Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
USCYBERCOM is advising BIG-IP users to patch CVE-2020-5902, a vulnerability that allows an attacker to take complete control of a system and which has already been exploited in attacks. [Read More]
Recent fires and explosions at Iranian facilities, including the Natanz nuclear site targeted by the notorious Stuxnet malware, may have been caused deliberately as part of an operation that involved cyberattacks. [Read More]
Remote code execution and information disclosure vulnerabilities addressed in Apache Guacamole can be highly useful to threat actors targeting enterprises. [Read More]
ICS-targeting Snake/EKANS ransomware manipulates the firewall to isolate infected systems before initiating the file encryption process. [Read More]
In an alert published this week, CISA and the FBI warned enterprises about the use of Tor in cyberattacks. [Read More]
Cisco Talos has disclosed the details of a remote code execution vulnerability in Chrome and an information disclosure flaw affecting Firefox. [Read More]
Morocco's prime minister has demanded Amnesty International provide evidence to support its allegations that Rabat used spyware to bug a journalist's phone. [Read More]
The Valak information stealer is being distributed in ongoing campaigns aimed at enterprises in North America, South America, Europe and likely other regions. [Read More]
The threat actor behind the Sodinokibi (REvil) ransomware is demanding a $14 million ransom from Brazilian-based electrical energy company Light S.A. [Read More]
Critical and high-severity vulnerabilities discovered by researchers in F5’s BIG-IP application delivery controller allow a remote attacker to take complete control of a targeted system. [Read More]
FEATURES, INSIGHTS // Virus & Threats
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
By implementing these measures organizations can limit their exposure to remote access-based cyber threats, while supporting agile business models such as remote work and outsourced IT.
Recalculating and reevaluating priorities based on a continuous flow of new data, learnings and your risk profile, helps to ensure you’re staying focused on what matters in a highly dynamic environment.
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
Get the Daily Briefing
- Vulnerabilities in Popular Open Source Management Tool Expose Hospitals to Attacks
- Honeywell Sees Rise in USB-Borne Malware That Can Cause Major ICS Disruption
- Researchers Find Pre-Installed Malware on More Android Phones in U.S.
- Germany Seizes Server Hosting Pilfered U.S. Police Files
- Microsoft Adds New Data Corruption Preventions to Windows
- Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS
- Powerful Conti Ransomware Emerges
- Cyberattack Simulation Company XM Cyber Raises $17 Million
- Google Patches Critical Android Vulnerabilities With July 2020 Updates
- Over 5 Billion Unique Credentials Offered on Cybercrime Marketplaces
Copyright © 2020 Wired Business Media. All Rights Reserved. Privacy Policy