FTC Sues Data Broker

Read Time:33 Second

This is good news:

The Federal Trade Commission (FTC) has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency.

“Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entities to track the consumers’ movements to and from sensitive locations, including, among others, locations associated with medical care, reproductive health, religious worship, mental health temporary shelters, such as shelters for the homeless, domestic violence survivors, or other at risk populations, and addiction recovery,” the lawsuit reads.

Read More

Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger

Read Time:30 Second

Researchers have discovered a new multi-stage malware delivery campaign that relies on legitimate application installers distributed through popular software download sites. The malicious payload delivery, which includes a cryptocurrency mining program, is done in stages with long delays that can add up to almost a month.

“After the initial software installation, the attackers delayed the infection process for weeks and deleted traces from the original installation,” researchers from security firm Check Point Software Technologies said in a new report. “This allowed the campaign to successfully operate under the radar for years.”

To read this article in full, please click here

Read More

XDR: Why open is better than closed

Read Time:1 Minute, 22 Second

In a new 12-minute video Rakesh Shah AVP Product Management and Development of AT&T Cybersecurity, explains Extended Detection and Response (XDR). This video was part of the virtual Black Hat USA event in August. It’s not product-specific and explains what can be a very confusing concept in a delightfully simple way.

XDR and why we need it

XDR brings together multiple different data sources – the network, endpoints, cloud and third-party data. Driving the need for XDR above and beyond previous approaches is that companies are drowning in defense-in-depth. Companies have multiple disparate security point products creating an overwhelming number of alerts. This leads to difficulty in conducting investigations.

XDR business value

XDR protects your investments in best-of-breed security products while increasing efficiency and orchestration to make it all work together better. Efficiency in security operations lets you detect, respond, and recover faster.

So, what is XDR? It’s about detection, incident response, and automation. It’s a new approach that lets you bring together best-of-breed products and focus on the outcomes you want. Add in managed services, and you get to Managed Extended Detection and Response (MXDR) – the good life!

 

Open XDR

With an open approach, enabled by APIs, there’s no “rip and replace” of existing point products. Instead, best-of-breed products can be integrated, with deep API integration. This allows you to:

Normalize raw log data
Collect and enrich log data
Perform threat analysis
Coordinate response actions
Provide security orchestration and automation
Allows access to built-in dashboards for your security point products.

Check out Rakesh’s video:

Read More

Key takeaways from the Open Cybersecurity Schema Format

Read Time:58 Second

One of the most pervasive challenges in the current cybersecurity environment is an overabundance of tooling vendors, all of which produce telemetry or data, often in their own native or nuanced schema or format. As cybersecurity’s visibility has risen in organizations, so has the number of cybersecurity vendors and tools that teams need to integrate, implement and govern. Cybersecurity professionals must spend time getting tools to work together as a cohesive portfolio, which detracts from their efforts to identify and address cybersecurity vulnerabilities and threats.

The problem isn’t going unnoticed. Recently Amazon Web Services (AWS) along with other leaders such as Splunk, CrowdStrike, Palo Alto, Rapid7, and JupiterOne announced the release of the Open Cybersecurity Schema Framework (OCSF) project. The announcement acknowledges the problem of security professionals needing to wrestle with proprietary data formats and outputs rather than their actual roles of risks and threats. This is problematic given the industry is already facing significant workforce challenges, burnout and fatigue. By standardizing on security product schemas and formats, security practitioners can spend more time addressing threats that pose risks to organizations.

To read this article in full, please click here

Read More