Security News

Respondents believe threat actors are most concerned about traffic analysis, followed closely by deception technology and next-generation firewalls, IDS, SIEMs, EDR/next-generation AV, IAM and UEBA. This shift is likely due to attackers becoming increasingly savvy at understanding the weaknesses of traditional security controls. Organizations are shifting their strategy by deploying new technologies like deception technology for closing detection gaps and efficiently covering attack surfaces such as endpoint, cloud, and inter-connected OT environments.

The same problem could occur with a Word document synced through Dropbox or with any number of other legitimate SaaS applications that store data in the cloud. How to improve your SaaS security What can you do to improve the sanctioning processes, compliance, and security of your SaaS applications? Aside from doing your due diligence in researching service providers, here are some suggestions.

Attivo Networks, an award-winning leader in deception for cybersecurity threat detection, announced an integration with CrowdStrike, a leader in cloud-delivered endpoint protection, to provide organizations an integrated defensive strategy based on the Attivo ThreatDefend platform and the CrowdStrike Falcon endpoint protection platform. The joint solution provides early and accurate threat detection coupled with the ability to automatically quarantine a compromised endpoint.

Stealthbits Technologies, a customer-driven cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data, announced the release of StealthAUDIT 10.0, their flagship platform for auditing, governance, and access management across dozens of IT and data resources. Correspondingly, there is an ever-increasing number of storage platforms and repositories available to house the data security professionals need to protect, both on-premises and in the cloud.

Threat actors working for North Korea have also been hired by others to hack websites and extort targets, the U.S. government says in a new cyber alert. A joint advisory published on Wednesday by the U.S. Department of State, the Department of Treasury, the DHS, and the FBI provides guidance on the North Korean cyber threat and summarizes associated activities.

After recently directly notifying a number of hospitals about vulnerable gateway and VPN appliances in their infrastructure, Microsoft has decided to offer its AccountGuard threat notification service for free for healthcare and worldwide human rights and humanitarian organizations. "Both AccountGuard for Healthcare and AccountGuard for Human Rights Organizations will initially be available to organizations in the 29 countries where we already offer AccountGuard, subject to review of local laws and regulations, and we will be adding new countries based on need and local law."

A security weakness in the popular TikTok video-sharing service allows a local attacker to hijack any video content streamed to a user's TikTok feed and swap it out with hacker-generated content. In their proof-of-concept attack, Mysk and Bakry demonstrated how popular TikTok users, using verified accounts, could have their video streams hijacked to show misleading videos downplaying the severity of the COVID-19 pandemic.

The Information Security Forum predicts the coming threats with a very good track record so far. The ideal choice would be to find someone who can predict future threats and to prepare for them in the present.

Sixgill, a leading cyber threat intelligence company, announced that its Deep and Dark Web Threat Intelligence Solution, an automated and contextual cyber threat intelligence solution, will integrate with Palo Alto Networks Cortex XSOAR, the industry's first extended security, orchestration, automation and response platform with native threat intel management that empowers security leaders with instant capabilities against threats across their entire enterprise. "Malicious actors continue to develop sophisticated new attacks with increased frequency," said Rishi Bhargava, vice president of product strategy, Cortex XSOAR at Palo Alto Networks.

Cell phones, wearables, health performance monitors and IoT infrastructure devices all offer new and unmonitored threat surfaces to launch attacks in order to gain access to company networks and secrets. From unmanageable device attacks and IoT devices being more vulnerable than corporate-managed computers to IoT security breaches, RF espionage is a growing concern for enterprises, but the concern still lags behind the threat.