Security News

Governments worldwide are too often playing catch-up against private cyberspace operators in what is poised to become a key arena for defending national interests, the International Institute for Strategic Studies said Tuesday. While the US remains the dominant cyberspace power, China is rapidly gaining ground and could soon be a major rival in both the civil and military spheres, the Britain-based research group said after a two-year study.

Organizations need to rethink their approach to threat modeling or risk losing its value as a key defense in their cybersecurity arsenals. The traditional approaches to threat modeling can be very effective, but they don't scale well enough in the current computing and threat landscape.

According to the 200 CISOs and other security decision makers who participated in the survey, nearly 60% consider lack of visibility as well as inadequate identity and access management a major threat to their cloud infrastructure. 85% of organizations said they plan to increase their security spending this year, with a significant portion being allocated to cloud infrastructure security.

GreyNoise, which describes itself as an "Anti-threat intelligence" company, helps analysts distinguish between malicious and benign internet traffic and the alerts triggered by security defenses, allowing SOCs to differentiate between those events stemming from harmless internet 'noise' and those that have a malicious intent. "Security analysts are overwhelmed with alerts," comments GreyNoise founder and CEO Andrew Morris.

The UN Security Council on Tuesday will hold its first formal public meeting on cybersecurity, addressing the growing threat of hacks to countries' key infrastructure, an issue Joe Biden recently raised with his Russian counterpart Vladimir Putin. Tuesday's meeting, called by Estonia which heads the Council for the month of June and is a leader in the fight against hacking, is itself being held online, at a ministerial level.

This has led to an emphasis on consumers dependence on mobile devices, as they look to execute nearly all daily activities via devices while on-the-go, exposing them to most digital risks. A new McAfee report reveals that 49% of U.S. consumers do not use mobile security software to protect their sensitive data, thus leaving them vulnerable to these increasingly advanced cyberattacks.

McAfee announced an extension of its longstanding partnership with Samsung to protect consumers' personal data against online threats. Since 2017, McAfee has provided cross-device security to Samsung PC users worldwide via consumer security by McAfee LiveSafe.

Microsoft is investigating an incident where a threat actor submitted malicious drivers for certification through the Windows Hardware Compatibility Program. "We have seen no evidence that the WHCP signing certificate was exposed. The infrastructure was not compromised," Microsoft says.

How can we be sure that threat hunters stay safe, and don't themselves become a threat to the systems they protect? Conducting threat intelligence and incident response from unsecure locations can expose threat hunters to discovery by the very hackers they are chasing and opens up technical, legal and governance challenges.

According to a report released by Honeywell, USB threats that can severely impact business operations increased significantly during a disruptive year when the usage of removable media and network connectivity also grew. USB devices leading to OT critical business disruption.