Security News

In prevention, you are attempting to ID employees who are high threat before they are able to act on an insider vulnerability. Not only will the training educate all of the employees as to the threat, but your most likely opportunity for someone to identify a potential insider threat is through another employee.

Venafi announced the findings of a global survey of more than 1,500 IT security decision makers that reveals that 60% of security professionals believe ransomware threats should be prioritized at the same level as terrorism. 37% of respondents would pay the ransom but 57% would reverse that decision if they had to publicly report the payment, as required by the Ransomware Disclosure Act, a U.S. Senate bill that would require companies to report ransomware payments within 48 hours.

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. Patterns observed include irregular domain names, domain resolving to an untrusted web app, SSL not enabled.

We have seen an increase in temerity of attacks by nation-states, such as the Russian attack on SolarWinds, and seen their attack tactics shift from targeted, stealthy operations into opportunistic hacks for potential future uses, such as the attacks attributed to Hafnium. Anytime complexity increases, it also increases the potential attack surface.

The Log4j saga: New vulnerabilities and attack vectors discoveredThe Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell was fixed by releasing Log4j v2.15.0. Cyber insurance trends: Insurers and insurees must adapt equally to growing threatsIn this interview with Help Net Security, Avi Bashan, CTO at Kovrr, talks about cyber insurance trends and how the growing threat landscape impacted both insurers and insurees.

Online retailers are dealing with more cybersecurity threats than ever before, and the holiday season is when they have to fend them off most aggressively. In this interview with Help Net Security, Dr. Taher Elgamal, cryptographer, infosec leader and currently the CTO at Salesforce, talks about the obstacles retailers' need to overcome to increase their cybersecurity posture and his expectations for the threat landscape in 2022.

Scammers are estimated to have made $80 million per month by impersonating popular brands asking people to participate in fake surveys or giveaways. The scam themes are the typical and "Trustworthy" fake surveys and giveaways from popular brands with the holiday season making targets more susceptible to fraudulent gift offerings.

Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing. Obviously, you can use Microsoft Power BI to monitor Power BI usage, using the Power BI Admin APIs to track who is accessing data and visualisations and make sure it's only the people you expect to have access to what might be critical or confidential business information.

In this interview with Help Net Security, Avi Bashan, CTO at Kovrr, talks about cyber insurance trends and how the growing threat landscape impacted both insurers and insurees. At the same time they feel more vulnerable to a ransomware attack than ever before, insurers are pulling back to the point where cyber insurance is more expensive than used to and thus demands clearer justification of the investment for most companies, and policies that cover a broad range of cyber incidents are more scarce.

The Log4j JNDI attack and how to prevent itThe disclosure of the critical Log4Shell vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the entire information security community, but most of all those who are tasked with keeping enterprise systems and network secure. Ransomware hits HR solutions provider Kronos, locking customers out of vital servicesThe end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group, one of the biggest HR and workforce management solutions providers in the US. Microsoft patches spoofing vulnerability exploited by EmotetMicrosoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability actively exploited to deliver Emotet/Trickbot/Bazaloader malware family.