionals - reported that their company's cloud security, IT operations and developer teams are misaligned on security policies and/or enforcement strategies. March 2021: The arts-and-crafts retailer Hobby Lobby left 138GB of sensitive customer information, source code for the company's app, and employee names and email addresses open to the public internet because of a cloud misconfiguration in its Amazon Web Services cloud database.

The CIS Controls are a set of 18 prioritized actions and 153 defensive measures known as Safeguards. The CIS Community Defense Model v2.0 was created to help answer that and other questions about the value of the Controls based on threat data from leading industry reports.

The Center for Internet Security Community Defense Model v2.0 can be used to design, prioritize, implement, and improve an enterprise's cybersecurity program. Enterprises naturally want to know how effective the CIS Critical Security Controls are against the most prevalent types of attacks.

Russia's ambassador to Estonia today compared Ukraine's participation in NATO's Cooperative Cyber Defence Centre of Excellence intel-sharing cyberdefense hub to an attempt at blackmail. Although being accepted as a contributing participant, this does not make Ukraine a NATO member, but it will most likely tighten collaboration and will also allow it to gain access to NATO members' cyber-expertise and share its own.