Security News

The FBI and Cybersecurity and Infrastructure Security Agency claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity or manipulate votes at scale. Despite popular narratives in some political circles that the 2020 election was insecure and fraudulent, there hasn't been any evidence to suggest that, the FBI and CISA said in the PSA. The agencies also took the time to explain how US election systems are secured using "a variety of technological, physical, and procedural controls to mitigate the likelihood of malicious cyber activity" that could affect "Election infrastructure systems or data that would alter votes or otherwise disrupt or prevent voting."

OpenText announced the Nastiest Malware of 2022, a ranking of the year's biggest cyber threats. For the fifth year running, experts combed through the data, analysed different behaviours, and determined which malicious payloads are the nastiest.

Software supply chains at risk: The account takeover threat. A software supply chain attack consists of targeting software repositories or download locations, in order to spread malware instead of or in addition to legitimate software.

Insider risk is a fundamentally different problem than malware or external threats for security teams, which means that protecting data from insiders requires an altogether different approach. Internal threats are more complex for SOC analysts because the intent is not black and white.

Cybersecurity threats and attacks are on an upswing with no end in sight. It's clear that organizations must do more to protect their data and employees.

IoT embedded systems combine hardware, firmware, and internet connectivity to carry out particular functions. These devices transfer real-time data via the internet for various purposes, including tracking, monitoring, and analysis.

The X-Force report pulls data from IBM's threat visibility, including X-Force Threat Intelligence data, hundreds of penetration tests, incident response engagements, and data provided by report contributor Intezer between July 2021 and June 2022. Cloud vulnerabilities are on the rise - Amid a sixfold increase in new cloud vulnerabilities over the past six years, 26% of cloud compromises that X-Force responded to were caused by attackers exploiting unpatched vulnerabilities, becoming the most common entry point observed.

There's been a massive push for supply chain security in the last few years: integrity protection, vulnerability management, and transparency. This push has left organizations struggling to secure their pipelines and manage vulnerabilities, especially when running in the cloud.

Applying patches to fix these vulnerabilities across an organisation's entire network of devices can be time-consuming and complex to implement - but it is essential. The previous two threats are usually exploited to breach networks and steal information, but a Denial-of-Service attack is meant to shut down your network and make it inaccessible.

In this Help Net Security video, Igal Lytzki, Incident Response Analyst at Perception Point, discusses a recent Remcos RAT malware campaign and more broadly, the threat that email-based threats and phishing pose to organizations. To extract credentials and other sensitive information, cybercriminals use phishing and malicious emails as their preferred infection vectors.