Security News

Imagine law enforcement reaches out to a security team to tell them a threat actor is selling employee credentials or private access keys to a sensitive business application. Even though there is no confirmation that these threat actors accessed or stole data, it is very troubling.

According to the index, which surveyed 902 organizations in the financial services sector, 74 percent have experienced a rise in cybercrime since the pandemic began, with 42 percent of banks and insurers revealing the remote working model has made them less secure. 44 percent were also concerned that this has led to less visibility of potential holes in their network or infrastructure and a further 37 percent of FIs believe their customers are now at greater risk of cybercrime or fraud.

The Alaska Court System has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including its website and removing the ability to look up court records. The threat blocked electronic court filings, disrupted online payments and prevented hearings from taking place by videoconference for several days, officials said.

QNAP NAS devices under ransomware attackQNAP NAS device owners are once again under attack by ransomware operators, who are exploiting a recently fixed vulnerability to lock data on vulnerable devices by using the 7-Zip open-source file archiver utility. Q1 2021 ransomware trends: Most attacks involved threat to leak stolen dataThe vast majority of ransomware attacks now include the theft of corporate data, Coveware says, but victims of data exfiltration extortion have very little to gain by paying a cyber criminal.

Shadow admins pose a threat to organizations because these accounts have privileged access to perform limited administrative functions on Active Directory objects. Threat actors seek shadow admin accounts because of their privilege and the stealthiness they can bestow upon attackers.

While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system of systems. In short, threat modeling answers questions as "Where am I most vulnerable to attacks?", "What are the key risks?", and "What should I do to reduce these risks?".

Threat detection and response solutions provider Vectra AI on Thursday announced that it has raised $130 million at a valuation of $1.2 billion, which makes the company the latest cybersecurity unicorn. The funding, which brings the total raised by the firm to $350 million, was led by Blackstone Growth, with participation from existing investors.

The vast majority of ransomware attacks now include the theft of corporate data, Coveware says, but victims of data exfiltration extortion have very little to gain by paying a cyber criminal. The data may be published before a victim can respond to an extortion attempt, and the threat actors may not provide complete records of what was taken even if the victim pays up.

Much of SecurityWeek's CISO Conversations series discusses how to be a leader. This begs a fundamental question: what makes a good leader - is a good leader born or bred? That's one of the questions we asked our two CISOs - Jennifer Watson of Raytheon Intelligence & Space and Mary Haigh of BAE Systems - for this issue of CISO Conversations dealing with the defense sector.

Navy SEAL platoons are beefing up capabilities in cyber and electronic warfare and unmanned systems, honing their skills to collect intelligence. Ten years after they found and killed Osama bin Laden, U.S. Navy SEALs are undergoing a major transition to improve leadership and expand their commando capabilities to better battle threats from global powers like China and Russia.