Security News

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. In this Help Net Security video, Shrav Mehta, CEO at Secureframe, talks about security best practices for GRC teams, highlights areas that security learners should pay close attention to, and discusses how security leaders can automate specific processes.

In their keynote at the firm's Security & Risk Management Summit in Sydney, Australia, today, VP analyst Mixter and director analyst Xiu argued that no amount of effort can prevent infosec incidents, and the quality of organizations' response is a more appropriate measure of an infosec team's effectiveness than expecting they will never fail to fend off the never-ending torrent of attacks. "Adrenalin does not scale," Xiu told the event - a reference to the practice of infosec teams responding to incidents by attacking them without a rehearsed plan.

With breach recovery costs skyrocketing, speeding time to recovery to minimize downtime and losses should be top of mind for security leaders. Most focus on adding more prevention and detection tools.

Microsoft will soon provide a single Teams Windows and macOS app for all account types, allowing users to switch between work, school, or personal profiles with just a couple of mouse clicks. A preview version is already gradually rolling out to Windows Insiders in the Canary and Dev channels using Microsoft Teams version 24057.

CISOs have clear communications role during cyber security incidents. "In the event of a major cyber security incident, the CISO should be prepared to step into a crisis management role. They should understand how to bring clarity to the situation and communicate effectively with internal and external stakeholders," according to the ASD. More Australia coverage How IT and security leaders should prepare to manage crisis communications.

The cybersecurity risks of SaaS chat apps, such as Microsoft Teams or Slack, often go underestimated. In the most recently reported case, AT&T Cybersecurity discovered phishing conducted against its Managed Detection and Response customers over Microsoft Teams in a DarkGate malware attack.

The study examining attitudes towards cybersecurity teams within organizations has uncovered that despite minor issues around communication and processes, there are high levels of trust and appreciation amongst employees. It indicates how cybersecurity teams and professionals are increasingly viewed as a vital strategic function enabling both individuals and business success.

Despite 57% of interviewed organizations reporting significant security incidents, over 70% of organizations reported better performance on cybersecurity key performance indicators, such as mean time to detect, investigate, respond, and remediate in 2023 as compared to 2022, and 90% believe they have good or excellent ability to detect cyberthreats. "While we aren't surprised by the contradictions in the data, our study in partnership with IDC further opened our eyes to the fact that most security operations teams still do not have the visibility needed for overall security operations success. Despite the varied TDIR investments they have in place, they are struggling to thoroughly conduct comprehensive analysis and response activities," said Steve Moore, Exabeam Chief Security Strategist.

New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. The attackers used what looks like a compromised Teams user to send over 1,000 malicious Teams group chat invites, according to AT&T Cybersecurity research.