Patch management: A dull IT pain that won’t go away
CSO
by
3h ago
Enterprise security patching remains a challenge despite improvements in both vulnerability assessment and update technology. Competing priorities, organizational challenges, and technical debt continue to transform an ostensibly straightforward aim of keeping systems up to date into a major headache, according to IT experts quizzed by CSO. Because of these and other issues, approximately 60% of enterprise applications remain unpatched six months after a vulnerability is disclosed, according to cloud security vendor Qualys. The industry average for patching critical vulnerabilities within the ..read more
Visit website
Top 10 ransomware groups to watch
CSO
by
6h ago
The ransomware landscape has seen a lot of fragmentation over the past couple of years with major groups shutting down after they became the target of law enforcement actions or after they attracted too much attention and had ransoms put on their leaders’ identities. Ransomware-as-a-service (RaaS) operations are heavily reliant on third-party hackers, known as affiliates, to break into victim networks, steal data and deploy their file encryption programs. These affiliates earn a large percentage from the ransoms paid by victims, so there’s constant competition between different ransomware ope ..read more
Visit website
Newly patched Ivanti CSA flaw under active exploitation
CSO
by
3d ago
IT management solutions provider Ivanti confirmed that a high-severity flaw patched this week in an older version of its Cloud Service Appliance (CSA) has been exploited in attacks. The vulnerability was fixed as part of the company’s September security update, which also included patches for critical and high-severity flaws in other products. “​​Following public disclosure, Ivanti has confirmed exploitation of this vulnerability in the wild,” the company wrote in its updated advisory. “At the time of this update, we are aware of a limited number of customers who have been exploited.” The US ..read more
Visit website
New cryptomining campaign infects WebLogic servers with Hadooken malware
CSO
by
3d ago
A new attack campaign compromises misconfigured Oracle WebLogic servers and deploys a backdoor program called Hadooken along with a cryptocurrency mining program, apparently to take advantage of weak administrative passwords and gain access, according to researchers from Aqua Security. Oracle WebLogic is a Java application server that’s used by many businesses to build and deploy enterprise applications. Its popularity and widespread use have made it a target for attackers over the years, both through remote code execution vulnerabilities as well as misconfigurations. “A search in Shodan (a s ..read more
Visit website
Understanding and Mitigating the Risks of Email Forwarding
CSO
by
3d ago
Email forwarding, while a seemingly harmless and convenient feature, can pose significant risks to data security and compliance. When misused or left unchecked, email forwarding can lead to inadvertent data leaks, exposing sensitive information to unauthorized parties and resulting in costly compliance breaches. One of the primary risks is the accidental exposure of sensitive information. Employees may forward emails containing confidential data to personal email accounts for convenience, or they might inadvertently include unintended recipients in a forwarded message. Once these emails leave ..read more
Visit website
Aflac’s shift to passkeys brings big business benefits
CSO
by
3d ago
At supplemental insurance provider Aflac, safeguarding information collected on behalf of employees and the customers and businesses they serve is a key tenet of the company’s culture, says Tim Callahan, global CISO. “Cybercriminals are innovative, willing to take risks, and have no regard for regulations,” Callahan says. “Criminals see the supplier channels as a softer target, which have experienced an increase of attacks. We have a robust third-party security program, but we can’t control [its] environment.” In addition, given the state of geopolitics, companies could become a corollary or ..read more
Visit website
Mastercard acquires Recorded Future: How will threat intelligence transform the payments industry?
CSO
by
3d ago
As cyber criminals grow ever more crafty with their tactics, enterprises are increasingly turning to threat intelligence, which — much like military threat intelligence — involves collecting, processing and analyzing data to determine behaviors, motives, and target areas. To help protect its enormous global network and secure the digital economy, payment giant Mastercard is increasingly relying on this comprehensive method, and is further bolstering those efforts with a new agreement to acquire global threat intelligence company Recorded Future for $2.65 billion. “This is the next step in our ..read more
Visit website
Fake recruitment campaign targets developers using trojanized Python packages
CSO
by
4d ago
The number of attacks looking to compromise developer machines has exploded in recent years. There has been a barrage of malicious packages uploaded to public registries such as PyPi and npm, sophisticated attempts by APT groups to infiltrate popular projects and make malicious code contributions, and more recently fake recruitment campaigns that trick developers into deploying poisoned repositories on their machines as part of coding tests. The latest such campaign was uncovered by researchers from ReversingLabs and involves malicious code hidden in compiled Python files (PYC) that were part ..read more
Visit website
Transport for London continues to struggle with cyber attack
CSO
by
4d ago
Transport for London, which manages public transport for the British capital, continues to experience technical disruptions from a cyberattack on September 1. It reported the cyberattack at the beginning of September and since then has been working with government agencies including the National Cyber Security Centre and the National Crime Agency to investigate the incident and contain its impact. Impact of the attack “Many of our employees have limited access to systems and email. For this reason, there will be delays in responding to some previously submitted online forms,” TfL explained in ..read more
Visit website
Application detection and response is the gap-bridging technology we need
CSO
by
4d ago
The concept of detection and response is far from new in cybersecurity — in fact, it’s a core part of the NIST Cybersecurity Framework (CSF) and a fundamental part of any sound cybersecurity program. You must be able to both detect threats and malicious activity and respond to them, regardless of where they occur and that’s the greatest challenge for the current detection and response landscape. Most detection and response tools and capabilities have been focused on things such as endpoints, networks, servers, and more, all of which need coverage, leaving one large gap: applications. That gap ..read more
Visit website

Follow CSO on FeedSpot

Continue with Google
Continue with Apple
OR