Category Archives: cyberattack

Businesses struggle with data security practices

43% of C-suite executives and 12% of small business owners (SBOs) have experienced a data breach, according to Shred-it. While businesses are getting better at protecting their customers’ personal and sensitive information, their focus on security training and protocols has declined in the last year. This decline could pose issues for businesses, as 83% of consumers say they prefer to do business with companies who prioritize protecting their physical and digital data. The findings reinforce … More

The post Businesses struggle with data security practices appeared first on Help Net Security.

Most companies have high-risk vulnerabilities on their network perimeter

Positive Technologies performed instrumental scanning of the network perimeter of selected corporate information systems. A total of 3,514 hosts were scanned, including network devices, servers, and workstations. The results show the presence of high-risk vulnerabilities at most companies. However, half of these vulnerabilities can be eliminated by installing the latest software updates. The research shows high-risk vulnerabilities at 84% of companies across finance, manufacturing, IT, retail, government, telecoms and advertising. One or more hosts with … More

The post Most companies have high-risk vulnerabilities on their network perimeter appeared first on Help Net Security.

Russian Espionage Group Updates Custom Malware Suite

Turla has outfitted a trio of backdoors with new C2 tricks and increased interop, as seen in an attack on a European government.

How important are vulnerability management investments for a cybersecurity posture?

Vulnerability management (VM) technology addresses the threat landscape, which is in a constant state of flux. The wider dispersal of endpoints across private and public cloud environments increases the points of vulnerabilities in an enterprise network, intensifying the demand for VM solutions that make endpoints easier to track, verify, and secure. To prevent attacks and damage to a business, VM providers employ various means of identifying, prioritizing, communicating, and suggesting possible responses to the risks … More

The post How important are vulnerability management investments for a cybersecurity posture? appeared first on Help Net Security.

Attacks on IoT devices continue to escalate

Attacks on IoT devices continue to rise at an alarming rate due to poor security protections and cybercriminals use of automated tools to exploit these vulnerabilities, according to Nokia. IoT devices most infected The report found that internet-connected, or IoT, devices now make up roughly 33% of infected devices, up from about 16% in 2019. The report’s findings are based on data aggregated from monitoring network traffic on more than 150 million devices globally. Adoption … More

The post Attacks on IoT devices continue to escalate appeared first on Help Net Security.

Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe  

Systems designed by Mottech Water Management were misconfigured and put in place and connected to the internet without password protections.

Organizations struggle to obtain quality threat data to guide key security decisions

Organizations are often forced to make critical security decisions based on threat data that is not accurate, relevant and fresh, a Neustar report reveals. Just 60% of cybersecurity professionals surveyed indicate that the threat data they receive is both timely and actionable, and only 29% say the data they receive is both extremely accurate and relevant to the threats their organization is facing at that moment. Few orgs basing decisions on near real-time data With … More

The post Organizations struggle to obtain quality threat data to guide key security decisions appeared first on Help Net Security.

Attackers finding new ways to exploit and bypass Office 365 defenses

Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways (SEGs), an Area 1 Security study reveals. How criminals bypass Office 365 defenses Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise​ to evade traditional email defenses, which are based on already-known threats. Attackers also often​ ​use Microsoft’s own tools and branding to bypass legacy defenses and email authentication … More

The post Attackers finding new ways to exploit and bypass Office 365 defenses appeared first on Help Net Security.

DNS attacks increasingly target service providers

The telecommunications and media sector is the most frequent victim of DNS attacks, according to EfficientIP. DNS attacks on service providers According to the IDC 2020 Global DNS Threat Report, organizations in the sector experienced an average of 11.4 attacks last year, compared to 9.5 attacks across industries. Overall, 83% of service provider organizations experienced a DNS attack. In addition to being well above the overall average of 79%, a successful attack on telecommunications providers … More

The post DNS attacks increasingly target service providers appeared first on Help Net Security.

