Security News

Orca Security released a research report on public cloud security alert fatigue. "Multiple, disconnected tools continue to plague security teams. Having to sift through hundreds of 'high priority' often meaningless alerts is causing security practitioners to become overwhelmed and leading to burnout and turnover, exacerbating cybersecurity staff shortages," said Avi Shua, CEO, Orca Security.

As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. In this article, we outline the difficulties implied by enterprise threat mitigation, and explain why automated, purpose-built mitigation tools are the way forward.

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The "Free Cybersecurity Services and Tools" resource hub comprises a mix of services provided by CISA, open-source utilities, and other implements offered by private and public sector organizations across the cybersecurity community.

The U.S. Cybersecurity and Infrastructure Security Agency has published a list of free cybersecurity services and tools to help organizations increase their security capabilities and better defend against cyberattacks. While the set is neither comprehensive nor impervious to change, it aims to mature an entity's cybersecurity risk management when combined with baseline security practices for a strong cybersecurity program.

Cyber threat intelligence is a concept that is crucial to the security of corporate networks, yet it can be difficult to really understand the ideas behind it, not to mention the implementation of threat intelligence within the company's IT and security structures. Before diving into what cyber threat intelligence is, it is essential to understand what the word "Threat" defines.

"CISA is super proud to announce the start of a new catalog of free resources available to those critical infrastructure owners and operators who would benefit from tools to help their security and resilience," said CISA director Jen Easterly in a statement. The Register asked CISA to clarify the selection criteria for inclusion on the list.

Offensive Security has released Kali Linux 2022.1, the latest version of its popular open source penetration testing platform. Visually refreshed and with improved usability for visually impaired users, it comes also with a new "Kali-linux-everything" image, wider compatibility for Kali's SSH client, and new tools.

Kali Everything Image - An all-packages-in-one solution now available to download. Kali-Tweaks Meets SSH - Connect to old SSH servers using legacy SSH protocols and ciphers. As the first version of the new year, the Kali Team has performed a visual refresh adding new backgrounds for the desktop, login, and boot displays, and a new installer theme.

5 services and tools helping companies with digital safety. As more companies and people use different digital platforms to advertise and promote their products and services, online integrity and safety are rapidly becoming a priority topic of concern.