Acronis EDR is integrated into its Cyber Protect Cloud solution along with backup and data recovery functionalities

Read More

Entro, the Israeli cybersecurity company focused on protection for secrets and programmatic access to cloud services and data, has exited stealth with its first-ever product offering context-based secrets management.

The new offering is the first and only holistic secrets security platform that detects, safeguards, and provides context for secrets stored across vaults, source code, collaboration tools, cloud environments, and SaaS platforms, Entro claimed.

“Entro implements proactive measures to secure secrets, such as real-time discovery, end-to-end visibility, monitoring, anomaly detection, and access enforcement,” said Itzik Alvas, co-founder and CEO of Entro. “With the Entro platform, security teams and CISOs can now know how many secrets they have, where are they, what they can do, who is using them, and how to keep them compliant and secure without affecting the work of R&D teams.”

To read this article in full, please click here

Read More

Microsoft is currently patching a zero-day Secure-Boot bug.

The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has been enabled by default for over a decade on most Windows PCs sold by companies like Dell, Lenovo, HP, Acer, and others. PCs running Windows 11 must have it enabled to meet the software’s system requirements.

Microsoft says that the vulnerability can be exploited by an attacker with either physical access to a system or administrator rights on a system. It can affect physical PCs and virtual machines with Secure Boot enabled.

That’s important. This is a nasty vulnerability, but it takes some work to exploit it.

The problem with the patch is that it breaks backwards compatibility: “…once the fixes have been enabled, your PC will no longer be able to boot from older bootable media that doesn’t include the fixes.”

And:

Not wanting to suddenly render any users’ systems unbootable, Microsoft will be rolling the update out in phases over the next few months. The initial version of the patch requires substantial user intervention to enable—you first need to install May’s security updates, then use a five-step process to manually apply and verify a pair of “revocation files” that update your system’s hidden EFI boot partition and your registry. These will make it so that older, vulnerable versions of the bootloader will no longer be trusted by PCs.

A second update will follow in July that won’t enable the patch by default but will make it easier to enable. A third update in “first quarter 2024” will enable the fix by default and render older boot media unbootable on all patched Windows PCs. Microsoft says it is “looking for opportunities to accelerate this schedule,” though it’s unclear what that would entail.

So it’ll be almost a year before this is completely fixed.

Read More

Financially motivated threat actor UNC3944 is using phishing and SIM swapping attacks to take over Microsoft Azure admin accounts and gain access to virtual machines (VM), according to cybersecurity firm Mandiant.

Using access to virtual machines the attackers employed malicious use of the Serial Console on Azure Virtual Machines to install third-party remote management software within client environments, Mandiant said in a blog.

UNC3944 has been active since May 2022. The threat actor has been observed carrying out SIM-swapping attacks followed by the establishment of persistence using compromised accounts.

To read this article in full, please click here

Read More

Over three-quarters (77%) of organizations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyberthreats in the last three years, according to new research from cybersecurity services firm Bridewell. The Cyber Security in CNI: 2023 report surveyed 525 cybersecurity decision makers in the US in the transport and aviation, utilities, finance, government, and communications sectors. It revealed that increased insider threat could be linked to heightened economic pressures and remote working. Threats from within range from criminal intent to individual negligence, with those surveyed stating that an act of intentional destruction by an employee was committed at an average of at least every other week within the last year.

To read this article in full, please click here

Read More

Organizations need a better way to build and assess programs

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Cyberattacks have become increasingly common, with organizations of all types and sizes being targeted. The consequences of a successful cyberattack can be devastating. As a result, cybersecurity has become a top priority for businesses of all sizes.

However, cybersecurity is not just about implementing security measures. Organizations must also ensure they comply with relevant regulations and industry standards. Failure to comply with these regulations can result in fines, legal action, and damage to reputation.

Cybersecurity compliance refers to the process of ensuring that an organization’s cybersecurity measures meet relevant regulations and industry standards. This can include measures such as firewalls, antivirus, access management and data backup policies, etc. 

Cybersecurity regulations and standards

Compliance requirements vary depending on the industry, the type of data being protected, and the jurisdiction in which the organization operates. There are numerous cybersecurity regulations and standards; some of the most common include the following:

General Data Protection Regulation (GDPR)

The GDPR is a regulation implemented by the European Union that aims to protect the privacy and personal data of EU citizens. It applies to all organizations that process the personal data of EU citizens, regardless of where the organization is based.

Payment Card Industry Data Security Standard (PCI DSS)

This standard is administered by the Payment Card Industry Security Standards Council (PCI SSC). It applies to any organization that accepts credit card payments. The standard sets guidelines for secure data storage and transmission, with the goal of minimizing credit card fraud and better controlling cardholders’ data.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a U.S. law that regulates the handling of protected health information (PHI). It applies to healthcare providers, insurance companies, and other organizations that handle PHI.

ISO/IEC 27001

ISO/IEC 27001 is an international standard that provides a framework for information security management systems (ISMS). It outlines best practices for managing and protecting sensitive information.

NIST Cybersecurity Framework

The NIST Cybersecurity Framework is a set of guidelines developed by the U.S. National Institute of Standards and Technology. It provides a framework for managing cybersecurity risk and is widely used by organizations in the U.S.