Australia Proposes Security Law to Protect Critical Infrastructure Against Cyber Attacks

The Australian Government is committed to protecting the essential services all Australians rely on by uplifting the security and resilience of critical infrastructure. Increasingly interconnected and interdependent critical infrastructure is delivering efficiencies and economic benefits to operations. However, connectivity without proper safeguards creates vulnerabilities that can deliberately or inadvertently cause disruption resulting in cascading consequences […]… Read More

The post Australia Proposes Security Law to Protect Critical Infrastructure Against Cyber Attacks appeared first on The State of Security.

COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach

Dr. Reddy's, the contractor for Russia’s “Sputinik V” COVID-19 vaccine and a major generics producer, has had to close plants and isolate its data centers.

Machine identity related cyberattacks grew by 433% between 2018 and 2019

The machine identity attack surface is exploding, with a rapid increase in all types of machine identity-related security events in 2018 and 2019, according to Venafi. For example, the number of reported machine identity-related cyberattacks grew by over 400% during this two-year period. “We have seen machine use skyrocket in organizations over the last five years, but many businesses still focus their security controls primarily on human identity management,” said Kevin Bocek, VP of security … More

The post Machine identity related cyberattacks grew by 433% between 2018 and 2019 appeared first on Help Net Security.

63 billion credential stuffing attacks hit retail, hospitality, travel industries

Akamai published a report detailing criminal activity targeting the retail, travel, and hospitality industries with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft. “Criminals are not picky — anything that can be accessed can be used in some way,” said Steve Ragan, Akamai … More

The post 63 billion credential stuffing attacks hit retail, hospitality, travel industries appeared first on Help Net Security.

Cybercrime capitalizing on the convergence of COVID-19 and 2020 election

The cybersecurity challenges of the global pandemic are now colliding with the 2020 U.S. presidential election resulting in a surge of cybercrime, VMware research reveals. Attacks growing increasingly sophisticated and destructive As eCrime groups grow more powerful, these attacks have grown increasingly sophisticated and destructive – respondents reported that 82 percent of attacks now involve instances of counter incident response (IR), and 55 percent involve island hopping, where an attacker infiltrates an organization’s network to … More

The post Cybercrime capitalizing on the convergence of COVID-19 and 2020 election appeared first on Help Net Security.

SecOps teams turn to next-gen automation tools to address security gaps

SOCs across the globe are most concerned with advanced threat detection and are increasingly looking to next-gen automation tools like AI and ML technologies to proactively safeguard the enterprise, Micro Focus reveals. Growing deployment of next-gen tools and capabilities The report’s findings show that over 93 percent of respondents employ AI and ML technologies with the leading goal of improving advanced threat detection capabilities, and that over 92 percent of respondents expect to use or … More

The post SecOps teams turn to next-gen automation tools to address security gaps appeared first on Help Net Security.

Is poor cyber hygiene crippling your security program?

Cybercriminals are targeting vulnerabilities created by the pandemic-driven worldwide transition to remote work, according to Secureworks. The report is based on hundreds of incidents the company’s IR team has responded to since the start of the pandemic. Threat level is unchanged While initial news reports predicted a sharp uptick in cyber threats after the pandemic took hold, data on confirmed security incidents and genuine threats to customers show the threat level is largely unchanged. Instead, … More

The post Is poor cyber hygiene crippling your security program? appeared first on Help Net Security.

Global adoption of data and privacy programs still maturing

The importance of privacy and data protection is a critical issue for organizations as it transcends beyond legal departments to the forefront of an organization’s strategic priorities. A FairWarning research, based on survey results from more than 550 global privacy and data protection, IT, and compliance professionals outlines the characteristics and behaviors of advanced privacy and data protection teams. By examining the trends of privacy adoption and maturity across industries, the research uncovers adjustments that … More

The post Global adoption of data and privacy programs still maturing appeared first on Help Net Security.

Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy

Google's Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden's presidential campaign.

FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft

In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.