Security News

Mobile rootkits, virtual home invasions of well-known public figures and Bluetooth Low Energy attacks are among the other attack types to prepare for in the next year. These new methods, in tandem with a surge in counter IR, destructive attacks, lateral movement and island hopping, make for a perilous threat landscape.

Scripts can also be used for malicious purposes, and malicious scripts are unlikely to be detected or blocked by the average antimalware solution. While Emotet is one example of threat that uses scripts as part of its evasive strategy, there are many other types of script-based evasion techniques organizations need to be aware of to keep their systems secure.

iProov has launched the world's first system of global threat intelligence for biometric assurance. iSOC's threat intelligence provides forewarning of major new attacks and enables iProov to prepare and defend against them.

Netskope announced the Cloud Threat Exchange, one of the industry's first cloud-based solutions for the ingestion, curation, and real-time sharing of threat intelligence across enterprise security enforcement points. Any certified, partner, vendor, or customer may use Cloud Threat Exchange to automate the delivery and distribution of high-value, actionable threat intelligence, thus reducing the time to protection and eliminating gaps in coverage.

A previously undocumented malware family called KryptoCibule is mounting a three-pronged cryptocurrency-related attack, while also deploying remote-access trojan functionality to establish backdoors to its victims. Looking at timestamps in the various versions of KryptoCibule that ESET has identified, the malware dates from December 2018, researchers said.

As organizations try to defend themselves against external threats, they need to remember that insider threats can also cause harm. A report released Wednesday by security provider Bitglass shines a light on the ramifications of insider threats and offers advice on how to use the right security features to combat them.

Some intelligence services focus their efforts on identifying threat actor groups and attack methods, informing their customers whether they are targeted or not. Some terms are beginning to emerge to better define intelligence offerings, with the most prominent one being Digital Risk Protection, or DPO. While it is used by many vendors to describe services designed to identify external threats, it does often time seem to include the traditional "Threat intelligence" as part of the vendor's offering, such as malware IOCs, blurring the lines between the two terms.

Ransomware attacks often rely on trojans to infect computers and steal information. As ransomware continues to dominate as a cyberthreat, criminals are increasingly carrying out attacks using Cobalt Strike, an otherwise ethical testing framework.

More attention should be dedicated to strange login times and locations so that cloud and SaaS account compromises do not result in company-wide damage. Since the unusual login location was accompanied by an unusual login time, the actions triggered a deeper analysis from my team.

How does Qualys Multi-Vector EDR differ from traditional EDR solutions? Qualys Multi-Vector EDR leverages the strength of EDR while also extending the visibility and capabilities beyond the endpoint to provide a more comprehensive approach to protection.