Security News

The threats of modern application architecture are closer than they appear
2021-12-07 06:55

The progress within modern application development doesn't directly translate to the security world as it often ends up being the aspect that gets left behind. Even worse, many of these vulnerabilities can go overlooked by security teams as they learn to navigate modern architectures that aren't immediately adaptable to their typical security testing practices.

2022 and the threat landscape: The top 5 future cybersecurity challenges
2021-12-06 06:30

Already, more European organizations have increased their zero trust budgets in 2021. Zero trust adoption will extend across even more private organizations and governments to counter the growing threat landscape.

Threat Group Takes Aim Again at Cloud Platform Provider Zoho
2021-12-03 13:17

State-backed adversaries expanded attacks against cloud platform company Zoho and its ManageEngine ServiceDesk Plus software, a help desk and asset management solution. Back in November, Unit 42 said it observed correlations between the tactics and tooling used in ADSelfService Plus campaigns and Threat Group 3390, also known as TG-3390 and Emissary Panda or APT27.

Insider threats: How trustworthy are your employees?
2021-12-02 19:27

What if an external threat actor would offer your employees easy money to just do a quick action on one of the company's computers? How would the company detect it? Some of those employees or ex-employees will try to use their knowledge of the company and the data to which they have access to cause harm and affect confidentiality, integrity or availability of the organization's critical information or networks.

Railway cyber risk management: Raising awareness on relevant threats
2021-12-02 04:30

ENISA has announced the release of its report - Railway Cybersecurity - Good Practices in Cyber Risk Management for railway organizations. European railway undertakings and infrastructure managers need to address cyber risks in a systematic way as part of their risk management processes.

Yanluowang Ransomware Tied to Thieflock Threat Actor
2021-11-30 13:56

A threat actor previously tied to the Thieflock ransomware operation may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations, researchers have found. Researchers found a "Tentative link" between the new Yanluowang attacks and older attacks involving Thieflock, a ransomware-as-a-service developed by the Canthroid group, also known as Fivehands.

Most challenging security threats for CTOs
2021-11-30 05:30

59% of CTOs still see human error as the main security threat to their business, alongside other prominent concerns such as ransomware and phishing, a research from STX Next reveals. The research surveyed 500 global CTOs about the biggest challenges facing their organization.

If you want to see off next year’s cyber-threats, the time to prepare is … now
2021-11-26 07:25

You'll be much better prepared to face them down if you have an in-depth understanding of how things have played out this year and what the finest minds in the sector expect the next 12 months to bring. With barely six weeks of this year left, how can you achieve this? By joining the Sophos Cybersecurity Summit 2021, on December 1, from 1000 GMT. This compact virtual conference will serve up seven in-depth sessions in just four hours from practitioners, analysts, and of course Sophos' own highly experienced staffers, all of whom have deep front-line experience against cyber-threats.

Threat actors find and compromise exposed services in 24 hours
2021-11-23 21:35

Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours. Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity.

US government warns of increased ransomware threats during Thanksgiving
2021-11-23 14:29

An alert issued Monday by the Cybersecurity and Infrastructure Security Agency and the FBI urged organizations to be on guard for ransomware attacks that take advantage of worker downtime during Thanksgiving. Launching cyberattacks during a holiday or even a weekend is hardly a new strategy for criminals.