Security News

Cyber executives may not be sufficiently prioritizing threats from vulnerabilities within the value chain, beyond the immediate boundaries of their own organizations, according to Tata Consultancy Services. This Help Net Security video highlights how confident executives are about their cyber strategy.

Threat actors are finding their way around Microsoft's default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found. The beginning of the decrease coincided with Microsoft's plan to start blocking XL4 macros by default for Excel users, followed up with the blocking of VBA macros by default across the Office suite this year.

A worrying 73.48% of organizations feel they have wasted the majority of their cybersecurity budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal, according to Gurucul. Only 25% of organizations consider their biggest threat to be from inside the business, despite insider threats increasing by 47% over the past two years.

SonicWall has published its latest threat report, showing a drop in ransomware but an increase in malware attacks in the first half of 2022. In an interview with The Register, SonicWall CEO Bill Conner noted that factors including the Russia and Ukraine conflict as well as the activities of law enforcement agencies had at least partially caused the drop but warned: "I think in the next six to 12 months you're going to see ransomware come back strong as the state of affairs settle into whatever this new norm is."

A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. Poor visibility into security threats against mobile apps.

In this year's Secureworks Threat Intelligence Report, the team will provide insights and findings generated by coupling the expertise of our research group with direct observations from a vast pool of customer telemetry and incident response engagements. It is my hope, as leader of this talented team of threat researchers, that you will be able to use this summary of what we have seen day in and day out to make your own organization safer from the threats that really matter.

At a time when enterprises are increasingly banking on digital ecosystems for their growth strategies, TCS' survey shows that only 16% of chief risk officers and chief information security officers ranked digital ecosystems as a concern when assessing expected cyber targets, and only 14% listed the risks from such ecosystems as the top priority arising out of board-level discussions. "Companies across the globe are increasingly turning to digital ecosystems of partners, vendors, and even competitors to reimagine and grow their business. Ignoring the threats originating from these ecosystems represents a blind spot which needs to be addressed urgently," said Santha Subramoni, Global Head, Cybersecurity, TCS. "One way of reducing the probability of an attack within digital supply chains is to implement a 'zero trust' policy-a framework based on the principle of 'never trust, always verify,' applied not only to humans but also machines."

Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers' personal data. This past Monday, the BlackCat ransomware operation claimed to have breached Bandai Namco and stolen corporate data during the attack.

Although guidance from the White House and CISA advising on this heightened risk for U.S. businesses and the increase in the proposed budget for cybersecurity within the federal government signals that more resources are needed to properly defend against these risks, this does not necessarily translate to more IT budget or security staff within most organizations in the private sector. Prioritizing the modernization of aging technology stacks will be essential to mitigate rising cybersecurity vulnerabilities and ensure the security of the organization's critical systems and applications from malicious cyber campaigns.

Some data discovery solutions give you only metadata, which is a good place to start, but comprehensive data classification based on sensitive content provides the additional context so you can focus on protecting what is important first. Volume: Data volumes in cloud environments are on the increase and hence the solution you pick needs to be able to handle large volumes of data and can scale itself up or down as needed to do both discovery and classification of the data.