Security News

For attackers, it's almost a no-brainer: phishing is cheap and humans are fallible, even after going through anti-phishing training. That's why defenders must preempt attacks, he says, and reinforce a lesson during a live attack.

ACI Worldwide announced ACI Fraud Management in the cloud enables Indian banks to protect the rapidly growing number of Unified Payments Interface transactions across the region. "A supportive regulatory environment, coupled with ever-increasing smartphone usage, internet access and customer acceptance, has powered rapid UPI transaction growth. However, surging transaction volumes pose a complex challenge to banks and financial institutions when it comes to upgrading and maintaining their back-end risk management systems," said Kaushik Roy, vice president and country leader - South Asia, ACI Worldwide.

A threat actor has been observed targeting Oracle Solaris operating systems for over two years, including with an exploit for a recently addressed zero-day vulnerability, FireEye reported on Monday. In late 2018, the threat actor was observed compromising a Solaris server that had the SSH service exposed to the Internet, to install the SLAPSTICK backdoor on it, in order to steal credentials.

Cybersecurity professionals know there are fundamental gaps in most cyber operations centers, one of which is the overwhelming level of effort required to understand cyber threat information. As a result, cyber analysts are rarely allowed to produce their primary work product: actionable intelligence.

2020 has been a year of incredible uncertainty and upheaval, which for security professionals inevitably means threats have multiplied right across the enterprise. This in no way means the ongoing threat to Industrial Control Systems has diminished.

92 percent of organizations admit that they face a cloud security readiness gap. IoT in all its flavors exposes companies and consumers alike to a wide range of security threats.

Russian interference has been minimal so far in the most tempestuous U.S. presidential election in decades. Election officials fear a "Blend" of overlapping attacks intended to undermine voter confidence and incite political violence: taking over state or local government websites to spread misinformation, crippling election results-reporting websites with denial-of-service attacks, hijacking officials' social media accounts and making false claims about rigged voting.

McAfee announced extended detection and response capabilities with the introduction of MVISION XDR platform, a cloud-based advanced threat management solution with complete coverage across the attack lifecycle, prioritization to protect what matters, easy orchestration and efficient response. MVISION XDR improves security operations centers effectiveness with quick risk mitigation and delivers total cost of ownership for threat response with the inclusion of MVISION Insight's proactive threat analytics.

Exabeam announced a major enhancement to the Exabeam Security Management Platform, enabling organizations to detect improper access of cloud storage objects and defend against threats to cloud-based data, such as attackers exfiltrating sensitive data or hosting malicious files. By ingesting audit data from Amazon Simple Storage Services, Microsoft Azure Blobs and Google Cloud Platform Cloud Storage buckets, Exabeam can distinguish malicious activity from normal behavior and allow security analysts to easily identify and follow attacks on cloud storage objects before they lead to a security breach.

Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that's been a persistent worry to both the company and the U.S. government over the last few months. Despite patching awareness efforts, Microsoft said it is still receiving "a small number of reports from customers and others" about active exploits of the bug tracked as CVE-2020-1472, or Zerologon, according to a blog post by Aanchal Gupta, vice president of engineering for MSRC, on Thursday.