Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices. These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations. It is likely that multiple actors are responsible for the creation and deployment of these various code families, says Mandiant.
With more powerful malware, a tightening regulatory environment, and greater consumer security consciousness raising the stakes for organizational cybersecurity, understanding how personal data monitoring impacts cybersecurity has never been more vital.
Through observation and analysis of open source information and behavior on multiple closed forums, Intel 471 found actors adopting the use of legitimate big data technology for cybercrime and monetizing the data they obtain on the Chinese-language underground.
Hiscox reveals that U.S. businesses’ cybersecurity spending is on the rise and they are leaders in cyber expertise, but still have more work to do when it comes to ransomware and phishing emails. The annual Hiscox Cyber Readiness Report, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed over 6,000 professionals responsible for their company’s cybersecurity from the U.S., U.K., Belgium, France, Germany, the Netherlands, Spain and Ireland. Key findings specific to the more than 1,000 U.S. professionals surveyed include:
Netenrich announced the appointment of Christopher Morales as Chief Information Security Officer (CISO) and Head of Security Strategy to its leadership team. Morales will oversee the strategic development, implementation, and market execution of the company’s security solutions and processes.
Meet Ray Espinoza, Chief Information Security Officer at Cobalt. With over 20 years of technology experience and 14+ years in information security, Espinoza’s collaborative leadership style has enabled him to build information security and risk management programs that support business objectives and build customer trust. Here, we talk to Espinoza about common cybersecurity hurdles leadership teams may encounter when restructuring.
Since Digital Shadows published its first report last year, Initial Access Brokers: An Excess of Access, the company has continued to closely monitor the IAB criminal category. Where it tracked roughly 500 IAB listings in all of 2020, already in 2021 it has found some 200 new listings published by IABs in cybercriminal forums and other dark web sources in just Q1.
Cybercriminals continue to exploit unpatched Microsoft Exchange servers. Cybersecurity researchers at Sophos report an unknown attacked has been attempting to leverage the ProxyLogon exploit to unload malicious Monero cryptominer onto Exchange servers, with the payload being hosted on a compromised Exchange server.
Apricorn announced new findings from the Apricorn 2021 Global IT Security Survey, which found that, in some instances, respondents have placed unwarranted trust in their employees, household members and third-party vendors. More than 400 IT security practitioners across North America and Europe responded to questions about security practices and policies during remote working conditions over the past 12 months. The findings show that IT security professionals are concerned about the cyber risks brought about by remote work, with 75% putting COVID-centric policies in place, including use of two factor authentication (48%) and encryption of sensitive data (41%).
Many lessons were learned in enterprise IT and security teams in 2020, right down to the final weeks of the year with the SolarWinds attack. We closed out a miserable year with a devastating reminder about the danger of third party access and supply chain attacks.
