Security News

So we have halting the largest DDoS attack ever recorded; GameStop getting hit with DDOs attacks; etc. Some of these extortion attacks, there's about six or seven different vectors that are commonly used as part of these attacks.

Cloud-first security firm Wandera reports that malicious network traffic is the highest cybersecurity risk for hospitals and other healthcare providers and affects 72% of all organizations. The new report, "Cybersecurity in the Healthcare Industry," ranked phishing and outdated operating systems as the other top risks.

A report published last year has noted that most attacks against artificial intelligence systems are focused on manipulating them, but that new attacks using machine learning are within attackers' capabilities. Microsoft now says that attacks on machine learning systems are on the uptick and MITRE notes that, in the last three years, "Major companies such as Google, Amazon, Microsoft, and Tesla, have had their ML systems tricked, evaded, or misled." At the same time, most businesses don't have the right tools in place to secure their ML systems and are looking for guidance.

Organizations are often forced to make critical security decisions based on threat data that is not accurate, relevant and fresh, a Neustar report reveals. Just 60% of cybersecurity professionals surveyed indicate that the threat data they receive is both timely and actionable, and only 29% say the data they receive is both extremely accurate and relevant to the threats their organization is facing at that moment.

A Finnish psychotherapy centre was hit by hackers who stole therapy session notes - before threatening patients of the clinic with ransom demands amid selective dark web leaks of stolen material. "Psychotherapy Center Vastaamo has been the victim of data breaches and blackmail," said the Helsinki-based clinical chain late last week, adding: "In recent days, the blackmailer has published sections of the information he obtained during the hacking. Now the blackmailer has begun to approach the victims of the breach with blackmail letters demanding a ransom."

The purpose of threat intelligence is to collect data from a variety of sources outside of the organization's perimeters and generate intelligence on what is happening "Out there", enriching the organization's security operations. Threat intelligence provides visibility that extends beyond the organization's perimeters - and this visibility is based on the vendor's coverage on intelligence sources.

Securonix announced it signed an OEM agreement with Opora, a next-generation cybersecurity provider that uses pre-attack adversary behavior analytics to protect organizations from emerging threats. The partnership provides customers Securonix Adversary Behavior Analytics, an advanced capability that helps organizations protect mission critical assets by monitoring adversary behavior and delivering automated, preemptive actions that prevent attacks and help contain adversary threats.

Microsoft and MITRE, in collaboration with a dozen other organizations, have developed a framework designed to help identify, respond to, and remediate attacks targeting machine learning systems. The Adversarial ML Threat Matrix, which Microsoft has released in collaboration with MITRE, IBM, NVIDIA, Airbus, Bosch, Deep Instinct, Two Six Labs, Cardiff University, the University of Toronto, PricewaterhouseCoopers, the Software Engineering Institute at Carnegie Mellon University, and the Berryville Institute of Machine Learning, is an industry-focused open framework that aims to address this issue.

Source Defense announced its new offering of Website in Page Protection, as well as product enhancements and performance improvements to the VICE sandboxing technology within the Source Defense Platform. The Source Defense Platform protects online businesses and their customers from automated attacks and client-side threats, and improves operational efficiency.

Some of the world's most skilled nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms, according to a report from Accenture. The report examines the tactics, techniques and procedures employed by some of the most sophisticated cyber adversaries and explores how cyber incidents could evolve over the next year.