Security News

One of the most valuable steps an organization can take is to establish a cyber-threat profile, which is a deep-dive look at your organization's adversaries, vulnerabilities and risk. The creation of a cyber-threat profile should be based on intelligence and due diligence and should be used to drive action for the other cyber-defense functions.

Researchers have discovered a raft of active campaigns delivering the Flubot and Teabot trojans through a variety of delivery methods, with threat actors using smishing and malicious Google Play apps to target victims with fly-by attacks in various regions across the globe. Researchers from Bitdefender Labs said they have intercepted more than 100,000 malicious SMS messages trying to distribute Flubot malware since the beginning of December, according to a report published Wednesday.

The report compiles responses from 428 leaders and executives in IT, security and development roles to identify the latest trends on how organizations are adapting to new security challenges of the software supply chain. Managing software supply chain security a significant or top focus in 2022.

An upcoming webinar tries to help lean security teams understand how to tackle this intractable problem. While adding security solutions to cover blind spots seems logical, the webinar will argue that this just leads to more alarms and more noise.

Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud.

Bugcrowd released its report to spotlight the key cybersecurity trends from 2021, including the rise in the adoption of crowdsourced security due to the global shift to hybrid and remote work models, and the rapid digital transformation associated with it. Ransomware overtook personal data breaches as the threat that dominated cybersecurity news across the world in 2021.

Another CISO walks into a board meeting and muddles through stats showing their compliance status. In the classic risk management equation of Risk = Threat x Vulnerability, I have no control over the threat actor's motivation, skill, or resources.

Cybersecurity company Cynet puts this in perspective in a new eBook, The Guide for Threat Visibility for Lean IT Security Teams - link to this. Improving threat visibility is the first step to improving all aspects of cybersecurity.

For threat actors, there is a simple calculus at play - namely, what method of attack is a) easiest and b) most likely to yield the biggest return? And the answer, at this moment, is Linux-based cloud infrastructure, which makes up 80%+ of the total cloud infrastructure. These attacks will undoubtedly continue into 2022 and potential targets parties must remain vigilant.

"These results demonstrate that while IT security threats have increased-primarily from the general hacking community and foreign governments-the ability to detect and remediate such threats has not increased at the same rate, leaving public sector organizations vulnerable," said Brandon Shopp, Group VP, Product Strategy, SolarWinds. State and local governments are significantly more likely than other public sector groups to be concerned about the threat of the general hacking community.