2021 and Security Intelligence - Cyber Security Informer

Top Threat Intelligence Platforms for 2021

eSecurity Planet

SEPTEMBER 13, 2021

Symantec DeepSight Intelligence consists of visibility provided by the Symantec Global Intelligence Network, the largest civilian threat collection network and tracks over 700,000 global adversaries. Proofpoint Emerging Threat (ET) Intelligence provides threat intelligence feeds to identify suspicious or malicious activity.

Threat Detection

Threat Detection Risk Firewall Cybersecurity

Ransomware, BEC and Phishing Still Top Concerns, per 2021 Threat Report

Webroot

APRIL 21, 2021

According to the 2021 Webroot BrightCloud® Threat Report, each of these threat types saw significant fluctuations as people all over the world shifted to working, studying, and doing everything else online. Get the full story on these details and more in the 2021 Webroot BrightCloud® Threat Report.

Threat Reports

Threat Reports Phishing Ransomware Backups

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively. nvidialab[.]us,

Ransomware

Ransomware Hacking Internet Internet

Is your Supply Chain Safe?

Security Boulevard

AUGUST 16, 2022

Security Intelligence reported that 62% of organizations surveyed experienced a supply chain attack in 2021. On July 25 this year, the FBI warned that supply chains are “increasingly a point of vulnerability for computer intrusions.” The warning comes at a time when supply chain attacks are on the rise.

Security Intelligence

Top Cybersecurity Products for 2021

eSecurity Planet

APRIL 23, 2021

We’ve narrowed this list down to four categories of products that are essential to modern cybersecurity: Endpoint detection and response (EDR) , next-generation firewalls (NGFW) , cloud access security brokers (CASB) and security information and event management (SIEM). Top cybersecurity products. Best EDR tools. CrowdStrike.

Cybersecurity

Cybersecurity Antivirus Artificial Intelligence Firewall

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Security Affairs

OCTOBER 28, 2021

Microsoft finds a flaw in macOS, dubbed Shrootless ( CVE-2021-30892 ), that can allow attackers to bypass System Integrity Protection (SIP). Microsoft found a vulnerability (CVE-2021-30892) that could allow an attacker to bypass System Integrity Protection (SIP) in macOS.

Security Intelligence

Security Intelligence Hacking Technology Software

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. 2/5 — ESET research (@ESETresearch) March 2, 2021.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

Microsoft Defender can now protect servers against ProxyLogon attacks

Security Affairs

MARCH 21, 2021

. “Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. ” reads the announcement published by Microsoft.

Antivirus

Antivirus Small Business Security Intelligence Hacking

Report Unveils Cybersecurity Leaks in U.S. Drinking Water Systems

SecureWorld News

NOVEMBER 18, 2024

According to a 2021 report by the Water Sector Coordinating Council (WSCC) , the majority of the 52,000 drinking water systems in the U.S. Neglecting security measures for ICS can indeed pose a significant threat. "OT/ICS The OIG's findings underscore the need for a more proactive approach to cybersecurity in the water sector.

Cybersecurity

Cybersecurity Risk Penetration Testing Technology

Best Zero Trust Security Solutions for 2021

eSecurity Planet

JULY 5, 2021

.” He sees services taking a substantial early lead over standalone solutions and says that while it’s too soon for a zero trust Magic Quadrant, the analyst firm will have more to share on customer experiences in 2021. Pulse Secure. The post Best Zero Trust Security Solutions for 2021 appeared first on eSecurityPlanet.

Authentication

Authentication DDOS Marketing VPN

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

The researchers at Microsoft Threat Intelligence Center (MSTIC) are warning of increasingly sophisticated operations carried out by Iranian threat actors. The Microsoft Threat Intelligence Center (MSTIC) shared the results of their analysis on the evolution of Iran-linked threat actors at the CyberWarCon 2021.

VPN

VPN Accountability Social Engineering Media

SolarWinds Serv-U bug exploited for Log4j attacks

Security Affairs

JANUARY 19, 2022

The vulnerability, tracked as CVE-2021-35247 , was discovered by Microsoft security researcher Jonathan Bar Or while monitoring attacks exploiting the vulnerabilities in the Log4j library. We reported our discovery to SolarWinds, and security updates have been released. ” reads the advisory published by Microsoft.

