Security News

Since modern applications aren't a monolithic whole but consist of many separate components "Glued together" over networks, attackers have at their disposal many "Doors" through which they can attempt access to the data. "Access tier attacks are any that seek to circumvent the legitimate processes of authentication and authorization that we use to control who gets to use an application, and how they can use it. The result of this kind of attack is a malicious actor gaining entry to a system while impersonating a legitimate user. They then use the legitimate user's authorization to accomplish a malicious goal- usually data exfiltration," the analysts explained.

Akamai, the intelligent edge platform for securing and delivering digital experiences, announced the launch of Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience. Initially popularized by Magecart groups, and now being leveraged by other threat actors, the attack vector of malicious web page scripts is growing and has become a frequent source of data breaches.

Appdome, a no-code mobile integration and solutions platform, announced that it has joined the Microsoft Intelligent Security Association, an ecosystem of independent software vendors that have integrated their solutions to better defend against a world of increasing threats. Finally, as part of the Appdome build, organizations can choose to add features from the Appdome Mobile Security Suite, such as App hardening, Man-in-the-Middle protection, and native and non-native code obfuscation to their built apps.

As more organizations implement successful threat hunting operations, a SANS Institute survey finds that they are facing common challenges with employing skilled staff and collecting quality threat intelligence. With the concept of threat hunting being relatively new for many organizations only 29% of respondents consider themselves mature or very mature in their threat hunting, with nearly 68% self-identifying their threat hunting as immature or still maturing.

Despite efforts by organizations to layer up their cyber defenses, the threat landscape is changing, attackers are innovating and automating their attacks, NTT reveals. The attack data indicates that 55% of all attacks in 2019 were a combination of web-application and application-specific attacks, up from 32% the year before, while 20% of attacks targeted CMS suites and more than 28% targeted technologies that support websites.

Outside hackers were to blame for most data thefts last year, while in-house drama contributed to only a fifth of total computer security incidents, Verizon reckons. In its 13th Data Breach Investigations Report, which probed some 4,000 intrusions and network breaches in 2019, Verizon found that the online world is still a fairly bad place if you're not tooled up enough to defend yourself and your customers from external miscreants hoping to make bank.

Outside hackers were to blame for most data thefts last year, while in-house drama contributed to only a fifth of total computer security incidents, Verizon reckons. In its 13th Data Breach Investigations Report, which probed some 4,000 intrusions and network breaches in 2019, Verizon found that the online world is still a fairly bad place if you're not tooled up enough to defend yourself and your customers from external miscreants hoping to make bank.

One solution to risks associated with shadow IT is to have workers only use cloud apps that have been vetted and approved by your IT department. There is a vast discrepancy in the intended block rate and the actual block rate, which Skyhigh Networks calls the "Cloud enforcement gap" and represents shadow IT acquisition and usage.

Microsoft this week announced that it has made some of its COVID-19 threat intelligence available to the public. The number of attacks targeting organizations and individuals worldwide using coronavirus lures has increased dramatically over the past several months, and Microsoft says it wants to help even those who do not use its threat protection solutions.

Everyone is having trouble keeping cloud deployments secure, according to a new report from Oracle and KPMG. The "Threat Report 2020: Addressing Security Configurations Amidst a State of Constant Change" found that 92% of IT professionals do not think their organization is well prepared to secure public cloud services. Misconfigured cloud services are prevalent, problematic, and the top cloud security priority.