Security News

The PCI Security Standards Council and the ATM Industry Association issued a joint bulletin to highlight an increasing threat that requires urgent awareness and attention. An ATM cash-out attack is an elaborate and choreographed attack in which criminals breach a bank or payment card processor and manipulate fraud detection controls as well as alter customer accounts so there are no limits to withdraw money from numerous ATMs in a short period of time.

A new report from the industrial cybersecurity company Claroty details how US IT and OT security professionals see their organization's more of a target since early March, when the US pandemic shut down industry. Claroty's report, "The Critical Convergence of IT and OT Security in a Global Crisis," revealed that 60% of respondents believe their CISO demonstrated good leadership in the midst of a crisis, but also found that 86% said their organization's leadership made cybersecurity a priority during the pandemic and implemented appropriate training resources for the company's now dispersed workforce.

The three new features provide adaptive threat profiling for Juniper's ATP Cloud, the integration of WootCloud HyperContext for device profiling, and Secure Connect VPN for remote working beyond the branch office. Adaptive Threat Profiling makes use of Juniper's SRX series firewalls to act as sensors throughout the network.

Raytheon Intelligence & Space is launching a new hardware emulation and software analysis tool called DejaVM that provides a virtualized environment to evaluate and reduce cyber threats against mission-critical systems in a modern networked space. DejaVM enables system-level cyber testing without requiring access to the limited number of highly specialized physical hardware assets.

My company, MobileIron, wanted to better understand current QR code trends, so in September we conducted a survey of more than 2,100 consumers across the U.S. and the U.K. It confirmed that QR codes are indeed more widely used today. It's why, if mobile employees are using their personal devices to access business apps and scan potentially risky QR codes, enterprise IT should start taking a much closer look at their mobile security approach.

Based on over 8 trillion daily security signals and observations from the company's security and threat intelligence experts, the Microsoft Digital Defense Report 2020 draws a distinction between attacks mounted by cybercriminals and those by nation-state attackers. "While credential phishing and BEC continue to be the dominant variations, we also see attacks on a user's identity and credential being attempted via password reuse and password spray attacks using legacy email protocols such as IMAP and SMTP," Microsoft noted.

A threat actor was able to compromise the network of a federal agency and create a reverse proxy and install malware, the Cybersecurity and Infrastructure Security Agency reported on Thursday. Following initial access, the threat actor started gathering information of interest from email accounts, enumerated the Active Directory and Group Policy key, modified a registry key for the Group Policy, and enumerated compromised systems.

Microsoft Defender Application Guard, brings hypervisor-based isolation to Microsoft Edge and Microsoft Office applications. While Application Guard works well with Edge and Office, it doesn't support other applications.

CrowdStrike announced it has agreed to acquire Preempt Security, provider of zero trust and conditional access technology for real-time access control and threat prevention. Together, CrowdStrike and Preempt will provide a modern zero trust security architecture and threat protection to keep organizations' users, endpoints, and data safe from modern attacks, without compromising productivity or the user experience.

Google this week announced the availability of Chronicle Detect, a threat detection solution for enterprises from Google Cloud. The tool is meant to help organizations depart from legacy security tools and adopt a modern threat detection system, Google says.