Security News

"Even with cyber insurance and preventive measures in place, the growing frequency and sophistication of attacks calls for government entities to perform cyber health checks and revisit resilience strategies. The effort more than pays off." Key considerations for organizations Smarter systems architecture - Many state and local governments have deferred IT modernization, which leaves governments with increasingly vulnerable networks and systems.

Cygilant, provider of Cybersecurity-as-a-Service to mid-sized organizations, shared recent enhancements to its SOCVue platform that improve the speed, efficiency and accuracy of how the company collaborates and solves problems for customers. The SOCVue security operations and analytics platform enables quick and effective communication between customer IT teams and Cygilant's Security Operations Center.

Match Group, the parent company of dating apps such as Tinder, on Tuesday publicly endorsed a US bill others in the tech industry fear will erode online privacy and speech in the name of fighting child abuse. US senators unveiled the bipartisan measure last week, aiming to curb images of child sex abuse by forcing tech platforms to cooperate with law enforcement on encryption or risk losing the legal immunity for what is posted on their websites.

First question for the podcast, Todd, what is open threat intelligence and what is driving it? That's really what is driving this movement, a desire to have a broader and more open view of threat intelligence.

UK Parliament's Defence Committee is to open an investigation into 5G and Huawei with a special focus on national security concerns. The House of Commons committee, made up of MPs, wants to find out for itself whether or not Huawei poses a threat to national security, something that nobody has ever raised before and which is bound to uncover lots of new and original insights.

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.

Employing techniques usually associated with nation-state threat actors, human-operated ransomware attacks represent a growing threat to businesses, Microsoft warned last week. REvil, Samas, Bitpaymer, and Ryuk are some of the most infamous human-operated ransomware campaigns, but other prolific threat actors have emerged recently, demonstrating a need for comprehensive defenses that can stop the attacks in their infancy, Microsoft says.

Even the most forward-looking organizations with the top security experts face risk when transitioning to the cloud. The case study will also explain how a Network Detection and Response Layer could have provided the missing visibility and detection needed to respond to such an incident.

The U.S. Department of Justice's Cybersecurity Unit has released guidelines for organizations that want to gather cyber threat intelligence from dark web forums/markets but, at the same time, want to stay on the right side of the law. The document focuses on "Information security practitioners' cyber threat intelligence-gathering efforts that involve online forums in which computer crimes are discussed and planned and stolen data is bought and sold. It also contemplates situations in which private actors attempt to purchase malware, security vulnerabilities, or their own stolen data-or stolen data belonging to others with the data owners' authorization-in Dark Markets."