'Sabbath' Ransomware Operators Target Critical Infrastructure

Coinbase to Acquire Cryptography Firm Unbound Security | North Korean Hackers Use New 'Chinotto' Malware

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 11.30.21 Tuesday, November 30, 2021 Fireside Chat: The World's First CISO, Steve Katz OK to Click: Leveraging Technology to Keep Employees Safe Hear from Steve Katz, the first ever CISO, on how to best reduce employee risk in the enterprise. December 2nd | 1PM EST Register Now 3 Key Questions for CISOs on the Wave of Historic Industrial Cybersecurity Legislation If you're a CISO or security leader, here are three questions to ask yourself as you consider this legislation and look to improve the security posture of your OT environment. Read the Full Column by Yaniv Vardi Preventing a Cyber Pandemic in Healthcare With tight resources for managing healthcare, the IT challenge to keep track of vast amounts of data being created, accessed and modified is critical. Read the Full Column by Laurence Pitt Delivering on the Promise of 5G Requires New Security Standards In order to deliver on the promise of 5G, we need new industry standards for security, testing, and training to proactively combat 5G cyber threats and minimize risks. Read the Full Column by Marie Hattar Acronyms Aside, the SOC of the Future Needs These 3 Capabilities Security Operations Centers do not need another acronym. What they need are capabilities that enable them to address their top use cases faster and more thoroughly in the face of evolving attacks. Read the Full Column by Marc Solomon How to Improve Red Team Effectiveness using Obfuscation For red teams, using an obfuscated network for testing offers the advantage of hiding who is performing the attack and where it is originating, for a more real-life context. Read the Full Column by Gordon Lawson Four Things Your CISO Wants Your Board to Know There's no doubt that there are a lot of things on your CISO's mind. Whether they have an active role at board meetings or not, chances are these are some of the most pressing items they'd like to discuss with you. Read the Full Column by Tim Bandos Enlisting Employees to Fight Cyber Threats Most organizations rely too heavily on their cybersecurity pros to protect them from threats, ignoring the painful reality that human error is by far the most common cause of security breaches. Read the Full Column by Jeff Orloff Security is Everywhere. Can Your Services Keep Up? Recent changes have resulted in a proliferation of devices and users working from anywhere, which has expanded the digital attack surface and exposed more applications, devices, data, and users to risk. Read the Full Column by John Maddison Engaging Customers on an Uncertain Journey One of the best approaches to identifying both the value you are bringing to a customer and opportunities to increase that value is by going on the change-journey with your customers. Read the Full Column by Keith Ibarguen Another Cybersecurity Awareness Month Has Passed and Little Has Changed Before the next Cybersecurity Awareness Month comes along, companies across all industries should consider moving to a Zero Trust approach, powered by additional security measures such as MFA and endpoint resilience. Read the Full Column by Torsten George 3 Questions for MDRs Helping to Get Your Enterprise to XDR If you are among the growing group of organizations looking to an MDR provider to supplement your security operations with XDR, make sure you consider these three factors. Read the Full Column by Marc Solomon Changing Approaches to Preventing Ransomware Attacks Conducting scaled and cost-effective attack surface and digital threat monitoring gives organizations of all sizes the best chance of identifying and defeating their adversaries. Read the Full Column by Landon Winkelvoss CISO Fireside Chat: OK to Click: Leveraging Technology to Keep Employees Safe Join Abnormal CISO Mike Britton and SecurityWeek for this online discussion to learn how to reduce employee risk and better protect enterprises from attackers. December 02, 2021 at 01:00 PM EST Register Now See All Recent Articles at SecurityWeek.Com 'Sabbath' Ransomware Operators Target Critical Infrastructure: Security experts warn that the 'Sabbath' ransomware group is targeting organizations in education, health and natural resources in both the United States and Canada. Read More Coinbase to Acquire Cryptography Firm Unbound Security: Cryptocurrency trading powerhouse Coinbase has announced plans to acquire Unbound Security, an Israeli startup providing protection for cryptographic keys and