Security News

Some intelligence services focus their efforts on identifying threat actor groups and attack methods, informing their customers whether they are targeted or not. Some terms are beginning to emerge to better define intelligence offerings, with the most prominent one being Digital Risk Protection, or DPO. While it is used by many vendors to describe services designed to identify external threats, it does often time seem to include the traditional "Threat intelligence" as part of the vendor's offering, such as malware IOCs, blurring the lines between the two terms.

Ransomware attacks often rely on trojans to infect computers and steal information. As ransomware continues to dominate as a cyberthreat, criminals are increasingly carrying out attacks using Cobalt Strike, an otherwise ethical testing framework.

More attention should be dedicated to strange login times and locations so that cloud and SaaS account compromises do not result in company-wide damage. Since the unusual login location was accompanied by an unusual login time, the actions triggered a deeper analysis from my team.

How does Qualys Multi-Vector EDR differ from traditional EDR solutions? Qualys Multi-Vector EDR leverages the strength of EDR while also extending the visibility and capabilities beyond the endpoint to provide a more comprehensive approach to protection.

While attachment threat vectors are one of the oldest malware-spreading tricks in the books, email users are still clicking on malicious attachments that hit their inbox, whether it's a purported "Job offer" or a pretend "Critical invoice." The attack vector is still widespread enough where tech giants are re-inventing new ways to try to stomp it out, with Microsoft just this week rolling out a feature for Office 365 that aims to protect users against malicious attachments sent via email, for instance.

CTM360 has announced the launch of its latest mobile app, 'The Threat Manager. ' The app aims to allow it's users to tackle threats on the go, with the aim to simplify security in an agile and efficient manner.

Security threats in the second quarter of 2020 continue to target remote workers, but attackers aren't relying on COVID-19-themed phishing: They're going straight for vulnerable home networks where workers are conducting business. Managed security provider Nuspire's report on security threats in Q2 2020 said that phishing attempts have ditched the coronavirus in favor of exploiting the upcoming election and Black Lives Matter movement, but that there's been a 12% decline in malware attacks during Q2. SEE: Identity theft protection policy.

Thousands of ISO certifications at risk of lapsing due to halted re-certification auditsThousands of valuable ISO management system certifications earned by UK companies may now be at risk because auditors from Certification Bodies may not have been able to attend organizations' premises to conduct essential re-certification audits during the current coronavirus pandemic. Kali Linux 2020.3 released: A new shell and a Bluetooth Arsenal for NetHunterOffensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform.

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency on Thursday issued a joint alert to warn about the growing threat from voice phishing or "Vishing" attacks targeting companies. "In mid-July 2020, cybercriminals started a vishing campaign-gaining access to employee tools at multiple companies with indiscriminate targeting - with the end goal of monetizing the access."

According to a recent report by Malwarebytes, mobile banking malware has surged over recent months, focused on stealing personal information and using weakened remote connections and mobile devices in a work-from-home environment to gain access to more valuable corporate networks. Securing mobile is a laborious task that requires mobile app developers to factor in several entities, including device manufacturers, mobile operating system developers, app developers, mobile carriers, and service providers.