Security News

Qualys today announced Qualys Multi-Vector EDR. Taking a new multi-vector approach to Endpoint Detection and Response, Qualys now brings the unifying power of its highly scalable cloud platform to EDR. Traditional EDR solutions singularly focus on endpoints' malicious activities to hunt and investigate cyberattacks. Multi-Vector EDR enables security teams to unify multiple context vectors like asset and software inventory, end-of-life visibility, vulnerabilities and exploits, misconfigurations, network traffic summary, MITRE ATT&CK tactics and techniques, malware, endpoint telemetry, and network reachability by leveraging the Qualys backend to correlate with threat intelligence for accurate detection, investigation and response - ALL, in a single, cloud-based app with a single lightweight agent.

Kaspersky's security researchers have identified a multi-platform malware framework that they believe North Korea-linked hackers have been leveraging in attacks over the past couple of years. Called MATA, the platform appears to have been in use since spring 2018 to target computers running Windows, Linux, and macOS. The framework, which consists of components such as a loader, an orchestrator, and plugins, is believed to be linked to the prolific North Korean hacking group Lazarus.

Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware. Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the infrastructure as "MataNet" - comes with a wide range of features designed to carry out a variety of malicious activities on infected machines.

Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware. Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the infrastructure as "MataNet" - comes with a wide range of features designed to carry out a variety of malicious activities on infected machines.

EfficientIP launched Cloud IPAM Sync, a new service that enables IT managers to improve control over applications hosted in multi-cloud environments. Cloud IPAM Sync uses DDI to provide central visibility and unified management over internal and cloud datacenters, thanks to real-time repository information.

A recently discovered multi-platform Java ransomware uses a Java image file to evade detection, BlackBerry security researchers report. After establishing a foothold onto the environment, the attackers executed the Java ransomware module, which encrypted all file servers connected to the network, including backup systems.

Tufin announced a new release of Tufin SecureCloud, providing security for cloud-native, multi-cloud, and hybrid-cloud workloads and applications. The new release includes Center for Internet Security Benchmarks for Kubernetes and public cloud environments, Kubernetes best practices and assessments, streamlined risk analysis, enhanced security policy discovery and automatic generation.

A newly uncovered strain of Android spyware lurked on the Google Play Store disguised as cryptocurrency wallet Coinbase, among other things, for up to four years, according to a new report by Bitdefender. Beginning with an innocuous-looking dropper hosted on the Google Play store, masquerading as one of a number of legitimate apps, Mandrake allowed its Russian operators to snoop on virtually everything unsuspecting targets did on their mobile phone.

FireEye, the intelligence-led security company, announced the availability of FireEye Cloudvisory, a control center for cloud security management across any security environment - private, public and hybrid. Fully integrated into the broader FireEye cloud security portfolio, Cloudvisory now offers customers instant deployment across their cloud infrastructures, and further capabilities in security analytics through FireEye Helix and advanced threat detection through FireEye Detection On Demand.

The Forum of Incident Response and Security Teams has released an updated set of coordination principles - Guidelines for Multi-Party Vulnerability Coordination and Disclosure version 1.1. Previous best practices, policy and process for vulnerability disclosure focused on bi-lateral coordination and did not adequately address the current complexities of multi-party vulnerability coordination.