Security News

Stealthbits Technologies, a customer-driven cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data, announced the release of StealthAUDIT 10.0, their flagship platform for auditing, governance, and access management across dozens of IT and data resources. Correspondingly, there is an ever-increasing number of storage platforms and repositories available to house the data security professionals need to protect, both on-premises and in the cloud.

Threat actors working for North Korea have also been hired by others to hack websites and extort targets, the U.S. government says in a new cyber alert. A joint advisory published on Wednesday by the U.S. Department of State, the Department of Treasury, the DHS, and the FBI provides guidance on the North Korean cyber threat and summarizes associated activities.

After recently directly notifying a number of hospitals about vulnerable gateway and VPN appliances in their infrastructure, Microsoft has decided to offer its AccountGuard threat notification service for free for healthcare and worldwide human rights and humanitarian organizations. "Both AccountGuard for Healthcare and AccountGuard for Human Rights Organizations will initially be available to organizations in the 29 countries where we already offer AccountGuard, subject to review of local laws and regulations, and we will be adding new countries based on need and local law."

A security weakness in the popular TikTok video-sharing service allows a local attacker to hijack any video content streamed to a user's TikTok feed and swap it out with hacker-generated content. In their proof-of-concept attack, Mysk and Bakry demonstrated how popular TikTok users, using verified accounts, could have their video streams hijacked to show misleading videos downplaying the severity of the COVID-19 pandemic.

The Information Security Forum predicts the coming threats with a very good track record so far. The ideal choice would be to find someone who can predict future threats and to prepare for them in the present.

Sixgill, a leading cyber threat intelligence company, announced that its Deep and Dark Web Threat Intelligence Solution, an automated and contextual cyber threat intelligence solution, will integrate with Palo Alto Networks Cortex XSOAR, the industry's first extended security, orchestration, automation and response platform with native threat intel management that empowers security leaders with instant capabilities against threats across their entire enterprise. "Malicious actors continue to develop sophisticated new attacks with increased frequency," said Rishi Bhargava, vice president of product strategy, Cortex XSOAR at Palo Alto Networks.

Cell phones, wearables, health performance monitors and IoT infrastructure devices all offer new and unmonitored threat surfaces to launch attacks in order to gain access to company networks and secrets. From unmanageable device attacks and IoT devices being more vulnerable than corporate-managed computers to IoT security breaches, RF espionage is a growing concern for enterprises, but the concern still lags behind the threat.

Business email compromise attempts were globally up by a quarter in the first two months of this year alone, according to research from threat intel firm Trend Micro. "IT security teams around the world may be under significant pressure today, as the corporate attack surface expands thanks to mass home working demands in the face of the COVID-19 epidemic. But now, more than ever, they must be on high alert as opportunistic cyber-attackers look to strike," said a solemn Ian Heritage, cloud security architect at Trend Micro.

A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. Researchers analyzed dozens of COVID-19 apps - which continue to emerge with the spread of the coronavirus, paving the way for related security threats across the globe.

Countering cyber-threats is a constant game of cat and mouse and hackers always want to get the maximum reward from the minimum effort, tweaking known attack methods as soon as these are detected by the AI. CTOs therefore need to make sure that the AI system is routinely exercised and fed new data and that the algorithms are trained to understand the new data. AI is based on heuristics whereas machine learning requires a lot of data and algorithms that must be trained to learn the data and provide insights that will help to make decisions.