Security News

In a joint effort, the German Regional Police, Ukrainian National Police, Europol, Dutch Police, and FBI joined forces on February 28, 2023, to take down the masterminds behind a notorious criminal organization responsible for unleashing devastating cyberattacks using the DoppelPaymer ransomware. This ransomware appeared in 2019, when cybercriminals started using it to launch attacks against organizations, critical infrastructure, and industries.

"In today's economic reality, security budgets have not necessarily been cut down, but buyers are far more careful in their purchasing decisions and rightfully so. We believe that you cannot secure what you do not know, so knowing should be a basic commodity. Once you understand the magnitude of your SaaS attack layer, you can make an educated decision as to how you are going to solve it. Discovery is the natural and basic first step and it should be accessible to anyone." said Galit Lubetzky Sharon, Wing's Co-Founder and CTO. The company reported that within the first few weeks of launching, over 200 companies enrolled in their self-service free discovery tool, adding to the company's existing customer base. The challenge is that SaaS applications are often onboarded by employees without involving IT or security teams.

While these SaaS-to-SaaS connections provide enhanced features that boost workflow efficiency, they also give permission for apps to read, update, create, delete, or otherwise engage with corporate and personal data. In its report, Adaptive Shield identifies how many SaaS apps are being connected to the core SaaS stack, specifically Microsoft 365 and Google Workspace and business-critical apps such as Salesforce and Slack, the types of permissions being granted to these applications, and the risk level these apps present.

Google said it's working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what's called the application processor, it's just one of the many processors of a system-on-chip that cater to various tasks like cellular communications and multimedia processing.

As 2023 goals become solidified, companies need to decide how they are prioritizing cybersecurity. It's time to focus on what organizations can prioritize.

49% of organizations have sufficient budget to fully meet their current cybersecurity needs, and 11% can, at best, protect only their most critical assets, according to a survey by the Neustar International Security Council. Despite the rapidly changing threat landscape, 35% of information technology and security professionals responding to the survey said their organization's cybersecurity budget would remain the same or decrease in 2023, and 44% of these individuals believe their business will be more exposed and at risk as a result.

Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues."We're investigating issues impacting multiple Microsoft 365 services. We've identified a potential networking issue and are reviewing telemetry to determine the next troubleshooting steps," the Microsoft 365 team said in a Twitter thread. "We've isolated the problem to networking configuration issues, and we're analyzing the best mitigation strategy to address these without causing additional impact."

The predictions follow industry-wide research, which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native applications - resulting in the need for new and more effective approaches to cloud-native application security. The distinction between application security and cloud security has clearly blurred as application security is now affected by the underlying cloud infrastructure, while cloud security professionals now have to take the application layer into account in their attack path analysis.

Once inside corporate networks, they move swiftly to target and exfiltrate high-value data, including data crucial to the organization, intellectual property, and personal identifiable information or sensitive PII. Structured and unstructured data are at risk. Attackers targeted structured data used in databases such as Oracle and Microsoft Azure SQL Server and for analytics in web platforms such as Databricks.

78% of security professionals expect breach and incident reporting requirements to create more work for their teams, and 77% expect increased work from privacy requirements. "Regulatory developments around both incident reporting and privacy will undoubtedly continue to ramp up in 2023," said Bill Bernard, AVP, Security Strategy at Deepwatch.