credentials. Read More Hardware Security Firm Axiado Banks $25M Investment: Axiado raises $25 million to build a new class of security processors that provide platform root-of-trust for large enterprise customers. Read More North Korean Hackers Use New 'Chinotto' Malware to Target Windows, Android Devices: Newly observed attacks bear the characteristics observed in previous ScarCruft campaigns, including similar tooling and the same target pool. Read More Privacy Startup Soveren Raises $6.5 Million Seed Round: Soveren is building technology for businesses to detect and resolve privacy incidents and stay compliant with GDPR and other regulations. Read More 2.1 Million People Affected by Breach at DNA Testing Company: DNA testing company DNA Diagnostics Center has disclosed a data breach affecting 2.1 million people. Read More Source Code Security Firm Cycode Raises $56 Million: Software supply chain security company Cycode has raised $56 million in a Series B funding round. Read More Wind Turbine Giant Vestas Confirms Ransomware Involved in Cyberattack: Danish wind turbine giant Vestas Wind Systems has confirmed that the recently disclosed cyberattack involved ransomware. Read More CIAM Startup Strivacity Raises $9.3 Million in Series A Funding: Customer identity and access management (CIAM) start-up Strivacity has raised $9.3 million in a Series A funding round from TenEleven Ventures and Toba Capital. Read More MI6 Spy Chief Says China, Russia, Iran Top UK Threat List: MI6 chief Richard Moore said Britain's spies must give up some of their deep-rooted secrecy and seek help from technology firms to win a cybersecurity arms race that is giving hostile countries and groups ever more capacity. Read More Project Zero Flags High-Risk Zoom Security Flaw: Google Project Zero's Natalie Silvanovich reports a pair of Zoom security defects that expose Windows, macOS, Linux, iOS and Android users to malicious hacker attacks. Read More Marine Services Provider Swire Pacific Offshore Discloses Data Breach: The Singapore company says an unauthorized party accessed confidential proprietary commercial information and personal data. Read More Panasonic Investigating Data Breach: Panasonic recently discovered a network breach in which someone accessed a file server reportedly storing technology and business information. Read More CISA Releases Guidance on Securing Enterprise Mobile Devices: The Enterprise Mobility Management (EMM) system checklist was designed to help mitigate vulnerabilities and protect business environments. Read More Armis Raises $300 Million at $3.4 Billion Valuation: Enterprise device security company Armis has raised another $300 million, at a valuation of $3.4 billion. Read More Recently Patched Apache HTTP Server Vulnerability Exploited in Attacks: A recently patched Apache HTTP Server SSRF vulnerability (CVE-2021-40438) has been exploited in attacks, according to Cisco and Germany's BSI cybersecurity agency. Read More Ransomware Operators Threaten to Leak 1.5TB of Supernus Pharmaceuticals Data: The biopharmaceutical company says it has no plans to pay a ransom, but warns of potential exploitation of the improperly obtained data. Read More UK Cyber Firm Faces Investors Over Stock Turmoil: Darktrace came under investor scrutiny over dramatic share price gyrations since its headline-grabbing London stock market float. Read More VMware Patches File Read, SSRF Vulnerabilities in vCenter Server: VMware has patched arbitrary file read and SSRF vulnerabilities in vCenter Server. Read More IoT Security Company Shield-IoT Raises $7.4 Million: The company says it can detect anomalies within minutes through transforming big data into small data sets. Read More Two Nigerians Sentenced to Prison in U.S. for Role in BEC Scams: Opeyemi Abidemi Adeoso was sentenced to 151 months in federal prison, while Benjamin Adeleke Ifebajo was sentenced to 120 months in prison. Read More GoDaddy Says Several Brands Hit by Recent WordPress Hosting Breach: GoDaddy says the recent WordPress hosting breach impacts several of its brands, including 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. Read More CISA, FBI Warn of Potential Critical Infrastructure Attacks on Holidays: All organizations – especially critical infrastructure entities – are encouraged to improve their security stance to prevent potentially impactful cyberattacks. Read More Researcher Awarded $10,000 for Google Cloud Platform Vulnerability: The access token for a Google Cloud project could be leaked, thus allowing users to elevate privileges in other internal projects. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com