Security News

FINRA, the U.S. securities industry regulator, has warned brokerage firms of an ongoing phishing campaign threatening recipients with penalties unless they provide the information requested by the attackers. Org domain used in these ongoing phishing attacks was registered on June 7 using the Hosting Concepts B.V. domain registrar.

CISA has partnered with the Homeland Security Systems Engineering and Development Institute, which worked with the MITRE ATT&CK team, to issue guidance to help cyber threat intelligence analysts make better use of MITRE ATT&CK. MITRE ATT&CK is a knowledge base of adversary information widely used by network defenders as they analyze and report on security threats. A solid understanding of how to apply ATT&CK can be used to develop adversary profiles; conduct activity trend analyses; and be incorporated into reporting for detection, response, and mitigation purposes, the document states.

Security and IT professionals in the Middle East are demonstrating a rising desire to secure critical applications and data, driving higher encryption adoption for newer use cases like containers and IoT platforms, as well as for email and private cloud infrastructures. Encryption adoption for private cloud infrastructure is up.

Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority network in April using a Pulse Secure zero-day. MTA mitigated the vulnerability on April 21, one day after Pulse Secure issued an advisory, and CISA published an alert on the Pulse Secure zero-day exploited in the attack.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday announced the availability of a new guide for cyber threat intelligence analysts on the use of the MITRE ATT&CK framework. The MITRE ATT&CK knowledge base of adversary tactics and techniques is widely used by security teams, but recent studies cited by CISA showed that many cybersecurity professionals don't use it to its full potential.

More than 90 percent of CISOs rely on outdated, report-based threat intelligence that is often too old to inform decisions, according to Cybersixgill. The survey of 150 CISOs at firms with at least 10,000 employees or $1 billion in revenue was conducted by Global Surveyz in February and March 2021 to foster a better understanding of the state of threat intelligence, and the focus that today's companies are placing on these vital technologies.

Microchip Technology announced it has extended its FPGA family's security with the DesignShield development tool that further helps prevent this information from being extracted for malicious purposes. "As a leader in the security space, Microchip offers a portfolio featuring the latest countermeasures for reducing the risk of cloning, intellectual property theft, reverse engineering, or the insertion of malicious Trojan Horses," said Bruce Weyer, vice president of Microchip's FPGA business unit.

The council is set to meet virtually on a quarterly basis to maintain a continuous exchange of information on cyber threats and cybersecurity solutions. Which is why the Asia Pacific Public Sector Cyber Security Executive Council couldn't have come at a more critical time, where the stakeholders in the ecosystem can collaborate on prioritizing national cybersecurity defense.

The White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia. JBS only hinted that a ransomware group caused the incident on Monday, stating that "The company's backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible."

Group-IB has officially announced the opening of its Middle East & Africa Threat Intelligence & Research Center in Dubai. Group-IB's leadership views the opening of its MEA Threat Intelligence & Research Center as a critical milestone toward achieving the strategic goal of building the first ever decentralized global cybersecurity company with fully operational R&D centers in the key financial hubs.