Security News

Many companies today have developed a Cybersecurity Incident Response plan. It's a sound security practice to prepare a comprehensive IR plan to help the organization react to a sudden security incident in an orderly, rational manner.

93% of security professionals lack the tools to detect known security threats, and 92% state they are still in need of the appropriate preventative solutions to close current security gaps, according to LogRhythm. Based on a global survey of more than 300 security professionals and executives, LogRhythm sought to understand the root causes of the stress under which security teams operate, obtain feedback on the ways in which it could be alleviated, and identify the best paths to remediation.

Collaboration security startup Polymer announced its official launch on Wednesday with a solution that automatically detects and redacts sensitive data shared by users in popular collaboration tools. When users share this type of information via one of the supported collaboration tools, Polymer automatically redacts sensitive information and ensures that the unredacted information can only be accessed by users that have been authorized in the Polymer administrative dashboard.

Microsoft has released several new enterprise security offerings to help companies meet the challenges of remote work. "Double Key Encryption uses two keys to protect your data-one key in your control, and a second key is stored securely in Microsoft Azure. Viewing data protected with Double Key Encryption requires access to both keys. Since Microsoft can access only one of these keys, your protected data remains inaccessible to Microsoft, ensuring that you have full control over its privacy and security," the company explained.

That's the reason why companies should constantly test their environments against TTPs. The baseline profiling of your core network components, OS, devices and apps, adversary simulations, achieving full visibility and analytics across many different network data sources, correlation, and understanding of how each component affects the other one seems like a good approach for dealing with cybersecurity risks. What's your take on using open source tools within an enterprise security architecture?

Twitter has confirmed that hackers leveraged internal tools to take over high-profile accounts and use them to post scam tweets. After containing the incident and closing the unauthorized access, Twitter confirmed that the hackers used social engineering to target "Employees with access to internal systems and tools."

A low-quality batch of malicious tools can sell for as low as $70, while a premium set can go as high as $6,000, according to the security research site Privacy Affairs. At the low end of the list, malware tools aimed at a global audience sell on average for as little as $70. However, this particular batch is sold as low quality, slow speed, and a low success rate.

For seven years, a Chinese threat actor has targeted the Uyghur ethnic minority with several malware families, including newly identified Android surveillance tools, mobile security firm Lookout reports. Malicious attacks focusing on Uyghurs are not new, with several of them publicly detailed over the years, targeting users of Windows PCs, Macs, and mobile devices.

The global survey conducted by Ponemon Institute found that respondents' security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types. Slowly improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year's report.

Researchers have uncovered a surveillance campaign, dating back to at least 2013, which has used a slew of Android surveillanceware tools to spy on the Uyghur ethnic minority group. Researchers say, the surveillance apps in the campaign were likely distributed through a combination of targeted phishing and fake third-party app stores - however, they fortunately haven't been discovered on official app marketplaces, like Google Play.