Security News

Threat Stack supports AWS Graviton2-based instances through the Threat Stack Cloud Security Platform
Threat Stack announced its ability to support AWS Graviton2-based instances through the Threat Stack Cloud Security Platform. The rapid adoption of AWS Graviton2 workloads presents a challenge for security leaders as many of today's legacy tools do not support it.

Surging numbers of COVID-themed attacks, PowerShell trojans, along with the SolarWinds compromise and the continued spread of Sunburst malware were major contributors to a massive spike in the number of observed attacks in the wild during the last half of 2020, which McAfee's said averaged 588 attacks per minute within its telemetry during Q3 and Q4 of 2020. Researchers observed an average of 648 threats per minute in Q4 in the wild, an increase of 10 percent over the third quarter a continued upward trend from the 40 percent jump compared to Q2 2020, McAfee's latest threat report said.

How do such products fare on security? Though the community-based approach toward open source means that security flaws should be identified quickly, patching those flaws and applying the patches is another matter. In a report released Tuesday, design automation company Synopsys looked at commercial applications that use open source code to see how they dealt with security flaws.

In this Help Net Security podcast, Maurits Lucas, Director of Intelligence Solutions at Intel 471, discusses the benefits of cyber threat intelligence. You need to plan and invest both time and resources well ahead of time to make sure you're at the right position at the right time to collect intelligence.

Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware. IcedID is a modular banking trojan first spotted in 2017 and updated to also deploy second-stage malware payloads, including Trickbot, Qakbot, and Ryuk ransomware.

Bitdefender released a report revealing top cybersecurity threats, frequency of threats and cybercrime trends of 2020. "Our 2020 findings depict consumers under constant assault from cybercriminals looking to capitalize on fear and societal uncertainty accompanying the global pandemic," said Bogdan Botezatu, director of threat research and reporting at Bitdefender.

As part of this partnership, Liquid Web customers can employ the Threat Stack Oversight Intrusion Detection System as an additional layer of security to Liquid Web servers with an advanced Intrusion Detection System. Together, Threat Stack Oversight and Liquid Web will provide customers with real-time monitoring for user, process, network, and file behaviors in critical systems across Linux and Windows servers.

SAP and Onapsis jointly released a cyber threat intelligence report providing actionable information on how malicious threat actors are targeting and potentially exploiting unprotected mission-critical SAP applications. Both companies note that many organizations still have not applied relevant mitigations that have long been provided by SAP. Customers who fail to apply these protective measures and allow unprotected SAP applications to continue to operate put themselves and their business at risk.

The funding comes as Cyble graduates from Y Combinator, which accepted Cyble into its Winter 2021 cohort and provided pre-seed funding in January of this year. "As we continue to deliver what modern organizations need, the seed funding reaffirms our strategy and vision. It will enable Cyble to onboard resources and scale our SaaS platform, Cyble Vision, in lock step with our rapidly growing client base," says Manish Chachada, COO and Co-founder of Cyble.

Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis. Used within more than 400,000 organizations for resource planning, management of product lifecycle, human capital, and supply chain, and for various other purposes, SAP's applications represent an attractive target for adversaries.