Security News

Money or your business: Ensure your ransomware defense strategy beats off disruptions, extortions
2022-04-28 07:15

Ransomware operators have reimagined their business model with ransomware as a service, selling related services to other attackers through membership, subscription or customization. Learning from advanced persistent threat campaigns, threat actors are customizing ransomware attacks by using highly experienced attack teams that hit targeted victims with APT-like precision and capability.

2022-04-27 04:00

CIS relies on the contributions of these passionate industry experts to create and maintain the CIS Benchmarks. To start these new mappings, CIS focused on two of the most downloaded CIS Benchmarks - Microsoft Windows 10 and Red Hat Enterprise Linux 7 - and drilled in to MITRE ATT&CKtechniques.

US govt grants academics $12M to develop cyberattack defense tools
2022-04-22 16:33

The US Department of Energy has announced that it will provide $12 million in funding to six university teams to develop defense and mitigation tools to protect US energy delivery systems from cyberattacks. Cybersecurity tools developed as a result of the six university-led research, development, and demonstration projects will focus on detecting, blocking, and mitigating attempts to compromise critical controls within the US power grid.

Criminals adopting new methods to bypass improved defenses, says Zscaler
2022-04-20 12:15

The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defenses with newer methods, according to researchers with Zscaler's ThreatLabz research team. While the United States remained the country with the most phishing attempts, others are seeing faster growth in the number of incidents - exploiting new vectors like SMS and lowering the barrier of entry for launching attacks through pre-built tools made available on the market.

Making Defenses Count: Designing for Substantial Depth
2022-04-20 00:00

With risks accelerating in volume and variety, AMD belives that meaningful protection for today’s PCs require a carefully layered approach that relies on best-in-class security controls and...

Rethinking Cyber-Defense Strategies in the Public-Cloud Age
2022-04-19 17:29

In a September 2021 report from the nonprofit Cloud Security Alliance, nearly 70 percent of respondents - comprising 1,090 IT and security professionals - reported that their company's cloud security, IT operations and developer teams are misaligned on security policies and/or enforcement strategies. March 2021: The arts-and-crafts retailer Hobby Lobby left 138GB of sensitive customer information, source code for the company's app, and employee names and email addresses open to the public internet because of a cloud misconfiguration in its Amazon Web Services cloud database.

Moving towards defense in depth under the gray skies of conflict
2022-04-19 03:03

The war in Ukraine is in the second month of bloodshed and the broader impact of the conflict is being felt across the globe, as markets react to increased fuel prices and the consequences of Russia's growing political and economic isolation. The modus operandi of NATO leaders has been to contribute military and humanitarian aid to the Ukrainian government, while remaining below the threshold of direct engagement with Russia - a situation where the possibility of an escalation towards nuclear confrontation is evident in both the Kremlin's rhetoric and Russian doctrinal support for the use of nuclear munitions to end conventional conflict.

Cyber defense: Prioritized by real-world threat data
2022-04-12 04:30

The CIS Controls are a set of 18 prioritized actions and 153 defensive measures known as Safeguards. The CIS Community Defense Model v2.0 was created to help answer that and other questions about the value of the Controls based on threat data from leading industry reports.

When MFA fails, defense in depth is key
2022-04-07 07:45

As in the Coinbase incident, many MFA bypass attacks begin with a phishing attack. Organizations use MFA to protect users against these attacks.

Credit agency warns weak cybersecurity defenses could hurt a company’s credit rating, even before an attack
2022-04-06 17:00

Credit agency warns weak cybersecurity defenses could hurt a company's credit rating, even before an attack. As cyberattacks and data breaches grow bigger and more frequent, companies that don't build strong cybersecurity defenses may feel a direct financial hit even before hackers show up.