Security News

An upcoming webinar tries to help lean security teams understand how to tackle this intractable problem. While adding security solutions to cover blind spots seems logical, the webinar will argue that this just leads to more alarms and more noise.

Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud.

Bugcrowd released its report to spotlight the key cybersecurity trends from 2021, including the rise in the adoption of crowdsourced security due to the global shift to hybrid and remote work models, and the rapid digital transformation associated with it. Ransomware overtook personal data breaches as the threat that dominated cybersecurity news across the world in 2021.

Another CISO walks into a board meeting and muddles through stats showing their compliance status. In the classic risk management equation of Risk = Threat x Vulnerability, I have no control over the threat actor's motivation, skill, or resources.

Cybersecurity company Cynet puts this in perspective in a new eBook, The Guide for Threat Visibility for Lean IT Security Teams - link to this. Improving threat visibility is the first step to improving all aspects of cybersecurity.

For threat actors, there is a simple calculus at play - namely, what method of attack is a) easiest and b) most likely to yield the biggest return? And the answer, at this moment, is Linux-based cloud infrastructure, which makes up 80%+ of the total cloud infrastructure. These attacks will undoubtedly continue into 2022 and potential targets parties must remain vigilant.

"These results demonstrate that while IT security threats have increased-primarily from the general hacking community and foreign governments-the ability to detect and remediate such threats has not increased at the same rate, leaving public sector organizations vulnerable," said Brandon Shopp, Group VP, Product Strategy, SolarWinds. State and local governments are significantly more likely than other public sector groups to be concerned about the threat of the general hacking community.

Organizations need to be vigilant for such attacks and make sure they have the means to prevent or combat them. "The advisory doesn't mention the current Russian-Ukraine tensions, but if the conflict escalates, you can expect Russian cyber threats to increase their operations," said Rick Holland, chief information security officer at Digital Shadows.

TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target more operating systems, macOS and Linux, in particular. The return of this malware strain was noticed last month, when threat actors used it in conjunction with the Log4Shell exploit to target vulnerable machines.

A novel multi-platform backdoor dubbed SysJoker has been successfully evading security solutions since mid-2021. "In the Linux and macOS versions, it masquerades as a system update. In the Windows version, it masquerades as Intel drivers. The update names are somewhat generic: In the macOS version, the file is relocated and named 'updateMacOs' and in the Linux version it is named 'updateSystem'," Avigayil Mechtinger, security researcher at Intezer, has shared with Help Net Security.