Security News

Ecessa announced it has added several advanced security features to its latest firmware release, version 12.0.0. These advanced features enhance Ecessa's next generation firewall capabilities integrated with each of its products and further secure the company's position in the Secure Access Service Edge marketplace.

The U.S. Cybersecurity and Infrastructure Security Agency has warned of critical security shortcomings in GE's Universal Relay family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory published on March 16.

Red Piranha first developed the concept of integrated security services in 2013 with the first reiteration of Crystal Eye that was engineered from the ground up as a cohesive security solution suite which Gartner, a leading research and advisory firm, and now the broader market define as XDR. "The primary value propositions of an XDR are to improve security operations productivity and enhance detection and response capabilities by including more security components into a unified whole," according to Gartner. Crystal Eye XDR is leading the industry with a fully integrated detection and response platform that is ready to go straight out of the box, delivering a high standard of security without the complexity and cost of integrating products from multiple vendors.

FiVerity announces that it closed a $2 million round of financing to expand its cyber fraud detection and threat intelligence platform, which addresses growing types of cyber fraud for financial institutions. Addressing the escalating rise in cyber fraud, FiVerity has initially focused on fighting synthetic identity fraud - the fastest growing financial fraud at 25% per year that accounts for 20% of consumer credit losses, according to the Federal Reserve, and cost the industry over $20bn last year.

MITRE Engenuity will assess commercial cybersecurity products' ability to detect the threat posed by the groups commonly known as Sandworm and Wizard Spider, both of whom have used data encryption as a key element of their attacks. The evaluations will use ATT&CK, a MITRE-curated knowledge base of adversary tactics, techniques, and procedures that is based on published threat reporting.

BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.

Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers. "While the initial vector for the infection is not entirely clear. [We believe] with a medium level of confidence that victims were lured to a domain under control [a] the threat actor, from which they were infected with malware," according to McAfee researchers in a Tuesday report.

A quick shift toward Microsoft Office 365 and Azure AD in the cloud has expanded the attack surface for many organizations, says Vectra AI. The coronavirus pandemic has forced many organizations to transition their applications and other assets to the cloud. This increased reliance on Office 365 has naturally caught the eye of cybercriminals who have been ramping up their attacks against Microsoft's cloud-based Office environment for many customers.

Ransomware has emerged as one of the most pernicious security threats to organizations and one that has proved to be lucrative for the criminals who practice it. Ransomware operators are getting savvier and more daring, leading to increasingly costly incidents for compromised organizations.

As working environments evolved, so did the methods of threat actors and other motivated perpetrators, as detailed in the SonicWall report. "The pandemic - along with remote work, a charged political climate, record prices of cryptocurrency, and threat actors weaponizing cloud storage and tools - drove the effectiveness and volume of cyberattacks to new highs. This latest threat intelligence offers a look at how cybercriminals shifted and refined their tactics, painting a picture of what they are doing amid the uncertain future that lies ahead.".