Authentication

Authentication Hacking Ransomware Security Intelligence

Organizations in aerospace and travel sectors under attack, Microsoft warns

Security Affairs

MAY 13, 2021

pic.twitter.com/aeMfUUoVvf — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021. pic.twitter.com/9r0OTmZQJb — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021. pic.twitter.com/9r0OTmZQJb — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Security Intelligence

Security Intelligence Phishing Malware Hacking

Remote Work is Here to Stay, and Other Cybersecurity Predictions for 2021

Webroot

DECEMBER 14, 2020

One thing the cybersecurity experts at Webroot agree on is that work from home is here to stay for 2021, or at least it won’t recede to pre-pandemic levels in even the medium-term. Grayson Milbourne, security intelligence director, Carbonite + Webroot. What is likely to change is how companies respond to their remote workforces.

Cybersecurity

Cybersecurity Engineering Phishing Social Engineering

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. pic.twitter.com/mGow2sJupN — Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021.

Ransomware

Ransomware Malware Encryption Security Intelligence

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. The number of attacks is very high, by comparison, prior to July 1, 2021, the company had notified customers about attacks from all nation-state actors 20,500 times over the past three years.

Telecommunications

Telecommunications Technology Hacking Malware

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. pic.twitter.com/cBeTfteyGl — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021.

Antivirus

Antivirus Security Intelligence Malware Insurance

Secure Workload Protection: Extending Micro Perimeters and Automation to Enterprise IaaS

Cisco Security

FEBRUARY 16, 2021

Enterprises have security operations centers (SOCs) that address of the needs of the oceans of on-premises and cloud compute resources. These SOCs aggressively leverage automation to tackle the Herculean task of cloud workload security; automation demands integration. Organizations may subscribe to numerous threat intelligence feeds.

Firewall

Firewall Security Intelligence Marketing Cybersecurity

Microsoft warns of a large-scale BEC campaign to make gift card scam

Security Affairs

MAY 8, 2021

link] pic.twitter.com/HTqYsUlCSn — Microsoft Security Intelligence (@MsftSecIntel) May 7, 2021. pic.twitter.com/oZaqAv3FYa — Microsoft Security Intelligence (@MsftSecIntel) May 7, 2021. The attackers took the extra step of manually populating the In-Reply-To headers and References headers.

Scams

Scams Manufacturing Security Intelligence Internet

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

Security Affairs

APRIL 1, 2021

Since the start of the campaign, show-of-force attacks have grown from 200+ Gbps in August to 500+ Gbps by mid-September, then ballooned to 800+ Gbps by February 2021.” reads the analysis published by Akamai. “But the size of the extortion attack wasn’t the only notable characteristic of the actors’ modus operandi.”

DDOS

DDOS Security Intelligence Hacking Cybersecurity

What a difference a year makes, or does it?

Webroot

OCTOBER 1, 2021

In 2021, the 24/7 news cycle was filled with stories of cyberattacks. There was the infrastructure ransomware attack on the Colonial Pipeline in May 2021, which caused the company to cease operations for days. Also the attack on JBS USA , which fell victim to ransomware and threatened U.S. food supplies.

Ransomware

Ransomware Backups Threat Reports Small Business

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. Top Next-Generation Firewall (NGFW) Vendors for 2021.

Encryption

Encryption Malware Ransomware Firewall

A week in security (August 9 – August 15)

Malwarebytes

AUGUST 16, 2021

Stay safe, everyone!

Social Engineering

Social Engineering Scams VPN Phishing

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Security Affairs

JANUARY 26, 2022

This month, the Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. VMware has addressed Log4Shell in Horizon with the release of 2111, 7.13.1,

Internet

Internet Internet Ransomware Hacking

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022.

Security Intelligence

Security Intelligence Malware Backups Architecture

2022: The threat landscape is paved with faster and more complex attacks with no signs of stopping

Webroot

JANUARY 7, 2022

2020 may have been the year of establishing remote connectivity and addressing the cybersecurity skills gap, but 2021 presented security experts, government officials and businesses with a series of unpresented challenges. Threats abound in 2021. Malware made leaps and bounds in 2021. Ransomware.

Cybercrime

Cybercrime Ransomware Phishing Cryptocurrency

Safe-T Has Partnered with Thales to Bring a New Remote Access Security Solution to the Table

Thales Cloud Protection & Licensing

APRIL 8, 2021

Safe-T Has Partnered with Thales to Bring a New Remote Access Security Solution to the Table. Thu, 04/08/2021 - 07:38. By creating this best-of-breed solution, Safe-T’s and Thales’ joint solution gives businesses the security they need to safely scale up the support and resources they provide to their remote workforce and suppliers.

