Search results for: supply chain compromise

Dragos and DNG-ISAC announce initiative to increase security in the natural gas industry

Dragos and the Downstream Natural Gas Information Sharing and Analysis Center (DNG-ISAC) have announced an initiative to strengthen security and community-wide visibility for industrial cybersecurity in the North American natural gas industry. Dragos’s Neighborhood Keeper is scheduled to be deployed via the DNG-ISAC, enabling DNG ISAC’s analyst to gain greater visibility into industrial control system (ICS) cyber threats facing the natural gas sector. The DNG-ISAC analyst will have the ability to view anonymous and aggregated … More

cloud

Things that are easy to miss in the race towards hybrid working and the cloud

The mega-trend towards hybrid working and cloud migration seems unstoppable. But customer service organizations could find their wheels come off if they fail to address a hazardous twist in the transformation journey. For many businesses, switching to the cloud makes sense on multiple levels. On-premises kit is seen as expensive to buy, install and maintain, whereas agile, scalable cloud platforms are considered to be more efficient, cost effective and easier to manage. Then there are … More

target

58% of IT leaders worried their business could become a target of rising nation state attacks

HP Wolf Security released the findings of a global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation state attacks. 72% of respondents said they worry that nation state tools, techniques, and procedures (TTPs) could filter through to the dark net and be used to attack their business. Such concerns are well-founded. In recent months, evidence has emerged that techniques deployed in the SolarWinds supply chain attack have already been adopted … More

BEC scams

Key email threats and the high cost of BEC

Area 1 Security published the results of a study analyzing over 31 million threats across multiple organizations and industries, with new findings and warnings issued by technical experts that every organization should be aware of. A key aspect to preventing attacks is having a deep understanding of cyber actor patterns and continuously monitoring and deconstructing campaigns to anticipate future ones. Phishing can be a profitable business model, and most breaches begin with a phishing email. … More

week in review

Week in review: Realtek chips vulnerabilities, NAS devices under attack, security teams burnout

Here’s an overview of some of last week’s most interesting news, articles and interviews: NAS devices under attack: How to keep them safe? Network-attached storage (NAS) devices are a helpful solution for storing, managing, and sharing files and backups and, as such, they are an attractive target for cyber criminals. 65 vendors affected by severe vulnerabilities in Realtek chips A vulnerability within the Realtek RTL819xD module allows attackers to gain complete access to the device, … More

Cyborg Security integrates with Elastic to deliver contextualized threat intelligence

Cyborg Security has developed an integration with Elastic Security to deliver contextualized threat intelligence from its HUNTER platform. This threat intelligence enables security teams to respond more quickly to threats, like ransomware operations, without having to waste valuable time “filling in the blanks” using traditional indicators of compromise. Ransomware operations continue to grow in scope and complexity, enabling adversaries to target even the most secured organizations. Additionally, with increasingly complex supply chains and integrations, adversaries … More

critical infrastructure

Collaboration is the key to protecting critical national infrastructure

Concern around protecting critical national infrastructure (CNI) is growing. Following several high-profile attacks and growing tensions around state sponsored cyber activity, the threat landscape is only likely to intensify. Ransomware has especially been top of mind in recent months because of several headline-grabbing stories. Critical national infrastructure has become a hot target for cyber criminals and has exacerbated worries around the globe due to its importance to everyday life. Attacks like this often target operational … More

attacks

50% of cybersecurity attacks are from repeat offenders

Lack of awareness and gaps in knowledge are a weak link for cybersecurity leadership who are responsible for strategic planning of cybersecurity defenses, leaving organizations exposed to risks, a Ponemon survey reveals. With 2021 already claiming high-profile victims such as Colonial Pipeline and JBS, along with the world’s first bank announcing a $1 billion cybersecurity budget, there is an urgent need for CISOs to rethink their strategy and look for alternative ways to empower their … More

McAfee

McAfee MVISION Cloud now provides enhanced security coverage for Microsoft Dynamics 365

McAfee announced that MVISION Cloud, part of its secure access service edge (SASE) offering – MVISION Unified Cloud Edge (UCE), now provides enhanced security coverage for Microsoft Dynamics 365, a line of enterprise resource planning and customer relationship management software applications. This solution complements Dynamics 365 capabilities by using a frictionless API-based cloud-native approach that allows IT teams to seamlessly enforce data loss prevention (DLP) policies and collaboration controls, access control, address threats from insiders … More

ransomware

SMBs increasingly vulnerable to ransomware, despite the perception they are too small to target

Acronis released a report which gives an in-depth review of the cyberthreat trends the company’s experts are tracking. The report warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year. Ransomware greatly impacting SMBs The report revealed that during the first half of 2021, 4 out of 5 organizations experienced a cybersecurity breach originating from a vulnerability in their third-party … More

Scoping cloud environments: Tips and best practices

The PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) issued a joint bulletin to highlight the importance of properly scoping cloud environments. Why cloud computing matters The use of cloud computing services has accelerated in recent years and is projected to continue expanding in the future. This dramatic increase in use of cloud services makes sense given the many benefits cloud computing can provide to businesses large and small. Cloud computing … More

week in review

Week in review: Clever Office 365 phishing, 2021 CWE Top 25, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and podcasts: Patch bypass flaw in Pulse Secure VPNs can lead to total compromise (CVE-2021-22937) The patch for a vulnerability (CVE-2020-8260) in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich Warren has found. A clever phishing campaign is targeting Office 365 users Microsoft is warning about an ongoing, “sneakier than usual” phishing … More