A new CISCO Talos Intelligence report explores how cybercriminals are increasingly abusing the communications platforms that many organizations use to facilitate employee communications. According to the report, communication platforms have allowed attackers to circumvent perimeter security controls and maximize infection capabilities. Over the past year, adversaries are increasingly relying on these platforms as part of the infection process.
Cybersecurity is not a one-and-done proposition. Deterring cybersecurity threats and remediating incidents is a complex and never-ending responsibility. Malicious state actors, cybercriminals and corporate espionage are just a few sources of cyberattacks. Each one uses dozens of ever-evolving techniques to overcome security safeguards.
Researchers at Rapid7 evaluated five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staffs, and their internal business partners to address, in their new round of Internet Cyber-Exposure Reports (ICERs). These five facets of internet-facing cyber-exposure and risk include:
SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management.
A 2019 S&P Global study found that public companies with women at the helm were more profitable compared to those with men in the CEO and CFO seats. Women are also making big inroads in other fields including science and medicine. Yet in the tech and cybersecurity industries women still lag behind. It’s certainly not because of a lack of jobs. Though the talent shortage did ease last year, the industry as a whole is struggling to fill vacancies. There are a few reasons that women aren’t filling those seats.
The Pentagon’s Cyber Crime Center and bug bounty vendor HackerOne have launched the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP), an effort to share vulnerability data and boost digital hygiene within the defense industrial base. According to HackerOne, any information submitted to the DIB-VDP under this program will be used for defensive purposes – to mitigate or remediate vulnerabilities in DoD contractor information systems, networks, or applications.
eSentire is warning enterprises and individuals that cybercriminals are spearphishing business professionals on LinkedIn with fake job offers in an effort to infect them with a sophisticated backdoor Trojan. Backdoor trojans, according to eSentire, give threat actors remote control over a victim's computer, allowing them to send, receive, launch and delete files.
The personal data and phone numbers of hundreds of millions of Facebook users were posted for free in a hacking forum over the weekend. The data includes personal information of 533 million Facebook users from 106 countries, including more than 32 million records on users in the U.S. 11 million on users in the U.K., and 6 million on users in India.
Those on the cyber threat frontlines may view the entire FireEye-SolarWinds catastrophe through a very different lens. It’s a mile-high view that proves a thesis: why data must be smart and able to protect itself from cybercriminals – no matter where it goes, where it’s stored or who has it.
RSS