Authentication

Authentication Security Intelligence Risk

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

“In 2021, MSRC received a report of two Windows privilege escalation exploits ( CVE-2021-31199 and CVE-2021-31201 ) being used in conjunction with an Adobe Reader exploit ( CVE-2021-28550 ), all of which were patched in June 2021. ” reads the report. £We or later to detect the related indicators.

Surveillance

Surveillance Malware Authentication Accountability

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

— Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021. Attackers increasingly use HTML smuggling in phishing and other email campaigns to stealthily deliver threats, but Microsoft Defender Office 365’s detonation technology provides durable protection against this evasive delivery technique.

Phishing

Phishing Banking Passwords Malware

New’ DearCry’ Ransomware Targets Unpatched Exchange Clients as Microsoft Takes Down ‘ProxyLogon’ PoC

Hot for Security

MARCH 12, 2021

Microsoft’s Security Intelligence account also tweeted , “We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers.”. “Microsoft observed a new family of human operated ransomware attack customers – detected as Ransom:Win32/DoejoCrypt.A.

Ransomware

Ransomware Education Security Intelligence Accountability

Frost & Sullivan’s 2021 Digital Intelligence Solutions Report Names Cognyte a Leader in the Global Digital Intelligence Market

CyberSecurity Insiders

DECEMBER 16, 2021

HERZLIYA, Israel–( BUSINESS WIRE )– Cognyte (NASDAQ: CGNT), a global leader in security analytics software that empowers governments and enterprises with Actionable Intelligence for a Safer World TM , announced that it has been named a leader in Frost & Sullivan’s Frost Radar Digital Intelligence Solutions 2021 Report.

Marketing

Marketing Big data Artificial Intelligence Government

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. 2021-2030) A Surge in Demand for InfoSec people will result in many more professionals being trained and placed within companies, likely using more of a trade/certification model than a 4-year university model.

InfoSec

InfoSec Insurance Artificial Intelligence Cybersecurity

Why access management needs to evolve beyond passwords

CyberSecurity Insiders

OCTOBER 13, 2021

According to Tech.co , a 2021 study found that users now need to track 100 passwords across their various web accounts. Each of those incidents cost an average of $692,531 for organizations to contain in 2021. In an article for Security Intelligence , I said, “ the password doesn ’ t matter.

Passwords

Passwords Accountability Data breaches Authentication

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Security Boulevard

MAY 25, 2021

I've decided to make my Cybercrime Forum Data Set for 2019 and 2021 exclusively available online for free in order for me to speed the dissemination process and to possibly empower security researchers and vendors with the necessary information to help them stay on the top of their game in terms of current and emerging cyber threats including U.S

Cybercrime

Cybercrime Cyber threats Hacking Software

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

Luckily for cybersecurity startups, there’s no shortage of interest in tomorrow’s next big security vendors. billion in 2021, and growing concerns over data security , software supply chains , and ransomware suggest the market will remain strong through economic ups and downs. AllegisCyber Investments.

Cybersecurity

Cybersecurity Technology Marketing Healthcare

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Our researchers are closely monitoring the campaign and will share additional info and investigation guidance through Microsoft 365 security center and Microsoft Threat Experts. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Malware

Malware Phishing DNS Cybercrime

Iceberg Networks joins together with Highmetric and Fishbone Analytics to make one of the largest ServiceNow full-service Companies

Security Boulevard

MAY 27, 2021

Iceberg Networks positioned to extend world-class Risk and Security Intelligence to the Globe Iceberg Networks, a ServiceNow Elite Partner, the 2021 Global Premier Partner of the Year, and the 2021 Americas Premier Partner of the Year announced today it will join forces with Highmetric and Fishbone Analytics to create a global full service consultancy, (..)

Security Intelligence

Security Intelligence Risk

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

The Last Watchdog

MAY 20, 2022

Managed security services providers (MSSP) can help their customers learn more about the capabilities and functioning of each tool, as well as set up the appropriate configuration, allowing their employees to focus on more strategic security objectives. Tipping the scale favorably.

Marketing

Marketing Digital transformation Technology Cybersecurity

At long last, Microsoft is disabling Excel 4.0 macros by default

Malwarebytes

OCTOBER 8, 2021

link] — Kevin Beaumont (@GossiTheDog) October 7, 2021. pic.twitter.com/kwxOA0pfXH — Microsoft Security Intelligence (@MsftSecIntel) May 18, 2020. Will take a while to reach enterprises and needs Office 365 client but eventually this will reach lots of people and really help defenders. Will you miss it?

