Security News

Ransomware operators have reimagined their business model with ransomware as a service, selling related services to other attackers through membership, subscription or customization. Learning from advanced persistent threat campaigns, threat actors are customizing ransomware attacks by using highly experienced attack teams that hit targeted victims with APT-like precision and capability.

CIS relies on the contributions of these passionate industry experts to create and maintain the CIS Benchmarks. To start these new mappings, CIS focused on two of the most downloaded CIS Benchmarks - Microsoft Windows 10 and Red Hat Enterprise Linux 7 - and drilled in to MITRE ATT&CKtechniques.

The US Department of Energy has announced that it will provide $12 million in funding to six university teams to develop defense and mitigation tools to protect US energy delivery systems from cyberattacks. Cybersecurity tools developed as a result of the six university-led research, development, and demonstration projects will focus on detecting, blocking, and mitigating attempts to compromise critical controls within the US power grid.

The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defenses with newer methods, according to researchers with Zscaler's ThreatLabz research team. While the United States remained the country with the most phishing attempts, others are seeing faster growth in the number of incidents - exploiting new vectors like SMS and lowering the barrier of entry for launching attacks through pre-built tools made available on the market.

With risks accelerating in volume and variety, AMD belives that meaningful protection for today’s PCs require a carefully layered approach that relies on best-in-class security controls and...

In a September 2021 report from the nonprofit Cloud Security Alliance, nearly 70 percent of respondents - comprising 1,090 IT and security professionals - reported that their company's cloud security, IT operations and developer teams are misaligned on security policies and/or enforcement strategies. March 2021: The arts-and-crafts retailer Hobby Lobby left 138GB of sensitive customer information, source code for the company's app, and employee names and email addresses open to the public internet because of a cloud misconfiguration in its Amazon Web Services cloud database.

The war in Ukraine is in the second month of bloodshed and the broader impact of the conflict is being felt across the globe, as markets react to increased fuel prices and the consequences of Russia's growing political and economic isolation. The modus operandi of NATO leaders has been to contribute military and humanitarian aid to the Ukrainian government, while remaining below the threshold of direct engagement with Russia - a situation where the possibility of an escalation towards nuclear confrontation is evident in both the Kremlin's rhetoric and Russian doctrinal support for the use of nuclear munitions to end conventional conflict.

The CIS Controls are a set of 18 prioritized actions and 153 defensive measures known as Safeguards. The CIS Community Defense Model v2.0 was created to help answer that and other questions about the value of the Controls based on threat data from leading industry reports.

As in the Coinbase incident, many MFA bypass attacks begin with a phishing attack. Organizations use MFA to protect users against these attacks.

Credit agency warns weak cybersecurity defenses could hurt a company's credit rating, even before an attack. As cyberattacks and data breaches grow bigger and more frequent, companies that don't build strong cybersecurity defenses may feel a direct financial hit even before hackers show up.