Security News

Called attacker dwell time, this is part of an adversarial approach that has become even more popular with hackers when it comes to 2021 ransomware attacks and data breaches. Combating Dwell Time with EDR. Even one day is too many when it comes to adversaries camping out on your network, but rooting them out can be tough for resource-strapped firms on a tight budget.

President Joe Biden signed an executive order Wednesday meant to strengthen U.S. cybersecurity defenses in response to a series of headline-grabbing hacking incidents that highlight how vulnerable the country's public and private sectors are to high-tech spies and criminals operating from half a world away. The order will require all federal agencies to use basic cybersecurity measures, like multi-factor authentication, and require new security standards for software makers that contract with the federal government.

President Biden signed an executive order Wednesday to modernize the country's defenses against cyberattacks and give more timely access to information necessary for law enforcement to conduct investigations. This executive order follows the numerous cyberattacks targeting US interests this year, including the SolarWinds supply chain attacks in December and the more recent DarkSide ransomware attack against the largest US fuel pipeline, Colonial Pipeline.

UK's National Cyber Security Centre highlights the success of its Active Cyber Defence program. The UK's National Cyber Security Center Active Cyber Defense program is an ambitious project designed to improve the security posture of an entire nation.

CrowdStrike and Google Cloud announced a series of product integrations to deliver joint customers defense-in-depth security, comprehensive visibility and workload protection at scale across hybrid cloud environments. These integrations will enable more seamless sharing of telemetry and data between the two security platforms, helping maintain high levels of security across a customers' entire cloud or hybrid environment.

The United States' Department of Defense has opened up all of its publicly facing systems and apps to investigation under a bug bounty program. The bug bounty system had only been aimed at websites but now Kristopher Johnson, director of its Vulnerability Disclosure Program, has said "Websites were only the beginning as they account for a fraction of our overall attack surface" and urged the infosec community to take a wider view.

Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection. This basically means that, if your PC supports it, it's a bit harder for malicious websites to exploit bugs in Chrome to hijack your computer.

FireEye announced that Mandiant Managed Defense, Mandiant's managed detection and response service, now supports Microsoft Defender for Endpoint. "With threat conditions changing constantly, companies require trusted expertise with powerful analytical capabilities to ensure accurate and decisive execution - this is where Mandiant shines," said Marshall Heilman, Executive Vice President, Managed Defense and Advanced Practices, FireEye.

All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was first announced. Published on Friday by a team of computer scientists from the University of Virginia and the University of California, San Diego, describes how all modern AMD and Intel chips with micro-op caches are vulnerable to this new line of attack, given that it breaks all defenses.

A previously undocumented backdoor malware, dubbed PortDoor, is being used by a probable Chinese advanced persistent threat actor to target the Russian defense sector, according to researchers. The malware then creates an additional file in %temp% with the hardcoded name "58097616.tmp" and writes the GetTickCount value multiplied by a random number to it: "This can be used as an additional identifier for the target, and also as a placeholder for the previous presence of this malware," researchers explained.