Security News
Released on Wednesday, the 2020 Trustwave Global Security Report looks at the latest types of email attacks and offers advice on how organizations can defend against them. Cybercriminals have amped up their email game by using more targeted phishing attacks.
Threat groups have been using automated mechanisms to constantly probe networks and infrastructure and deploy malware. Malware disarm firm odix looks to provide enterprise-grade security to organizations through its ecosystem of services.
Claroty has strengthened the Claroty Platform to deliver the industry's broadest range of OT security controls in a single solution, thereby empowering enterprises to more easily and effectively reduce risks posed by increasing connectivity between OT and IT networks. Enriched by newly enhanced Continuous Threat Detection 4.1 and Secure Remote Access 3.0 components, the platform addresses four areas integral to risk reduction: visibility, threat detection, vulnerability management, and triage & mitigation.
Respondents believe threat actors are most concerned about traffic analysis, followed closely by deception technology and next-generation firewalls, IDS, SIEMs, EDR/next-generation AV, IAM and UEBA. This shift is likely due to attackers becoming increasingly savvy at understanding the weaknesses of traditional security controls. Organizations are shifting their strategy by deploying new technologies like deception technology for closing detection gaps and efficiently covering attack surfaces such as endpoint, cloud, and inter-connected OT environments.
The same problem could occur with a Word document synced through Dropbox or with any number of other legitimate SaaS applications that store data in the cloud. How to improve your SaaS security What can you do to improve the sanctioning processes, compliance, and security of your SaaS applications? Aside from doing your due diligence in researching service providers, here are some suggestions.
Attivo Networks, an award-winning leader in deception for cybersecurity threat detection, announced an integration with CrowdStrike, a leader in cloud-delivered endpoint protection, to provide organizations an integrated defensive strategy based on the Attivo ThreatDefend platform and the CrowdStrike Falcon endpoint protection platform. The joint solution provides early and accurate threat detection coupled with the ability to automatically quarantine a compromised endpoint.
Stealthbits Technologies, a customer-driven cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data, announced the release of StealthAUDIT 10.0, their flagship platform for auditing, governance, and access management across dozens of IT and data resources. Correspondingly, there is an ever-increasing number of storage platforms and repositories available to house the data security professionals need to protect, both on-premises and in the cloud.
Threat actors working for North Korea have also been hired by others to hack websites and extort targets, the U.S. government says in a new cyber alert. A joint advisory published on Wednesday by the U.S. Department of State, the Department of Treasury, the DHS, and the FBI provides guidance on the North Korean cyber threat and summarizes associated activities.
After recently directly notifying a number of hospitals about vulnerable gateway and VPN appliances in their infrastructure, Microsoft has decided to offer its AccountGuard threat notification service for free for healthcare and worldwide human rights and humanitarian organizations. "Both AccountGuard for Healthcare and AccountGuard for Human Rights Organizations will initially be available to organizations in the 29 countries where we already offer AccountGuard, subject to review of local laws and regulations, and we will be adding new countries based on need and local law."
A security weakness in the popular TikTok video-sharing service allows a local attacker to hijack any video content streamed to a user's TikTok feed and swap it out with hacker-generated content. In their proof-of-concept attack, Mysk and Bakry demonstrated how popular TikTok users, using verified accounts, could have their video streams hijacked to show misleading videos downplaying the severity of the COVID-19 pandemic.