Security News

The product reviewed here is Group-IB's solution offering customer-tailored data on threats and attackers: Threat Intelligence & Attribution. Most of them are only available for Group-IB Threat Intelligence & Attribution customers due to a restricted sharing policy, like the fourth volume of its Hi-Tech Crime Trends 2021/2022 report "Cyberwarfare: state-sponsored operations in cyberspace." The reports differ on several points: topic, depth, and publishing frequency.

Notably, on average, impacted organizations spent $15.4 million annually on overall insider threat remediation and took 85 days to contain each incident. The report reveals that over the last two years, the frequency and costs associated with insider threats have increased dramatically across all three insider threat categories, including: careless or negligent employees/contractors, criminal or malicious insiders, and cybercriminal credential theft.

Digital identification is the focus of two reports by the European Union Agency for Cybersecurity: an analysis of self-sovereign identity and a study of major face presentation attacks. The technologies falling under the name of self-sovereign identity consist in giving identity holders greater control over their identity.

One of the most valuable steps an organization can take is to establish a cyber-threat profile, which is a deep-dive look at your organization's adversaries, vulnerabilities and risk. The creation of a cyber-threat profile should be based on intelligence and due diligence and should be used to drive action for the other cyber-defense functions.

Researchers have discovered a raft of active campaigns delivering the Flubot and Teabot trojans through a variety of delivery methods, with threat actors using smishing and malicious Google Play apps to target victims with fly-by attacks in various regions across the globe. Researchers from Bitdefender Labs said they have intercepted more than 100,000 malicious SMS messages trying to distribute Flubot malware since the beginning of December, according to a report published Wednesday.

The report compiles responses from 428 leaders and executives in IT, security and development roles to identify the latest trends on how organizations are adapting to new security challenges of the software supply chain. Managing software supply chain security a significant or top focus in 2022.

An upcoming webinar tries to help lean security teams understand how to tackle this intractable problem. While adding security solutions to cover blind spots seems logical, the webinar will argue that this just leads to more alarms and more noise.

Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud.

Bugcrowd released its report to spotlight the key cybersecurity trends from 2021, including the rise in the adoption of crowdsourced security due to the global shift to hybrid and remote work models, and the rapid digital transformation associated with it. Ransomware overtook personal data breaches as the threat that dominated cybersecurity news across the world in 2021.

Another CISO walks into a board meeting and muddles through stats showing their compliance status. In the classic risk management equation of Risk = Threat x Vulnerability, I have no control over the threat actor's motivation, skill, or resources.