attack Archives - Page 3 of 5 - Cyber Security Minute

SolarWinds hack is a wakeup call for taking cybersecurity action

Issued by: CSO

Advanced Persistent Threats (APTs) have long been a concern of the cybersecurity community. Well-organized teams with significant resources and targets they are not willing to give up attacking until their mission is accomplished are certainly not a threat to be underestimated. The tactics deployed by such groups involve a combination of attack types, from exploiting…

Vulnerabilities

How to prepare for and respond to a SolarWinds-type attack

Issued by: CSO

If you use the recently compromised SolarWinds Orion monitoring products, you are already reviewing your infrastructure and possibly blocking network access to the servers in your domain. For those of you who do not use the SolarWinds software, this is an opportunity to review your own processes and determine whether you would have detected the…

Malware & Threats

Organizations plan to use AI and ML to tackle unknown attacks faster

Issued by: Help Net Security

Wipro published a report which provides fresh insights on how AI will be leveraged as part of defender stratagems as more organizations lock horns with sophisticated cyberattacks and become more resilient. Organizations need to tackle unknown attacks There has been an increase in R&D with 49% of the worldwide cybersecurity related patents filed in the…

Vulnerabilities

6 security shortcomings that COVID-19 exposed

Issued by: CSO

A year ago, in the fall of 2019, Mike Zachman ran a security drill for his company, Zebra Technologies Corp. Zachman, who as chief security officer oversees cybersecurity as well as product security and physical security, had focused the exercise on business continuity to determine how well the company’s plans would hold up. He had…

Vulnerabilities

Palo Alto Networks to Acquire Attack Surface Management Firm Expanse in $800 Million Deal

Issued by: Security Week

As its largest acquisition to date, Palo Alto will pay $670 million in cash and stock and approximately $130 million in equity awards. Expanse’s platform provides customers with a vulnerability map of externally exposed and untracked assets and helps evaluate and mitigate risk. Following the acquisition, Expanse’s attack surface management capabilities will be integrated into…

Vulnerabilities

Cisco Working on Patch for Code Execution Vulnerability in VPN Product

Issued by: Security Week

The Cisco AnyConnect Secure Mobility Client is designed to provide secure VPN access for remote workers. According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script. The vulnerability is related to…

Network Security

NAT Slipstreaming: Visiting Malicious Site Can Expose Local Network Services to Remote Attacks

Issued by: Security Week

Dubbed NAT Slipstreaming, the attack can be triggered when the victim visits a specially crafted website, exploiting the browser and Application Level Gateway (ALG), a connection tracking mechanism present in firewalls, NATs, and routers. According to the researcher, the attack chains “internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation…

Vulnerabilities

How to protect backups from ransomware

Issued by: CSO

Despite a recent decline in attacks, ransomware still poses significant threats to enterprises, as the attacks against healthcare organizations demonstrated this month. It is also becoming more capable. In particular, ransomware writers are aware that backups are an effective defense and are modifying their malware to track down and eliminate the backups. Ransomware targeting backups…

Vulnerabilities

Nine out of ten IT pros have experienced a data breach

Issued by: Help Net Security

Exonar, has today published research revealing that 94 percent of IT pros have experienced a data breach, and an overwhelming majority (79 percent) are worried that their current organization could be next. The survey of 500 IT professionals found that when it comes to cybersecurity, employee data breaches are seen as the biggest risk to…

Network Security

Analysis of 92 billion rejected emails uncovers threat actors’ motivations

Issued by: Help Net Security

Mimecast released the Threat Intelligence Report: Black Hat U.S.A. Edition 2020, which presents insights gleaned from the analysis of 195 billion emails processed by Mimecast for its customers from January through June 2020. Of those, 92 billion (47%) were flagged as malicious or spam and rejected. Main trends Two main trends ran throughout the analysis:…