Ask nearly any security leader whether they have adequate resources to protect their organization effectively and consistently, and you’ll likely hear an emphatic “No.” Given that an estimated 3.4 million people are needed to fill the global cybersecurity workforce gap, it’s no surprise that CISOs feel that they need more staff to safeguard their networks, let alone focus on more strategic priorities. And nearly 70% of leaders say this skills gap creates additional cyber risks for their business.  

To read this article in full, please click here

A UK/US campaign to tackle international cybercrime has seen Seven Russian cybercriminals linked to a notorious ransomware group exposed and sanctioned. The sanctions were announced today by the UK’s Foreign, Commonwealth and Development Office (FCDO) alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC). This follows a lengthy investigation by the National Crime Agency (NCA) into the crime group behind Trickbot malware, as well as the Conti and RYUK ransomware strains, among others, a NCA posting read.

To read this article in full, please click here

Trustwave SpiderLabs researchers have cited an increased prevalence of HTML smuggling activity whereby cybercriminal groups abuse the versatility of HTML in combination with social engineering to distribute malware. The firm has detailed four recent HTML smuggling campaigns attempting to lure users into saving and opening malicious payloads, impersonating well-known brands such as Adobe Acrobat, Google Drive, and the US Postal Service to increase the chances of users falling victim.

HTML smuggling uses HTML5 attributes that can work offline by storing a binary in an immutable blob of data (or embedded payload) within JavaScript code, which is decoded into a file object when opened via a web browser. It is not a new attack method, but it has grown in popularity since Microsoft started blocking macros in documents from the internet by default, Trustwave SpiderLabs wrote. The four malware strains that have recently been detected using HTML smuggling in their infection chain are Cobalt Strike, Qakbot, IcedID, and Xworm RAT, the firm added.

To read this article in full, please click here

The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure. While some may write this off as geopolitical shenanigans by China and nothing to fret about, I submit that it is emblematic of a nation-state using all resources available to acquire pieces of information and fill in the blanks on the mosaic they are building about a potential adversarial nation.

The physical threat posed by this balloon and the collection platform that dangled below it was negligible unless the balloon fell from the sky and landed in a populated area. It did not. When it met its demise, it was shot down by a US F-22 Raptor and fell into US territorial waters off the coast of South Carolina.

To read this article in full, please click here

Security teams are comprised primarily of operations, compliance, and policy-related roles. Security engineering teams, on the other hand, are builders. They build services, automate processes, and streamline deployments to support the core security team and its stakeholders. Security engineering teams are typically made up of software and infrastructure engineers, architects, and product managers.

The collective security/security engineering team mindset is also that of a builder, quite different from that of a penetration tester or third-party risk management assessor. This presents a challenge to security leaders. As security engineering teams continue to grow in prominence, CISOs need to be intentional with their structure and development.

To read this article in full, please click here

Researchers warn that a new threat actor has been targeting over a thousand organizations since October with the goal of deploying credential-stealing malware. The attack chain also involves reconnaissance components including a Trojan that takes screenshots of the desktops of infected computers.

Tracked as TA866 by researchers from security firm Proofpoint, the group’s tooling seems to have similarities to other campaigns reported in the past under different names going as far back as 2019. Even though this latest activity appears to be financially motivated, some of the possibly related attacks seen in the past suggest that espionage was also a motivation at the time.

To read this article in full, please click here

Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group.

Between the ongoing influence of remote work and IoT, the number and diversity of devices that have to be managed by endpoint security tools is on the rise. As a consequence, the number of available tools to manage them has also risen.

An ESG survey of 380 security professionals in North America, commissioned by cybersecurity company Syxsense, showed that companies using larger numbers of different tools to manage their endpoints had larger proportions of unmanaged endpoints, compared to those with fewer. Put simply, the complexity of the current-day device environment is leading to worse security, according to the research.

To read this article in full, please click here

Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack surface reduction via AWS GovCloud support, Cohesity added.

Cohesity 7.0 focuses on a “data-centric” approach to cyber resilience

In a press release, Cohesity explained that the 7.0 software release helps businesses take a more data-centric approach to cyber resilience including data immutability, data isolation (or cyber vaulting), and recovery at scale. “Organizations are facing significant challenges with managing and securing their data estate across cloud and on-premises, with ransomware and data theft as their number one concern,” commented Chris Kent, VP product and solutions marketing, Cohesity. “Cohesity Data Cloud 7.0 adds a new layer of protection and recovery to organizations’ most critical data.”

To read this article in full, please click here