Thursday, October 1, 2020

The No Good, Very Bad Week for Iran’s Nation-State Hacking Ops

A look at the state of Iran's cyber operations as the US puts the squeeze on it with a pile of indictments and sanctions.

GitHub Tool Spots Security Vulnerabilities in Code

Scanner, which just became generally available, lets developers spot problems before code gets into production.

Cloud Misconfiguration Mishaps Businesses Must Watch

Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.

What Legal Language Should I Look Out for When Selecting Cyber Insurance?

At times, vague coverage can actually work for you.

A Guide to the NIST Cybersecurity Framework

With cybersecurity threats growing exponentially, it has never been more important to put together an efficient cyber-risk management policy, and NIST's framework can help.

COVID-19 Creates Opening for OT Security Reform

Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.

Phishing Attack Targets Microsoft 365 Users With Netflix & Amazon Lures

Cyberattacker TA2552 primarily targets Spanish speakers with messages that leverage a narrow range of themes and popular brands.

Attacker Dwell Time: Ransomware’s Most Important Metric

How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network

Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated

Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats.

DDoS Attacks Soar in First Half of 2020

Shorter, faster, multivector attacks had a greater impact on victims.

New Campaign by China-Linked Group Targets US Orgs for First Time

In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec.

Securing Slack: 5 Tips for Safer Messaging, Collaboration

Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.

Vulnerability in Wireless Router Chipsets Prompts Advisory

Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek.

Shifting Left of Left: Why Secure Code Isn’t Always Quality Code

Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.

State-Sponsored Hacking Groups Increasingly Use Cloud & Open Source Infrastructure

Microsoft shuts down Azure Active Directory instances used by attackers to evade detection and warns that the use of open source tools by espionage groups is growing.

The Shared Irresponsibility Model in the Cloud Is Putting You at Risk

Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?

test chunk server

Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.

Ivanti Acquires Two Security Companies

Purchase of MobilIron and Pulse Secure announced simultaneously.

9 Tips to Prepare for the Future of Cloud & Network Security

Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
Tripwire

Russian Gets 7 Years in Prison for Linkedin, Dropbox & Formspring Hacks

A Russian man received a seven-year prison sentence for having hacked into computers belonging to LinkedIn, Dropbox and Formspring. On September 30, Honorable William H. Alsup, U.S. District Judge for the Northern District of California, sentenced Yevgeniy Alexandrovich Nikulin,...
Bruce Schneier

Detecting Deep Fakes with a Heartbeat

Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face: In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these...
SecurityWeek

Anthem to Pay Nearly $40M Settlement Over 2015 Cyberattack

Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people. read more

#BeCyberSmart – why friends don’t let friends get scammed

Friends don't let friends get scammed. Because cybercrime hurts us all.
IBM Security

Why a Security Maturity Model Can Transform How You Use Analytics

With cyberattacks and breaches on the rise, security should be a major concern for all companies. In particular, enabling the development of an analytics maturity model is a useful addition to your traditional security information and event management (SIEM)-based...