Security News

In his blog post for Government Technology, he pointed out the significant rise of criminal copycats that deliver malware through software updates, the increase in mobile malware attacks, the packaging of malware with other threats that target specific organizations, and the weaponization of malicious software. Malware weaponization is particularly alarming in light of the geopolitical conflict the world is facing right now.

Hackers have created custom tools to control a range of industrial control system and supervisory control and data acquisition devices, marking the latest threat to a range of critical infrastructure in the United States, according to several government agencies. The tools enable threat groups to scan for, compromise, and eventually control affected device after gaining initial access to an organization's operational technology networks.

Splunk and Enterprise Strategy Group have released a research report examining the security issues facing modern enterprises. More than 1,200 security leaders participated in the survey and revealed that they've seen an increase in cyberattacks at the same time as their teams face widening talent gaps.

More than 1,200 security leaders participated in the survey, revealing they've seen an increase in cyberattacks while their teams are facing widening talent gaps. 64% of security professionals have stated that it's challenging to keep up with new security requirements, up from 49% a year ago.

Last December's Log4j crisis brought the danger of zero day vulnerabilities to the front pages. There is no way of knowing how many other open-source apps have zero day vulns, not to mention enterprise apps and APIs.

In this video for Help Net Security, Chris Westphal, Cybersecurity Evangelist at Ordr, talks about an alert that came out recently from CISA and the Department of Energy, about potential threats to uninterruptible power supply devices that are connected to the internet. UPS devices are used to provide emergency power, they're usually connected to critical infrastructure.

The CIS Controls are a set of 18 prioritized actions and 153 defensive measures known as Safeguards. The CIS Community Defense Model v2.0 was created to help answer that and other questions about the value of the Controls based on threat data from leading industry reports.

Imperva has published data showing that organizations are failing to address the issue of?insider threats?during a time when the risk is at its greatest. New research, conducted by Forrester, found that 59% of incidents in EMEA organizations that negatively impacted sensitive data in the last 12 months were caused by insider threats, yet 59% do not prioritize insider threats the way they prioritize external threats.

New research, conducted by Forrester, found that 59% of incidents in EMEA organizations that negatively impacted sensitive data in the last 12 months was caused by insider threats, and yet 59% do not prioritize insider threats the way they prioritize external threats. 70% of organizations do not have an insider risk management strategy or policy, and a majority do not have a dedicated insider threat team.

In this video for Help Net Security, Tal Samra, Cyber Threat Analyst at Cyberint, talks about Discord, a platform often used for cybercrime activities, and the possible threats users might come across. The application offers its users privacy and encryption, access to private rooms and hidden content, and by also being resistant to law enforcement seizure, it has been increasingly leveraged by cybercriminals in distributing malicious files.