Security News

In this one, we'll dive into operations security threats to the supply chain. How are people threatening the vaccine supply chain?

D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE. NSA funded MITRE's research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base. The D3FEND technical knowledge base of defensive countermeasures for common offensive techniques is complementary to MITRE's ATT&CK, a knowledge base of cyber adversary behavior.

Securonix announced a new product for its cloud-native platform: Securonix Open XDR. The new product comes with Securonix Autonomous Threat Sweep and empowers customers with robust threat detection and response capabilities needed to respond swiftly to sophisticated threats across endpoints, networks and hybrid cloud environments. The fully integrated solution delivers out-of-the-box threat detection and response across endpoints, networks and the cloud for rapid time to value.

Roskomnadzor, Russia's telecommunications watchdog, has banned the use of Opera VPN and VyprVPN after classifying them as threats according to current Russian law. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and Opera VPN will be introduced from June 17, 2021," the Roskomnadzor said.

What's shocking is that despite the many advantages cloud and software-as-a-service applications provide organizations, they frequently fall short when it comes to averting data loss. Whether from human error, malicious actors, outages, or other methods, data loss poses a very real risk to the resilience of a business.

Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims' credentials. The attack begins with an email that includes a message that could be relevant to business users who commonly use Google Docs within their corporate environment.

Bitglass and Cybersecurity Insiders announced several findings from a report that show the rapid adoption of unmanaged personal devices connecting to work-related resources and why organizations are ill-equipped to deal with growing security threats such as malware and data theft. The study surveyed hundreds of cybersecurity professionals across industries to better understand how COVID-19's resulting surge of remote work has affected security and privacy risks introduced by the use of personal mobile devices.

FireEye announced the launch of Mandiant On-Demand Cyber Intelligence Training. Modern security and risk leaders need to rethink how to cultivate security talent by applying new training methods to build cyber threat intelligence expertise across their organizations.

The head of Britain's National Cyber Security Center has warned it is ransomware that's the key threat for most people. "What I find most worrying isn't the activity of state actors," NCSC chief exec Lindy Cameron told a national security audience, joining the chorus of organisations calling out ransomware criminals as the number one cybersecurity threat of the moment.

Norton Labs revealed the top cybersecurity trends from January to March 2021. Phishing campaigns remained the number one threat to consumer cyber safety, with top scams relating to the pandemic, including vaccine-oriented, financial relief, and tech support scams.