Security News

Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways, an Area 1 Security study reveals. Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise to evade traditional email defenses, which are based on already-known threats.

Source Defense announced its new offering of Website in Page Protection, as well as product enhancements and performance improvements to the VICE sandboxing technology within the Source Defense Platform. The Source Defense Platform protects online businesses and their customers from automated attacks and client-side threats, and improves operational efficiency.

SlashNext announced the on-device AI mobile phishing defense for iOS and Android with natural language and link-based detection to protect users from the exponential increase in mobile-based SMS phishing attacks. Now SlashNext, customers and partners can benefit from the industry's fastest and most accurate, 2.0 mobile AI phishing defense, protecting users from all forms of phishing across all their communication channels - SMS, email, social networking, gaming, collaboration and search - without compromising user privacy or performance.

A cybersecurity expert warns that during Cybersecurity Awareness Month it is time for the enterprise to emphasize training that doesn't just keep their employees from putting the business at risk, but "Empowers them to become the organization's first line of defense." Last year's Cybersecurity Awareness Month presented a different set of issues than this year's.

On Tuesday, Microsoft released its annual Digital Defense Report providing a glimpse of the trends shaping the cybersecurity landscape during the last year. The Digital Defense Report analyzes cybersecurity threats from the second half of 2019 through the first half of 2020.

FireEye found that there is usually three days of dwell time between these early warning signs and detonation of ransomware. How does a security team find these weak but important early warning signals? Somewhat surprisingly perhaps, the network provides a unique vantage point to spot the pre-encryption activity of ransomware actors such as those behind Maze.

After a short lesson in internet history, the author puts the reader in the shoes of the attacker and explains how simple it is to hack a website, as well as how easy it is to obtain and apply hacking tools. The author proceeds to offer basic knowledge about how the internet, browsers, web servers and programmers work.

Some information needs to be leaked from the kernel that reveals the current layout of its components in RAM. If a ROP exploit just guesses the kernel's layout and is wrong, it will trigger a crash, and this can be detected and acted on by an administrator. "Using speculative execution for crash suppression allows the elevation of basic memory write vulnerabilities into powerful speculative probing primitives that leak through microarchitectural side effects," the paper stated.

Fully aligned with SASE's edge-based security approach, the Zero Trust security construct can be executed using the SASE framework. To understand how SASE is an approach that enables a Zero Trust security model, we'll dig a little deeper into Gartner's vision.

Massachusetts Institute of Technology scientists have created a cryptographic platform that allows companies to securely share data on cyber attacks they suffered and the monetary cost of their cybersecurity failures without worrying about revealing sensitive information to their competitors or damaging their own reputation. The researchers recruited seven large companies that had a high level of security sophistication and a CISO to test out the platform, i.e., to contribute encrypted information about their network defenses and a list of all monetary losses from cyber attacks and their associated defensive failures over a two-year period.