Security News

MI5's UK Annual Threat Update 2021 from director general Ken McCallum almost mirrors the threat warnings delivered by U.S. government agencies: ransomware and IP theft in cyber, and extreme right-wing terrorism amplified by online echo chambers. McCallum's view is, "For as long as it's cheap and easy for hostile actors to try to access UK data; or to cultivate initially-unwitting individuals here; or to spread false, divisive information - they are bound to keep doing so." The UK house also needs to be got in order - and in both cases the call is for new and stronger legislation.

As COVID-19 vaccinations continue, companies embrace hybrid work, employees return to the office and the U.S. opens up, violence and physical threats to businesses are occurring at an unsettling, record-high pace, according to the Ontic Center for Protective Intelligence. The study showcases the collective perspectives of physical security directors, physical security decision-makers, chief security officers, chief information officers, chief technology officers, chief information security officers and IT leaders at American companies on how physical security challenges and opportunities are unfolding in 2021 as the country emerges from the pandemic.

Perception Point announced its Advanced Threat Protection service for Amazon Web Services environments to protect joint customers' data and stop malicious content - files and URLs - from infiltrating their Amazon Simple Storage Service buckets. Enterprises and innovative SaaS vendors are increasingly storing their internal data as well files received from external sources in Amazon S3 buckets.

For decades, the cybersecurity industry has followed a defense-in-depth strategy, which allowed organizations to designate the battlefield against bad actors at their edge firewall. A fundamental rethink is needed by organizations to ensure they are set up to continuously adapt and evolve to meet the rapidly changing nature of threats.

Microsoft has flexed its muscles in the cybersecurity space, and will drop a reported $500 million in cash to acquire RiskIQ, a late stage startup in the threat intelligence and attack surface management business. Microsoft called out the value of RiskIQ's attack surface management capabilities as part of the impetus for the acquisition.

Today's reality is that security breaches are a given. Sophisticated attackers are too numerous and too determined to get caught by perimeter defenses.

Security Compass published the results of a report designed to provide a better understanding of the current state of threat modeling in mid-sized, $100M to $999M and large sized, $1B + enterprises, with a specific focus on the challenges organizations face in scaling threat modeling for the applications they build and deploy. Current performance on threat modeling approaches Only 25% of survey participants indicate their organizations conduct threat modeling during the early phases of software development requirements gathering and design, before proceeding with application development.

Cisco's Talos security unit says it has detected an increased rate of attacks on targets on the Indian subcontinent and named an advanced persistent threat actor named SideCopy as the source. SideCopy's infrastructure, Talos opined, "Indicates a special interest in victims in Pakistan and India," as the malware used only initiates actions if it detects infections in those two countries.

AdaptiveMobile Security announced a new trio of interconnected 5G security platforms that allows carriers to protect against internal and external security threats to their 5G infrastructure. 5G networks must therefore be secured at the interconnects with external networks and systems deployed to prevent nation state adversaries and criminal organizations using other perceived 'trusted' networks to execute missions against an operator's 5G infrastructure.

Theft of U.S. IP is a fundamental part of China's stated intention to be the world leader in science and technology by 2050. The Safeguarding American Innovation Act is designed to prevent foreign powers - and especially China - from stealing or unlawfully acquiring U.S. federally funded research.