Facebook parent agrees to pay $90M to settle decade-old data privacy lawsuit

Read More

Ransomware attack on NYC fertility clinic leads to breach of patients’ personal data

Read More

The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) have joined forces to publish a joint warning that Russian hackers have targeted defence contractors to steal sensitive data.

Read more in my article on the Tripwire State of Security blog.

Read More

Phishing and ransomware attacks most significant security incidents for US healthcare organizations

Read More

A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app.

The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with titled ‘Mustafa Aksu’ created at ‘2021-11-08 11:02:41’?”

Customer service or Chinese surveillance? Turns out it’s hard to tell.

Read More

Tenable’s recent acquisitions all had the same overarching goal: helping our customers gain better security insights across their cyberattack surface.

At our investor day in December 2021, Tenable CEO Amit Yoran and I outlined the vision of where we see Tenable and the vulnerability management market heading over the next few years. We focused on three main areas:

the need to extend vulnerability management (VM) everywhere;
the need to shift security left; and
the need to transform into a cyber data analytics platform.

To extend VM everywhere, we’ve aligned IT and critical infrastructure security through the acquisition of Indegy in 2019, predicting the capabilities and controls would converge. We took a giant leap forward when we acquired Alsid to help our customers understand the Active Directory flaws attackers will leverage to elevate privileges and laterally move once they’ve gained a foothold. Indeed, in a zero trust world, identity and access may still remain our most critical “vulnerability”

Late last year, we acquired Accurics to enable our customers to “shift left” to better understand security issues in Infrastructure as Code before they are deployed and to improve visibility of the running cloud. The importance of this visibility was demonstrated when Log4Shell was disclosed in December, causing cybersecurity teams everywhere to try and quickly understand how vulnerable they were to this black swan issue. In a world where cloud native applications change at the speed of code, security must move closer to the developers.

The three acquisitions we’ve made in the last three years, and the product enhancements we subsequently released, all had the same overarching goal of helping our customers gain better security insights across their cyberattack surface. The next step is to understand how vulnerabilities can create attack pathways leading to breach to help security teams effectively prioritize those issues that matter most and guide them on preemptively addressing those flaws before they are leveraged. We see attack path analysis to be for preventive cybersecurity what event correlation and analytics have become for the SIEM and XDR.

Enabling our customers to preemptively disrupt attack paths with the cyber data and analytics we provide leads us to the acquisition of Cymptom, which closed today. Founded in 2019, Cymptom has been focused on visually mapping out attack paths and prioritizing choke points that can be mitigated or remediated to reduce risk according to the MITRE ATT&CK framework.

Connecting the attack steps across everything with an IP address or running code in a unified platform is the only way security teams will be able to preemptively and effectively defend against the modern style of breaches we see today. Attackers don’t differentiate between web application mishaps, forgotten software patches, Active Directory accidents or misconfigured clouds, so why should defenders?

As we integrate Cymptom’s technology, research and expertise, Tenable’s solutions will become “attack path informed” to give our customers the insights they need to proactively reduce the probability of a breach with the least amount of effort. Our customers will be able to interact with our threat, vulnerability and exposure data in ways they’ve never been able to before. For the first time able to see the assets they protect from the viewpoint of a potential attacker, and the probable steps they’d take once an initial entrypoint has been found.

We’re incredibly thrilled to have Cymptom join Tenable and I can’t wait to work with our teams to integrate their innovative approaches to help our customers to see the steps attackers could take and prioritize preemptive action to turn attacks into attempts.

Learn more:

Attend the webinar: Tenable and Cymptom: Predict and Disrupt Attack Paths
Visit the landing page: Tenable Acquires Attack Path Visualization Company Cymptom

Read More

It’s fun to jump on our favorite social media sites such as Facebook, Instagram, or LinkedIn and know we can quickly check in with friends and family, discover interesting content, and instantly connect with colleagues worldwide. The last thing on most of our minds when tapping our way into these familiar online communities is being the target of cybercrime. 

But it’s happening more and more.  

Last month, The Federal Trade Commission (FTC) described popular social media sites as “goldmines” for malicious attacks. The FTC revealed that more than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post, or a message. More than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021. According to the FTC, those losses account for about 25 percent of all reported losses to fraud in 2021 and represent a stunning eighteenfold increase over 2017 reported losses. 

