IT News - Security
2021 Sep 12
#107951
What Are The Cybersecurity Threats Every Board Needs To Be Aware Of Today?
ITProPortal, August 31st, 2021

Pascal Geenens writes in ITProPortal, "In the last few months the cyber security community has witnessed the propagation of new organized hacktivist groups spurred on by the innovations used by nation-states. Pascal Geenens, director of threat intelligence at Radware, provides the low down.

In the second quarter of 2021, companies were fending off each month on average around 5000 malicious events. Compared to the second quarter of 2020, this represents a jump in blocked attacks of around 30 percent and an increase of more than 40 percent in average blocked volume. Companies based in America and Europe, Middle East and Africa had to defend against twice as much volume compared to Asia Pacific..."
(Get More Information . .)

2021 Sep 12
#107959
FBI And CISA Warn That Cybercriminals Don't Take Holidays
Security Boulevard, September 2nd, 2021

Graham Cluley wrote in Security Boulevard "With the Labor Day weekend rapidly approaching, the agencies have reminded businesses to be especially vigilant, remain diligent about their network defences, and 'engage in preemptive threat hunting on their networks to search for signs of threat actors.'

To underline their point, the FBI and CISA have warned that they have noted a trend for ransomware and other cyber attacks to occur at times when offices are normally closed. To underline the seriousness of the issue, the agencies have detailed three major ransomware attacks in recent months that coincided with holiday weekends, causing significant disruption:..."
(Get More Information . .)

2021 Sep 12
#107967
Cloud Infrastructure Entitlements Management (CIEM) & Identity Management For Beginners
Security Boulevard, August 31st, 2021

"The security boundary of your cloud is your Identities," writes Eric Kedrosky in Security Boulevard, "both people users and non-people identities, and they need to be managed accordingly. There can be tens of thousands of non-people identities in your cloud environment, and it is the use cases of these non-people identities make security even more complex.

Identity-based use cases are proliferating dramatically, which brings into question their entitlements. In the cloud, we call these entitlements an Identity's Effective Permissions, the end-to-end permission of the actions that an Identity can take and the data it can access..."
(Get More Information . .)

2021 Sep 12
#107974
Why Phishing Is A Bigger Threat Than Ransomware
Security Boulevard, September 1st, 2021

"In fact," writes Jonathan Andresen in Security Boulevard, "just this past week Microsoft warned of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software.

'Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking,' Microsoft 365 Defender Threat Intelligence Team said in a report published this week.
(Get More Information . .)

2021 Sep 12
#107977
Ransom DDoS: What You Need To Know Now
Security Boulevard, August 31st, 2021

"As security teams prepare cyber-attack mitigation strategies for 2022, data collected by Imperva strongly suggests that evaluating and improving RDoS detection and response capabilities should be a priority," notes Bruce Lynch in Security Boulevard. "In this post, we'll explain what an RDoS attack is, how it plays out, and what you need to do to prevent it.

RDoS attacks are DDoS attacks - malicious attempts to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server - with an extortion component. Today, they are remarkably easy to carry out. The technical skills required to carry out an RDoS attack are extremely low, and the tools for reconnaissance on your organization's networks are publicly available. DDoS 'stressors', a.k.a. 'DDoSers' or 'Booters' which are ostensibly intended to enable you to research and pressure test your network, actually help cybercriminals plan an attack against your network. Search engines make it simple for hackers to collect information about all of your network ranges and networking services, information that you use to keep your IT systems working and accessible, but which makes your systems easier to attack..."
(Get More Information . .)

2021 Sep 12
#107980
Best Threat Intelligence Platforms & Tools For 2021
CIOinsight, September 1st, 2021

"Threat intelligence helps IT to stay one step ahead of cybercriminals and prevent information or financial loss," notes Drew Robb in CIOinsight.

"This makes it possible to warn organizations about potentially malicious activity inside the network. Unusual patterns or behavior are flagged so security analysts can find out what is going on.

Threat intelligence platforms, then, deal with any threats or potential threats related to computer systems and web-based applications. This represents a way to collect relevant information relating to cyber threats. Further, threat intelligence software applies analytics to that information, adding a predictive capability and risk estimation..."
(Get More Information . .)

See all archived IT News - Security articles See all articles from this issue