Nuspire announced the release of its 2020 Q4 and Year in Review Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.
Accurics unveiled its latest research, “Accurics Cloud Cyber Resilience Report,” which highlights security risks identified in cloud native environments. The findings reveal an increased adoption of managed infrastructure services and the emergence of new cloud watering hole attacks. Of all violations identified, 23% correspond to poorly configured managed service offerings – largely the result of default security profiles or configurations that offer excessive permissions.
2020 and COVID-19 taught us a few things in the security industry: the importance of security awareness, speed of deployment is not always a good thing, and assuming new levels of risk such as “remote work force”. With so many challenges still on the horizon, here are some of the key topics to have on top of mind:
Just like every company in the business world, cybercriminals are looking to boost their sales. With ransomware, they’ve found a way to force victims to pay. And in their quest, cyber attackers are borrowing a playbook from sales teams in legitimate businesses.
As the cybersecurity community slowly recovers from the SolarWinds Orion breach, we speak to Michael Bahar, a leader in cybersecurity and privacy, about the aftermath of this attack. Bahar is a partner in the Washington D.C. office of Eversheds Sutherland (U.S.) LLP, and the firm’s Litigation practice. He was Deputy Legal Advisor to the National Security Council at the White House, former Minority Staff Director and General Counsel for the U.S. House Intelligence Committee, and a former Active Duty Navy JAG.
Microsoft announced they had closed their internal investigation of the SolarWinds attack. The Microsoft Security Research Center (MSRC), which has shared learnings and guidance throughout the Solorigate incident, confirmed that following the completion of their internal investigation, Microsoft has seen no evidence that Microsoft systems were used to attack others. There was also no evidence of access to Microsoft production services or customer data.
Laura Juanes Micas is joining Constella Intelligence as Chief Privacy and Compliance Officer to oversee the creation and development of the company's Privacy and Compliance program.
James Arlen has been named Chief Information Security Officer (CISO) at Aiven, a software company that combines open source technologies with cloud infrastructure. Arlen represents a key addition to the executive team at the company.
WhiteHat Security, provider of application security, released AppSec Stats Flash Volume 2. Research indicated at least 50% of applications in industries such as manufacturing, public services, healthcare, retail, education and utilities, are vulnerable throughout the year due to one or more serious exploitable vulnerabilities.
Any server connected to the internet is at risk of getting attacked by hackers. Penetration testing or pentesting simulates a DDoS attack in a controlled environment with ethical hackers to assess the risk exposure of the servers. Organizations can use pentesting to identify vulnerabilities in the system and work to resolve any risks. Let's discuss how to design and build a robust and comprehensive pentesting program.
RSS