Dark Web Goes Mainstream

The social environment is a magnet for bad actors because people of every age and country flock there each day. The constant flow of conversation and content—and more importantly, the climate of trust—makes social networks juicy targets for cybercrime.  

The biggest motivation? The emerging digital security threat of cryptojacking (aka illegal cryptomining). Cryptojacking is illegally accessing another person’s computer power to mine cryptocurrency. Cybercriminals do this by getting a victim to click on a malicious link delivered via direct message, a news story, or an ad. Once clicked, that link loads crypto mining code on the victim’s computer or leads them to an infected website or online ad with JavaScript code that auto-executes once it’s loaded in the victim’s browser. Often the malware goes undetected, and the only way a victim might know their system has been compromised is that it may start performing more slowly.    

The Fallout 

While bad actors use social media platforms to distribute cryptomining malware, they also spread other malware types such as advertisements, faulty plug-ins, and apps that draw users in by offering “too good to be true” deals. Once clicked on, the malware allows cybercriminals to access data, create keyloggers, release ransomware, and monitor social media accounts for future scamming opportunities.  

Protecting Your Family  

Educate your family.

Be sure your kids understand the risks and responsibilities associated with device ownership. Consider putting time aside each week to discuss crucial digital literacy topics and ongoing threats such as cryptomining malware. Consider a “device check-in” that requires each person in your family to “check off” the following security guidelines.  

Use comprehensive security software. 

To help protect your family devices from viruses, malware, spyware, and other digital threats entering social media sites, consider adding extra security to your family devices with McAfee Total Protection. 

Avoid sharing personal information online.

Avoid posting home addresses, full birth dates, employer information, school information, as well as exact location details of where you are.  

Keep software and operating systems up to date.

Install software updates so that attackers cannot take advantage of the latest security loopholes.  

Use strong passwords.

Select passwords that will be difficult for bad actors to guess and use different passwords for different programs and devices.  

Pay attention to device performance.

For a virus to solve cryptographic calculations required to mine cryptocurrency requires an enormous amount of computer processing power (CPUs). Cryptojacking secretly consumes a victim’s processing power, battery life, and computer or device memory. Look out for a decline in device processing speed. 

Avoid connecting with people you don’t know.

Be careful when accepting friend requests, direct messages, or clicking on links sent by someone you don’t know personally. This is one of the most popular ways cybercriminals gain access.  

Verify known friend requests and messages.

Be discerning even when a known friend sends you a second friend request claiming they’ve been hacked. Search known names on the platform for multiple accounts. Cybercriminals have been known to gather personal details of individuals, pose as that person, then connect with friend lists using familiar information to build trust with more potential victims.  

Report spam and suspicious accounts.

Be sure to report any fraudulent activity you encounter on social platforms to help stop the threat from spreading to other accounts, including friends and family who may be connected back to you. 

New scams and more sophisticated ways to steal data—and computer processing power for illegal cryptomining—surface daily. Staying in front of those threats and folding them into your family dynamic is one of the most powerful ways to give your kids the skills and security habits they will need to thrive in today’s digital world.   

The post Social Media: How to Steer Your Family Clear of Cryptomining Malware appeared first on McAfee Blog.

Read More

Photo by ThisIsEngineering from Pexels

Considered one of the largest exploitable vulnerabilities in history, Log4Shell affects many as Log4J is one of the most extensively used logging libraries. An issue that has existed for almost a decade but just recently was discovered, Log4Shell leaves companies vulnerable to the full extent of these attacks. AT&T Alien Labs blogged about the vulnerability back in December 2021, with more technical detail. The AT&T Managed Vulnerability Program (MVP) team helps customers strengthen their cybersecurity posture and resiliency, leaving them better equipped for events like Log4Shell.

Surprising to many, third-party libraries are not solely IT problems but can also impact operational technology (OT) and is needed for many OT functions. Because of that the manufacturing and critical infrastructure community has needed to focus more on addressing threats as they emerge. The Log4J vulnerability and others like it are not going away on their own, so the MVP team is constantly testing, monitoring, and deploying to ensure correct steps are being taken to mitigate future attacks. AT&T MVP’s partner, Tenable, dives deeper in their blog,”5 Steps that the OT Community Should Take Right Now,” focusing on how OT groups avoid ramification, encouraging proactiveness like the solutions provided by AT&T MVP.

Read More