Saturday, January 16, 2021
SC Magazine

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise. “Several...
SC Magazine

Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles

President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical...
SC Magazine

NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks

NSA advises security pros to use designated enterprise DNS resolvers to lock down DoH on corporate networks. @mjb CreativeCommons (Credit: CC BY-NC-ND 2.0) The National Security Agency is recommending that security teams use designated DNS resolvers to lockdown DNS...
SC Magazine

Surge in remotely hosted phish images? Some say it’s business as usual

Vade Secure analyzed 26.2 million remote images in November 2020 while blocking 262 million emails containing malicious, remotely hosted images. (Sean Gallup/Getty Images) A new report suggests that 2020 saw an increase in phishing emails that relied on remotely-hosted images...
SC Magazine

Intel unveils ransomware-fighting CPUs

Intel unveiled new anti-ransomware capabilities for its 11th generation Core vPro processors, requiring little from security chiefs to reap the rewards.   The new processors, which Intel announced during the CES conference earlier this week, provide two additional boosts for existing security products: access to processor-level data to determine ransomware attacks in progress, and the use of...
SC Magazine

Sheldon Cuffie: ‘Maintain an unrelenting curiosity’

A conversation with Sheldon Cuffie, enterprise CISO of American Family Insurance. One of a series of security leadership profiles prepared by Cybersecurity Collaborative in conjunction with SC Media. Cybersecurity Collaborative is a membership community for cybersecurity leaders to work...
SC Magazine

Cybersecurity Collaborative launches Asset Management Task Force

New York City Criminal Court Judge Paul McDonnell works remotely from his Brooklyn apartment due to the coronavirus outbreak on April 09, 2020 in New York City. Work from home policies have prompted a widespread shift of IT infrastructure...
SC Magazine

Todd Fitzgerald: ‘Do not expect trust. It must be earned’

A conversation with Todd Fitzgerald, chairman of the executive committee of Cybersecurity Collaborative. One of a series of security leadership profiles prepared by Cybersecurity Collaborative in conjunction with SC Media. Cybersecurity Collaborative is a membership community for cybersecurity leaders to work together in...
SC Magazine

Cybersecurity Collaborative creates task force to mitigate third-party risk

The need for the Third-Party Risk Task Force has been amplified by recent attacks that infiltrated corporate and government networks by way of the SolarWinds Orion business software. (Stephen Foskett/CC BY-NC-SA 2.0) Recent supply chain attacks prompted cybersecurity professionals, under...
SC Magazine

With insured losses estimated at $90 billion, did cyber insurance firms dodge financial calamity?

Insured losses from the SolarWinds breach will likely come in around $90 million, according to estimates from a pair of security companies, who claim insurers may have dodged “a catastrophic financial incident.” While newly minted partners BitSight and Kovrr expect...
SC Magazine

Early-stage cybersecurity investment flowing, despite pandemic

Attendees listen as the Startup Battlefield Competition takes place at Disrupt Berlin 2019. In the venture world, cybersecurity dealmaking remained resilient in 2020, despite the pandemic and a turbulent economic environment.(Noam Galai/Getty Images for TechCrunch) Most industries saw a significant...
SC Magazine

CISA says multiple attacks on cloud services bypassed multifactor authentication

The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday said it discovered several recent successful cyberattacks against the cloud services of multiple organizations, offering guidance on how security teams can bolster associated security.    CISA said in its report that...
SC Magazine

Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers

An Apple store in London. The company earned some criticism among researchers for software in the beta version of its operating system that allowed its own products to circumvent socket firewalls and virtual private networks. (Jon Rawlinson/CC BY 2.0) The...
SC Magazine

Google: Attacker ‘likely’ had access to Android zero-day vulnerabilities

Google’s Project Zero on Tuesday introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year. In a blog post the team...
SC Magazine

JumpCloud land $100 million in funding, as secure remote access market continues surge

The secure identity and access management market continues to hum along, as JumpCloud closed its Series E funding round with $100 million, including an additional $25 million since November from investors BlackRock, H.I.G., Growth Partners, OurCrowd and others. Coronavirus led...
ZDNet

Iconic BugTraq security mailing list shuts down after 27 years

BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.

Weekly Update 226

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
SC Magazine

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise. “Several...
ZDNet

Joker's Stash, the internet's largest carding forum, is shutting down

Joker's Stash to shut down on February 15, 2021.
SC Magazine

Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles

President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical...