February 4, 2021

Since December, the United States, its government, and other critical institutions including security firms have been addressing the world’s latest serious nation-state cyberattack, sometimes referred to as ‘Solorigate’ or ‘SUNBURST.’ As we shared earlier this is a moment of reckoning for our industry and needs a unified response of defenders across public and private sectors.

The post Sophisticated cybersecurity threats demand collaborative, global response appeared first on Microsoft Security.

Read More Sophisticated cybersecurity threats demand collaborative, global response

credit card breach

Affected by a Data Breach? Here Are Security Steps You Should Take We share personal information with companies for multiple reasons: to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop.  While using a credit card is convenient, it actually gives away more […]

The post Affected by a Data Breach? Here Are Security Steps You Should Take appeared first on McAfee Blogs.

Read More Affected by a Data Breach? Here Are Security Steps You Should Take

In technical literature, the terms data discovery, classification, and tagging are sometimes used interchangeably, but there are real differences in what they actually mean—and each plays a critical role in an enterprise data protection strategy.

The post Automating and operationalizing data protection with Dataguise and Microsoft Information Protection appeared first on Microsoft Security.

Read More Automating and operationalizing data protection with Dataguise and Microsoft Information Protection

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.

Read More Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

This blog is part of our SOCwise series where we’ll be digging into all things related to SecOps from a practitioner’s point of view, helping us enable defenders to both build context and confidence in what they do.  Although there’s been a lot of chatter about supply chain attacks, we’re going to bring you a slightly different […]

The post SOCwise Series: Practical Considerations on SUNBURST appeared first on McAfee Blogs.

Read More SOCwise Series: Practical Considerations on SUNBURST

What happens when your co-passengers are engrossed in their mobiles/ PDAs and the driver feels drowsy at the wheel? Well, he can’t monitor the road for safe driving, that’s for sure. Unfortunately, the threats that cybersecurity experts have to deal with on a daily basis are a bit less obvious than hulking frames of glass […]

The post 6 Tips to Avoid Cybersecurity Burnout appeared first on CyberDB.

Read More 6 Tips to Avoid Cybersecurity Burnout

2020 has been a year of learning for businesses on many levels. From enabling global remote practically overnight to switching to cloud-based applications and infrastructure – the list of learnings has been long. But none have managed to make quite a dent as much as the dramatic rise in malicious attacks on cloud and on-site […]

The post 7 Cybersecurity Threats Enterprise IT Should Watch Out for Near Future appeared first on CyberDB.

Read More 7 Cybersecurity Threats Enterprise IT Should Watch Out for Near Future

Graham Cluley Security News is sponsored this week by the folks at Orca Security. Thanks to the great team there for their support! Public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform keep their platform…

Read More Orca’s “State of Public Cloud Security” report reveals how most cloud security breaches happen

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks:

Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.

[…]

Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies…

Read More Another SolarWinds Orion Hack