Importance of cybersecurity compliance

Compliance with relevant cybersecurity regulations and standards is essential for several reasons. First, it helps organizations follow best practices to safeguard sensitive data. Organizations put controls, tools, and processes in place to ensure safe operations and mitigate various risks. This helps to decrease the likelihood of a successful cyber-attack.

Next, failure to comply with regulations can result in fines and legal action. For example, under GDPR compliance, organizations can be fined up to 4% of their global turnover.

Finally, organizations that prioritize cybersecurity compliance and implement robust security measures are often seen as more reliable and trustworthy, giving them a competitive edge in the market. It demonstrates that an organization takes cybersecurity seriously and is committed to protecting sensitive data.

How to achieve cybersecurity compliance

Achieving cybersecurity compliance involves a series of steps to ensure that your organization adheres to the relevant security regulations, standards, and best practices:

1) Identify the applicable regulations and standards

The first step is identifying which regulations and standards apply to your organization. This will depend on factors such as the industry, the type of data being protected, and the jurisdiction in which the organization operates.

2) Conduct a risk assessment

Once you have identified the applicable regulations and standards, the next step is to conduct a risk assessment. This involves identifying potential risks and vulnerabilities within your organization’s systems, networks, and processes and assessing their likelihood and impact. This will help you determine the appropriate security measures to implement and prioritize your efforts.

3) Develop and implement security policies, procedures, and controls

Based on the risk assessment results, develop and implement security policies and procedures that meet the requirements of the relevant regulations and standards. This should also include implementing technical, administrative, and physical security controls, such as firewalls, encryption, regular security awareness training, etc.

4) Maintain documentation

Document all aspects of your cybersecurity program, including policies, procedures, risk assessments, and incident response plans. Proper documentation is essential for demonstrating compliance to auditors and regulators.

5) Foster a culture of security

Employees are often the weakest link in an organization’s cybersecurity defenses. Encourage a security-conscious culture within your organization by promoting awareness, providing regular training, and involving employees in cybersecurity efforts.

6) Monitor and update security measures

Cybersecurity threats are constantly evolving. Continuously monitor your organization’s cybersecurity posture and perform regular audits to ensure stable compliance. This may include conducting regular security audits, pen tests, patching software vulnerabilities, updating software, etc.

Cybersecurity compliance expert tips

Proper compliance can be challenging as implementing and maintaining effective cybersecurity measures requires specialized expertise and resources. Regulations and standards are often lengthy and can be difficult to interpret, especially for organizations without dedicated teams. Many organizations may not have the resources to hire dedicated infoseclegal staff or invest in advanced security technologies. In addition, the cybersecurity world is constantly evolving, and unfortunately, new threats emerge all the time. To overcome the challenges, you can try several helpful approaches:

Implement a risk-based approach: A risk-based approach involves identifying your organization’s most critical vulnerabilities and threats. Focus your limited resources on addressing the highest-priority risks first, ensuring the most significant impact on your security posture.

Utilize third-party services: Small and medium-sized businesses frequently face budget constraints and lack expertise. Utilizing third-party services, such as managed security service providers (MSSPs), can be an effective solution.

Leverage open-source resources: There are plenty of free and open-source cybersecurity tools, such as security frameworks, vulnerability scanners, encryption software, etc. These can help you enhance your security posture without a significant financial investment.

Utilize cloud-based services: Consider using cloud-based security solutions that offer subscription-based pricing models, which can be more affordable than traditional on-premises security solutions.

Seek external support: Reach out to local universities, government organizations, or non-profit groups that provide cybersecurity assistance. They may offer low-cost or free guidance, resources, or tools to help you meet compliance requirements.

Collaborate with peers: Connect with other businesses or industry peers to share experiences, insights, and best practices related to compliance.  

Final thoughts: Moving towards a security-centric culture

Compliance with cybersecurity regulations and standards is vital but does not guarantee complete protection. Building a culture of security that transcends compliance is essential for safeguarding your organization’s assets and reputation. A security culture focuses on continuous improvement and adaptation to stay ahead of threats, taking a proactive approach to risk management, engaging employees at all levels, and fostering adaptability and resilience.

To build a security-centric culture in your organization, ensure senior leadership supports and champions the importance of security. Provide regular employee training and awareness programs to educate staff about cybersecurity best practices, their roles and responsibilities. Reward employees who demonstrate a strong commitment to security or contribute to enhancing the organization’s security posture. Encourage cross-functional collaboration and open communication about security issues, fostering a sense of shared responsibility and accountability.

Read More

Indictments claim Russian was involved in Babuk, Hive and LockBit

Read More

As digital transactions with customers, employees, suppliers, and other stakeholders grow, digital trustworthiness is set to become one of the most important enterprise-wide initiatives with the biggest potential impact (both negative and positive), even though it often has the smallest budget allocation.

“Organizations are focusing on security and privacy, but if your customers don’t trust you, they will go elsewhere,” says Mark Thomas president of Escoute Consulting, which specializes in compliance. This view is borne out in a 2022 DigiCert digital trust survey that found 84% of customers would consider switching if they lost trust in a company.

To read this article in full, please click here

Read More