Security News

Passbolt: Open-source password manager for security-conscious organizationsIn this Help Net Security interview, Kevin Muller, CEO at Passbolt, delves into the critical concerns linked to password usage, outlines how the Passbolt password manager guarantees the utmost level of security for businesses, highlights its features in the competitive landscape, sheds light on how Passbolt meets the distinct requirements of teams and organizations, and more. Rorschach ransomware deployed by misusing a security toolAn unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found.

"Complex networks, large customer bases, and long supply chains make these industries highly susceptible to attacks. The study reveals that given the current organizational approaches to network security, companies cannot be continuously compliant, and as a result carry with them unquantified levels of risk to the confidentiality, integrity, and availability of systems and data." said Phil Lewis, CEO, Titania. "A determined attacker will try a combination of approaches to access a network until they gain entry, and known vulnerabilities or misconfigurations are an easy way in. Companies must adopt both a zero trust mindset and network security best practices, to minimise the attack surface, inhibit lateral movement, and prevent intruders from meeting their goals," continued Lewis.

Data storage devices maker Western Digital on Monday disclosed a "Network security incident" that involved unauthorized access to its systems.The breach is said to have occurred on March 26, 2023, enabling an unnamed third party to gain access to a "Number of the company's systems."

US-based data storage company Western Digital has announced that it has suffered a network security incident that resulted in an unauthorized third party gaining access to a number of the company's systems and some company data. Western Digital identified the network security incident on March 26, 2023.

Data backups get a lot of attention, but sadly, sometimes, the operational work that keeps networks secure - like device backups, upgrades, and configuration grooming - goes undone. Recent high-profile network outages have brought attention to the importance of not just automating improvements in network security and operations but recovering quickly and minimizing downtime when disaster strikes.

To address these challenges, organizations are turning to predictive analytics and Machine Learning driven network security solutions as essential tools for securing their networks against cyber threats and the unknown bad. ML-driven network security solutions in cybersecurity refer to the use of self-learning algorithms and other predictive technologies to automate various aspects of threat detection. In summary, the mentioned drawbacks of rule-based security solutions highlight the significance of taking a more holistic approach to network security, which should nowadays include ML-powered Network Detection and Response solutions to complement traditional detection capabilities and preventive security measures.

Applying patches to fix these vulnerabilities across an organisation's entire network of devices can be time-consuming and complex to implement - but it is essential. The previous two threats are usually exploited to breach networks and steal information, but a Denial-of-Service attack is meant to shut down your network and make it inaccessible.

Having 20/20 visibility is paramount to network security, because it helps organizations discover and understand what data they are securing and from whom they're securing it. To unlock these benefits requires collaboration between the networking and security teams with network visibility as the glue.

Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a single, less monitored port, Windows TCP port 135. While the original PsExec is available in the Sysinternals utility suite, there is also an implementation in the Impacket collection of Python classes for working with network protocols, which has support for SMB and other protocols like IP, UDP, TCP that enable connections for HTTP, LDAP, and Microsoft SQL Server.

Most organizations are deep into a phase of major growth and evolution that's called "Digital acceleration." The goal of digital acceleration for organizations is to adapt and thrive-despite the global pandemic and the nonstop introduction of new cyber threats. Digital acceleration has led to a rapid expansion of attack surfaces and creation of new network edges, including LAN, WAN, 5G, and multi-cloud.