Malware

Malware Security Intelligence

9 Considerations For Hong Kong Banks To Address The STDB Guidelines

Thales Cloud Protection & Licensing

OCTOBER 4, 2021

Tue, 10/05/2021 - 06:55. All retail banks and foreign bank branches with significant operations in Hong Kong are expected to submit a report containing the result of their assessment to the Hong Kong Monetary Authority (HKMA) by November 2021. 9 Considerations For Hong Kong Banks To Address The STDB Guidelines.

Banking

Banking Digital transformation Encryption Backups

This Is How Cybercriminals Are Targeting School Teachers

SecureWorld News

FEBRUARY 5, 2021

pic.twitter.com/CFk37M5fpp — Microsoft Security Intelligence (@MsftSecIntel). February 2, 2021. Read from the bottom up to see the flow of the conversation: For more examples, check out the tweet: We detected a recent spike in busines email compromise (BEC) attacks soliciting gift cards primarily targeting K-12 schoolteachers.

Scams

Scams Accountability Firewall Security Intelligence

Your network is talking. Are you listening?

Cisco Security

MAY 6, 2021

We asked our team to share a few of our core innovations so far in 2021. Unify intent and validate policy with Secure Network Analytics’ TrustSec reports. Simplified security with purpose-built networking for advanced threat detection. It is often said that necessity is the mother of invention. What’s New .

Threat Detection

Threat Detection Digital transformation IoT Security Intelligence

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

The Last Watchdog

JULY 30, 2018

And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021. About the essayist: Rick Costanzo is the CEO of Rank Software, which supplies advanced security intelligence and analytics platforms.). Related article: SIEMs strive for a comeback.

CISO

CISO Cyber Attacks Data collection Cybersecurity

Polazert Trojan using poisoned Google Search results to spread

Malwarebytes

JUNE 17, 2021

According to Microsoft Security Intelligence , attackers have started using PDF files full of keywords that have a high SEO ranking, so that their links show up prominently in search results. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. Distribution.

Security Intelligence

Security Intelligence Media Marketing Engineering

Top Threat Intelligence Platforms for 2021

Ransomware, BEC and Phishing Still Top Concerns, per 2021 Threat Report

Trending Sources

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Is your Supply Chain Safe?

Top Cybersecurity Products for 2021

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Microsoft Defender can now protect servers against ProxyLogon attacks

Report Unveils Cybersecurity Leaks in U.S. Drinking Water Systems

Best Zero Trust Security Solutions for 2021

Iran-linked APT groups continue to evolve

SolarWinds Serv-U bug exploited for Log4j attacks

Organizations in aerospace and travel sectors under attack, Microsoft warns

Remote Work is Here to Stay, and Other Cybersecurity Predictions for 2021

STRRAT RAT spreads masquerading as ransomware

Russia-linked Nobelium APT targets orgs in the global IT supply chain

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Secure Workload Protection: Extending Micro Perimeters and Automation to Enterprise IaaS

Microsoft warns of a large-scale BEC campaign to make gift card scam

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

What a difference a year makes, or does it?

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

A week in security (August 9 – August 15)

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

2022: The threat landscape is paved with faster and more complex attacks with no signs of stopping

Safe-T Has Partnered with Thales to Bring a New Remote Access Security Solution to the Table

European firm DSIRF behind the attacks with Subzero surveillance malware

HTML Smuggling technique used in phishing and malspam campaigns

New’ DearCry’ Ransomware Targets Unpatched Exchange Clients as Microsoft Takes Down ‘ProxyLogon’ PoC

Frost & Sullivan’s 2021 Digital Intelligence Solutions Report Names Cognyte a Leader in the Global Digital Intelligence Market

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Why access management needs to evolve beyond passwords

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Top VC Firms in Cybersecurity of 2022

Threat actor has been targeting the aviation industry since at least 2018

Iceberg Networks joins together with Highmetric and Fishbone Analytics to make one of the largest ServiceNow full-service Companies

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

At long last, Microsoft is disabling Excel 4.0 macros by default

9 Considerations For Hong Kong Banks To Address The STDB Guidelines

This Is How Cybercriminals Are Targeting School Teachers

Your network is talking. Are you listening?

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

Polazert Trojan using poisoned Google Search results to spread

Stay Connected