Justin Jett, director of audit and compliance for Plixer, discusses the elements of a successful advanced security posture.
Threatpost
Posts tagged "threats"
New Threats On An Evolving Threat Landscape
Security threats abound yet are distinct and evolving as we make our way to 2021. While this week’s TF7 episode asks about the viability of yet another threat.
Monitoring And Preparing For Emerging Coronavirus-Related Cyber Security Threats
The coronavirus is not just a global health crisis – increasingly, it is becoming a cyber security threat as well as more organizations move employees to remote work. The federal government issued an…
Cybersecurity experts join forces to combat coronavirus security threats
The coronavirus outbreak has led to a rise in hacking attempts and cyberattacks which is why an international group of close to 400 volunteers with expertise in cybersecurity have banded together to form a new group to combat these threats.
The group, called the Covid-19 CTI League (for cyber threat intelligence), has members in more than 40 countries and includes professionals who sold senior positions at major companies including Microsoft and Amazon.
VP of cybersecurity strategy at Okta, Marc Rogers is one of the four initial managers of the effort and he said the group's top priority would be preventing cyberattacks against medical facilities and frontline responders. In fact, the Covid-19 CTI League has already begun working on dealing with hacks of health organizations.
- Hackers are spreading malware through coronavirus maps
- Hackers target WHO as coronavirus spreads
- Malware strains using coronavirus to avoid detection
Covid-19 CTI League
The newly formed group is currently using its contacts at internet infrastructure providers to help stop phishing attacks and other financial cybercrime which preys on people's fears of the coronavirus to trick them into installing malware on their computers.
Rogers explained to Reuters how the coronavirus has led to a huge surge in phishing attacks, saying:
“I’ve never seen this volume of phishing. I am literally seeing phishing messages in every language known to man.”
According to Rogers, the Covid-19 CTI League has already managed to dismantle one campaign that used a software vulnerability to spread malicious software. However, he did not share any more details as the group is choosing to keep its operations close to the chest to avoid any retaliation from the cybercriminals it's trying to stop.
Rogers also revealed that law enforcement has been surprisingly welcoming of the group's collaboration.
- Also check out our complete list of the best antivirus software
Via Reuters
How Public-Private Partnerships Are Working To Combat Cyber Threats
We are starting to see “tremendous collaboration” between government, the private sector to pool resources and work on finding a vaccine for COVID-19—but communicating those efforts needs to improve t…
Google Cloud wants to help you detect security threats
As part of its efforts to better cater to enterprise customers, Google Cloud has announced a number of new security capabilities including a new way to utilize Chronicle's security analytics platform to detect threats.
The cybersecurity company Chronicle may have started out as part of Alphabet's moonshot X unit but last year it was folded into Google Cloud. Now customers will be able to use the company's security analytics platform to detect threats using a new rules language called YARA-L which has been built specifically for modern threats and behaviors.
YARA is a popular, open source language used for writing rules to detect malware and the Chronicle team created a new version of it to apply to security logs and other telemetry such as EDR data and network traffic.
- Google Cloud is now able to store all your secrets
- Google Cloud reveals major restructuring plans
- Also check out the best cloud computing services
YARA-L provides security analysts with the ability to write rules which are better suited for detecting modern threats and according to Google, it allows for scalable, real-time and retroactive rule execution.
New data structure
Google Cloud also revealed that Chronicle is introducing a new data structure which combines a new data model with the ability to automatically link multiple events into a single timeline. This will certainly make things easier for security analysts who will no longer have to manically collect logs following a security incident.
Palo Alto Networks Cortex XSOAR will be the first Google Cloud partner to integrate with this new structure and the firm's VP of Product Strategy, Rishi Bhargava explained how Chronicle's new detection capabilities have enhanced its response in a blog post, saying:
“Cortex XSOAR offers automated enrichment, response and case management to enterprise-wide threats. The integration with Chronicle’s new detection capabilities and event timelines, across months or years of data, enhances that response and enables comprehensive threat management for our mutual customers.”
Additionally, Google is making its Web Risk API and reCAPTCHA Enterprise services generally available in an effort to help organizations protect user accounts from fraudulent activities online. The reCAPTCHA Enterprise service helps protect against scraping, credential misuse and automated account creation while the Web Risk API helps organizations identify known bad sites, warns users when they click on a bad link and prevents users from posting links to known malicious pages.
- Keep your devices protected with our top picks for the best antivirus software
Via ZDNet