je.st
news
Tag: threats
DNS Flaws Expose Millions of IoT Devices to Hacker Threats
2021-04-14 13:00:00| TechNewsWorld
A set of flaws in a widely used network communication protocol that could affect millions of devices has been revealed by Forescout Research Labs and JSOF Research. The nine vulnerabilities discovered by security researchers dramatically increase the attack surface of at least 100 million Internet of Things devices, exposing them to potential attacks that could take the devices offline or to be hijacked by threat actors.
Tags: devices
millions
hacker
threats
Cybersecurity threats in 2021
2021-03-01 23:10:23| The Webmail Blog
Cybersecurity threats in 2021 nellmarie.colman Mon, 03/01/2021 - 16:10 Last year, the world witnessed a significant rise in several cybersecurity threats driven by the advent of the coronavirus. Savvy cybercriminals began exploiting vulnerabilities in new ways, because of the new work-from-home culture that the pandemic created. Unsecured home devices were being hacked. New phishing schemes were being launched leveraging keywords like virus diagnosis and stimulus package. Common tech tools were being exploited, like Windows PowerShell. Zoom credentials were being stolen. One year later, where do we stand when it comes to our biggest security threats? Many of the same threats are still going strong as we move into 2021 and new vulnerabilities are emerging. Cybercriminals are doubling down on their successful schemes from 2020 and creating new ones to leverage todays leading security vulnerabilities. Threat #1: Perimeter expansion to employees homes With the rise of a work-from-home culture in 2020, company perimeters now extend into employees homes. This makes it more challenging for security professionals to monitor their internal network through traditional perimeter monitoring and access controls, such as firewalling and network intrusion detection systems. What is more, 84% of IT leaders anticipate broader and more permanent work-from-home adoption beyond the pandemic, which means that this challenge will continue in 2021 and beyond. To combat these risks, IT teams will need to focus and improve on effective endpoint management solutions, such as mobile device management (MDM) tools and secure access service edge (SASE). These solutions enable better visibility and control over data, including on any third-party apps, like Zoom, Slack and Office 365. This will also extend to traditional endpoint security tooling by ensuring that security tools such as anti-malware are installed, patches are up-to-date, secure configurations are set, and endpoints are protected. Threat #2: Third-party hacks gain criminals attention With the successful hack of SolarWinds and, subsequently, its 300+ client base, and many other third-party-based breaches in the past, more companies are paying attention to their third-party risk management programs. This speaks to the increased sophistication, complexity and persistence of threat actors. To prevent a similar third-party breach from impacting their networks, corporate mergers and acquisitions (M&A) and licensing management functions need to become more closely aligned with their governance, risk and compliance teams. One critical step is conducting a thorough security audit of all third-party vendors. This intra-organizational collaboration will also better prepare organizations for the future of increased compliance regulations that will force a baseline for more comprehensive and robust third-party risk management programs. Threat #3: Ransomware attacks on the rise Ransomware was a growing area of attack in 2020, with a 300% increase by April, according to the FBI, and a seven-fold rise in attacks by mid-year. Ransomware attacks are on track to continue being a leading threat in 2021. One of the drivers is that more companies are purchasing ransomware insurance. This fact has not escaped cybercriminals attention. Because companies have insurance, they will pay off the ransoms to have their data decrypted quickly rather than try to fight it. As a result, the criminals receive a quick win. Preventing ransomware attacks is accomplished with a back-to-basics approach that includes stronger security hygiene. This includes tactics like timely patching, enforced least-privilege access policies and regular backups with safe storage. Threat #4: New email phishing scams 2020 continued the trend of increasing the volume and complexity of email phishing attacks. Cybercriminals use phishing to distribute malware, steal credentials and scam users out of money. Studies found that users were three times more likely to click on a phishing link and give away their credentials at the start of the pandemic. A survey conducted mid-2020 reported that 38% of respondents said a coworker fell victim to a phishing attack within the last year. While 2020 did not introduce a fundamental change to phishing, cyber threat actors did adjust tactics to leverage different keywords throughout the year, as people gained interest in new topics. Keywords such as pandemic and COVID became popular in the earlier parts of the year, and as vaccines and stimulus checks became relief options, attackers added these emotionally-charged keywords to their phishing vocabulary. There is no single solution to prevent malicious email from coming through, but combinations of well-tuned tools and well-educated staff will reduce your chances of falling victim to phishing emails: Implement the technical security controls built into your email platforms. Add an external banner to emails coming from outside your organization. Apply email analytics tools that can detect emails coming from untrusted sources, or from newly created burner email accounts and domains. Establish a robust security awareness program for employees, so they can serve as a last line of defense against phishing attacks. Consider implementing mock phishing tests against your own organization, so employees know what to do when they receive something that looks phish-y. What is your cybersecurity risk score? Understanding the maturity of your organizations cybersecurity program is critical so you can make informed decisions to defend against threat actors and their tactics, techniques, and procedures (TTPs). This Cybersecurity Risk Self-Assessment is a suitable place to start. By answering these simple questions about your cybersecurity technology, processes and people, you will receive a cybersecurity risk score against our benchmark and discover common security gaps in your environment that you may not be aware of. Cybersecurity threats in 2021Cybercriminals evolved their tactics in 2020 to take advantage of new vulnerabilities. But these attacks do not stop with the New Year. Explore ways to protect yourself in 2021. Discover your cybersecurity risk score
Tags: threats
cybersecurity
November 6 Statement on Threats and Vandalism directed at City Commissioners
2020-11-07 02:09:01| PortlandOnline
Tags: city
november
statement
directed
FCC lists Huawei and ZTE as security threats, cuts access to govt funding
2020-07-01 02:00:00| Total Telecom industry news
The Federal Communications Commission (FCC) has announced the latest in a long string of sanctions against Chinese companies Huawei and ZTE, this time officially labelling them security threats. With today’s Orders, and based on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to America&rsquo…read more on TotalTele.com »
Tags: access
security
lists
funding
FCC lists Huawei and ZTE as security threats, cuts access to govt subsidies
2020-07-01 02:00:00| Total Telecom industry news
The Federal Communications Commission (FCC) has announced the latest in a long string of sanctions against Chinese companies Huawei and ZTE, this time officially labelling them security threats. With today’s Orders, and based on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to America&rsquo…read more on TotalTele.com »
Tags: access
security
lists
cuts