Security News

Threat data feeds can help organizations strengthen their cybersecurity posture, according to a report from the Ponemon Institute. As cyberthreats proliferate, many organizations are using threat feeds with insights from domain name system data to help IT security teams better understand threats and block malicious activity.

Cloudflare announced Cloudflare Data Loss Prevention, a network-wide data loss prevention solution that protects all traffic routed through Cloudflare's global network from data loss and help businesses protect all of their information. Cloudflare DLP will sit between the corporate network and any applications employees use, to provide a layer of protection and control over all data entering or leaving the network.

Ecessa announced it has added several advanced security features to its latest firmware release, version 12.0.0. These advanced features enhance Ecessa's next generation firewall capabilities integrated with each of its products and further secure the company's position in the Secure Access Service Edge marketplace.

The U.S. Cybersecurity and Infrastructure Security Agency has warned of critical security shortcomings in GE's Universal Relay family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory published on March 16.

Red Piranha first developed the concept of integrated security services in 2013 with the first reiteration of Crystal Eye that was engineered from the ground up as a cohesive security solution suite which Gartner, a leading research and advisory firm, and now the broader market define as XDR. "The primary value propositions of an XDR are to improve security operations productivity and enhance detection and response capabilities by including more security components into a unified whole," according to Gartner. Crystal Eye XDR is leading the industry with a fully integrated detection and response platform that is ready to go straight out of the box, delivering a high standard of security without the complexity and cost of integrating products from multiple vendors.

FiVerity announces that it closed a $2 million round of financing to expand its cyber fraud detection and threat intelligence platform, which addresses growing types of cyber fraud for financial institutions. Addressing the escalating rise in cyber fraud, FiVerity has initially focused on fighting synthetic identity fraud - the fastest growing financial fraud at 25% per year that accounts for 20% of consumer credit losses, according to the Federal Reserve, and cost the industry over $20bn last year.

MITRE Engenuity will assess commercial cybersecurity products' ability to detect the threat posed by the groups commonly known as Sandworm and Wizard Spider, both of whom have used data encryption as a key element of their attacks. The evaluations will use ATT&CK, a MITRE-curated knowledge base of adversary tactics, techniques, and procedures that is based on published threat reporting.

BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.

Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers. "While the initial vector for the infection is not entirely clear. [We believe] with a medium level of confidence that victims were lured to a domain under control [a] the threat actor, from which they were infected with malware," according to McAfee researchers in a Tuesday report.

A quick shift toward Microsoft Office 365 and Azure AD in the cloud has expanded the attack surface for many organizations, says Vectra AI. The coronavirus pandemic has forced many organizations to transition their applications and other assets to the cloud. This increased reliance on Office 365 has naturally caught the eye of cybercriminals who have been ramping up their attacks against Microsoft's cloud-based Office environment for many customers.