Security News

The progress within modern application development doesn't directly translate to the security world as it often ends up being the aspect that gets left behind. Even worse, many of these vulnerabilities can go overlooked by security teams as they learn to navigate modern architectures that aren't immediately adaptable to their typical security testing practices.

Already, more European organizations have increased their zero trust budgets in 2021. Zero trust adoption will extend across even more private organizations and governments to counter the growing threat landscape.

State-backed adversaries expanded attacks against cloud platform company Zoho and its ManageEngine ServiceDesk Plus software, a help desk and asset management solution. Back in November, Unit 42 said it observed correlations between the tactics and tooling used in ADSelfService Plus campaigns and Threat Group 3390, also known as TG-3390 and Emissary Panda or APT27.

What if an external threat actor would offer your employees easy money to just do a quick action on one of the company's computers? How would the company detect it? Some of those employees or ex-employees will try to use their knowledge of the company and the data to which they have access to cause harm and affect confidentiality, integrity or availability of the organization's critical information or networks.

ENISA has announced the release of its report - Railway Cybersecurity - Good Practices in Cyber Risk Management for railway organizations. European railway undertakings and infrastructure managers need to address cyber risks in a systematic way as part of their risk management processes.

A threat actor previously tied to the Thieflock ransomware operation may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations, researchers have found. Researchers found a "Tentative link" between the new Yanluowang attacks and older attacks involving Thieflock, a ransomware-as-a-service developed by the Canthroid group, also known as Fivehands.

59% of CTOs still see human error as the main security threat to their business, alongside other prominent concerns such as ransomware and phishing, a research from STX Next reveals. The research surveyed 500 global CTOs about the biggest challenges facing their organization.

You'll be much better prepared to face them down if you have an in-depth understanding of how things have played out this year and what the finest minds in the sector expect the next 12 months to bring. With barely six weeks of this year left, how can you achieve this? By joining the Sophos Cybersecurity Summit 2021, on December 1, from 1000 GMT. This compact virtual conference will serve up seven in-depth sessions in just four hours from practitioners, analysts, and of course Sophos' own highly experienced staffers, all of whom have deep front-line experience against cyber-threats.

Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours. Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity.

An alert issued Monday by the Cybersecurity and Infrastructure Security Agency and the FBI urged organizations to be on guard for ransomware attacks that take advantage of worker downtime during Thanksgiving. Launching cyberattacks during a holiday or even a weekend is hardly a new strategy for criminals.