Ransomware Decoy in Ukraine Cyberattacks | GE SCADA Product Vulnerabilities Show Importance of Secure Configurations

Iranian Cyberattacks on Government, Commercial Networks | Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine:

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 02.25.22 Thursday, February 24, 2022 Until now, remote work wasn't remotely secure. To protect the modern remote worker, you need new strategies and new technologies. Discover how Zero Trust means both, in our SASE buyer's guide. Read the SASE Guide 3 Steps Security Leaders Can Take Toward Closing the Skills Gap By scoping job descriptions realistically and incorporating automation and intelligence sharing to enable analyst success and growth, there's a lot that security leaders can do to help close the skills gap in their organizations. Read the Full Column by Marc Solomon Are You Prepared for 2022's More Destructive Ransomware? Organization must remain hyper-vigilant and upgrade their defenses as thoroughly and quickly as possible. Read the Full Column by Derek Manky COVID's Silver Lining: The Acceleration of the Extended IoT Given the range and complexity of XIoT, it's understandable that CISOs want to have a comprehensive view across all aspects and elements of their networks, spanning industrial, healthcare, and enterprise environments. Read the Full Column by Galina Antova The SASE Conversation in 2022, a Resolution for the Future SASE is gaining momentum and can ensure that users receive the correct, risk-based level of access to systems at any moment in time. Read the Full Column by Laurence Pitt Protecting Cryptocurrencies and NFTs - What's Old is New The strategies used by attackers and fraudsters to profit from cryptocurrency are not new. Here are five steps end-users can take to protect themselves. Read the Full Column by Joshua Goldfarb Bridging the Gap Between Training and Behavior" While employees want to do the right thing when it comes to protecting their organization from cyber threats, we cannot expect them to be perfect. Read the Full Column by Gordon Lawson Think Big, Start Small, Move Fast: Applying Lessons From The Mayo Clinic to Cybersecurity How the Mayo Clinic's concept of "Think Big, Start Small, Move Fast" has also helped to advance the product development and cybersecurity domains as well. Read the Full Column by Keith Ibarguen The Third Building Block for the SOC of the Future: Balanced Automation When automation is consciously balanced between humans and machines, we can ensure security teams always have the best tool for the job. Read the Full Column by Marc Solomon In the Hacker's Crosshairs: K-12 Schools Schools should take measures to identify and secure sensitive data, keep devices up-to-date, and ensure that their endpoint security controls are working. Read the Full Column by Torsten George Combating the Surge in Retail Theft and E-Commerce Fraud With Open Source Intelligence Similar to investigations that disrupt cyberattacks on retailers, the same tactics, techniques, and procedures (TTPs) can be leveraged against those that sell counterfeit or stolen goods. Read the Full Column by Landon Winkelvoss Seven Ways to Ensure Successful Cross-Team Security Initiatives While there are many approaches to successfully accomplishing cross-team security initiatives, these seven points are helpful when working to push these efforts across the finish line. Read the Full Column by Joshua Goldfarb Living Off the "Edge" of the Land Living-off-the-land attacks are effective because they allow attackers to hide their activities in legitimate processes and makes it harder for defenders to detect them. These tools also make attack attribution much harder. Read the Full Column by Derek Manky Until now, remote work wasn't remotely secure. To protect the modern remote worker, you need new strategies and new technologies. Discover how Zero Trust means both, in our SASE buyer's guide. Read the SASE Guide See All Recent Articles at SecurityWeek.Com US, UK Warn of Iranian Cyberattacks on Government, Commercial Networks: The Iranian government-sponsored APT MuddyWater is targeting organizations across multiple sectors, including government, defense, telecoms, and oil and natural gas. Read More Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine: Attackers had access to targeted organizations' networks for months before deploying HermeticWiper. Read More Cyber Attack Risks Poised to Soar as Russia Attacks Ukraine: Russia's military assault against Ukraine is