Archive for November 2021

Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year. Phishing, malware, and denial-of-service attacks remained the most common causes for data breaches in 2021. Data from Dark Reading’s latest Strategic Security Survey shows that more companies experienced a data breach over…

An unpatched Windows security vulnerability could allow information disclosure and local privilege escalation (LPE), researchers have warned. The issue (CVE-2021-24084) has yet to get an official fix, making it a zero-day bug – but a micropatch has been rolled out as a stop-gap measure. Security researcher Abdelhamid Naceri originally reported the vulnerability as an information-disclosure issue in…

There is currently no specific time frame during which banks must report to federal regulators that a security incident had occurred. A new notification rules changes that to 36 hours. Under a new cybersecurity incident notification rule, banks in the United States will be required to notify federal regulators of any cybersecurity incidents within 36…

A recent Gartner survey found that 82% of companies plan on offering a remote work option at least some of the time. These businesses face the challenge of providing consistent, high-performance access, applying unified security policies across users and devices, and protecting sensitive data against an ever-increasing volume of cyber threats. To address these concerns, security architectures…

Security experts have warned of a surge in distributed denial of service (DDoS) attacks in the third quarter, with quantity, size and complexity all increasing in the period. The findings come from Lumen’s Q3 DDoS Report, which revealed that the firm mitigated 35% more attacks in the quarter than Q2 2021. The vendor claimed that the largest…

Ransomware gangs can now afford to pay as much as $10m for zero-day exploits, but for those without the money, developers have discussed renting out malicious code, according to Digital Shadows. The threat intelligence firm’s new report ⁠–⁠ Vulnerability Intelligence, Do You Know Where Your Flaws Are? ⁠–⁠ is based on a detailed analysis of the cybercrime underground. It confirmed that ransomware…

Before you toss out your legacy security solution, here are a few steps you can take to strengthen your digital defenses in-house. “How can we prevent ransomware attacks?” We’ve been hearing this question with new urgency after a string of high-profile ransomware events like the shutdown of Colonial Pipeline made headlines far beyond the security world. It’s…

What makes security practitioners tick? That’s a simple question with a lot of drivers underneath it. The Ask We’re launching a long term study of security practitioners to understand how they approach security, please sign up for our Long Term Security Attitudes and Practices Study here: https://www.surveymonkey.com/r/CZTZY7M. Background A few years ago I was in a customer…

The popular Trojan has re-emerged on the scene several months after the botnet infrastructure behind it was disrupted by law enforcement. The once-pervasive malware tool Emotet has risen from the ashes months after international law enforcement agencies coordinated a takedown of its botnet infrastructure.  Multiple security vendor research teams have spotted the Trojan in the wild,…