likely to be accompanied by a wave of cyberattacks that could wreak havoc on computer systems far beyond the countries' borders, security experts warn. Read More Email Security and Brand Protection Firm Red Sift Raises $54 Million: Red Sift has raised $54 million in a Series B funding round for its email security and brand protection platform. Read More BlueVoyant Raises $250 Million to Boost Technical Capabilities, Global Expansion: With over $500 million in funding and "unicorn" valuation, the company plans to use the investment to accelerate global expansion. Read More GE SCADA Product Vulnerabilities Show Importance of Secure Configurations: GE releases patches and mitigations for high-severity vulnerabilities in Proficy CIMPLICITY HMI/SCADA software. Read More Nigerian Admits in US Court to Hacking Payroll Company: A Nigerian national pleaded guilty in a U.S. court to his role in a scheme to hack into thousands of user accounts maintained by a payroll processing company. Read More Cloudflare Plans to Acquire Email Security Startup Area 1: Cloudflare has announced plans to purchase Area 1, a Kleiner-Perkins-backed startup doing business in the competitive email security space. Read More NSA Informs Cisco of Vulnerability Exposing Nexus Switches to DoS Attacks: Cisco releases patches as part of the February 2022 Semiannual FXOS and NX-OS security updates. Read More Deadbolt Ransomware Targeting Asustor NAS Devices: Both QNAP and Asustor NAS devices are being targeted in ransomware attacks. Read More New York Plans Cybersecurity Hub to Coordinate Responses: New York wants to improve its cybersecurity defenses and will open a joint operations center in the coming months to coordinate between government agencies, critical businesses and utilities. Read More Russia, Ukraine and the Danger of a Global Cyberwar: Just as Russia launched attacks against Ukraine in what was called a "special military operation", SecurityWeek spoke to Marcus Willett to get insight into the role of cyber in aggressive geopolitics. Read More Belden Sells Tripwire for $350M After Acquiring It for $710M: Belden has sold Tripwire to HelpSystems for $350 million after acquiring it in 2015 for $710 million. Read More anecdotes Raises $25 Million for Its Compliance OS Platform: The company plans to use the investment to develop new applications for its Compliance OS platform. Read More Destructive 'HermeticWiper' Malware Targets Computers in Ukraine: Hundreds of Windows computers in Ukraine have been infected with a new data-wiper malware named 'HermeticWiper,' just as Russia launches invasion of Ukraine. Read More New 'Cyclops Blink' Malware Linked to Russian State Hackers Targets Firewalls: Government agencies in the US and UK say Sandworm has replaced VPNFilter with the more advanced Cyclops Blink framework. Read More Salesforce Paid Out $12.2 Million in Bug Bounty Rewards to Date: The company handed out more than $2.8 million in bug bounty payouts to ethical hackers in 2021. Read More Cyberattacks Accompany Russian Military Assault on Ukraine: The websites of Ukraine's defense, foreign and interior ministries were unreachable or painfully slow to load Thursday morning after a punishing wave of distributed-denial-of-service attacks as Russia struck at its neighbor. Read More Chinese Researchers Detail Linux Backdoor of NSA-Linked Equation Group: Chinese researchers publish a 50-page report detailing Linux malware allegedly used against many targets by the NSA-linked Equation Group. Read More Cyber Intelligence Firm Cyble Bags $10 Million in Series A Funding: The company will use the investment to widen the product roadmap and expand to new markets. Read More Astrix Security Nabs $15M to Tackle Attack Surface Sprawl: Israeli startup Astrix Security has banked $15 million to build technology to help organizations secure third-party app integrations. Read More Shadowserver Starts Conducting Daily Scans to Help Secure ICS: The Shadowserver Foundation has started conducting daily scans in an effort to identify exposed ICS and help organizations reduce exposure. Read More SecurityWeek to Host 2022 Attack Surface Management Summit Today: SecurityWeek will host its 2022 Attack Surface Management Summit, Presented by Randori, as a fully immersive virtual event today. Read More CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool: Attackers can easily automate exploits for the two bugs, which are tracked as CVE-2022-23131 and CVE-2022-23134. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com