Security

1. Dragos Expands Defense Program for Small Utilities - News, news analysis, and commentary on the latest trends in cybersecurity technology.The Dragos Community Defense Program provides small water, gas, and electric utilities with access to the Dragos Platform, training resources, and threat intelligence.December 7, 2023Dragos has expanded its Dragos Community Defense Program to help small water, gas, and electric utilities in the U.S. protect their networks from advanced threats. Threat actors are increasingly targeting critical infrastructure networks, and small utilities are outgunned when it… Continue Reading
2. New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks - New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers.The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8) and were responsibly disclosed in October 2022.The attacks "enable device impersonation and machine-in-the-middle across sessions by only compromising one session key," EURECOM researcher Daniele Antonioli said in… Continue Reading
3. Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques - Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging."While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs researcher Daniel Stepanic said in a report published this week.First spotted in late 2019, GuLoader (aka CloudEyE) is an advanced shellcode-based malware downloader that's… Continue Reading
4. LABScon Replay | The Cyber Arm of China’s Soft Power: Reshaping a Continent - In his keynote at LABScon23, SentinelLabs’ Principal Threat Researcher Tom Hegel addressed a crucial but often overlooked aspect of global cybersecurity: cyber threat activity in less-monitored regions, particularly Africa. Focusing on China’s strategic use of soft power across the African continent, Hegel provides a compelling analysis of how technology and investments are wielded as tools of influence and control.Highlighting its significant investments in key sectors, Hegel explores how China has established strategic influence in African… Continue Reading
5. Scaling Security Operations with Automation - In an increasingly complex and fast-paced digital landscape, organizations strive to protect themselves from various security threats. However, limited resources often hinder security teams when combatting these threats, making it difficult to keep up with the growing number of security incidents and alerts. Implementing automation throughout security operations helps security teams alleviate these challenges by streamlining repetitive tasks, reducing the risk of human error, and allowing them to focus on higher-value initiatives. While automation offers… Continue Reading
6. Mine Secures $30M in Series B Funding - December 5, 2023PRESS RELEASEBOSTON and TEL AVIV, Israel, Dec. 5, 2023 /PRNewswire/ -- Mine, a pioneering company disrupting the data privacy market, announced today that it has raised $30 million in Series B funding, co-led by Battery Ventures and PayPal Ventures, with significant investments from Nationwide Ventures and with the participation of all existing investors including Saban Ventures, Gradient Ventures (Google's AI), MassMutual Ventures and Headline Ventures. This substantial investment will propel Mine's mission to redefine data privacy and governance management for… Continue Reading
7. Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger - Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet.""This isn't a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts," Loredana Crisan, vice president of Messenger at Meta, said in a post shared on X (formerly Twitter).CEO Mark Zuckerberg, who announced a… Continue Reading
8. Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks - Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023.The vulnerabilities are as follows -Google's Threat Analysis Group and Google Project Zero revealed back in October 2023 that the three flaws, along with CVE-2022-22071 (CVSS score: 8.4), have been exploited in the wild as part of limited, targeted attacks.A security researcher named luckyrb, the Google Android Security team, and TAG researcher Benoît… Continue Reading
9. This Mini Router Gives You Lifetime Wi-Fi and VPN Coverage for $599.99 - This Mini Router Gives You Lifetime Wi-Fi and VPN Coverage for $599.99Your email has been sent Connect and protect your whole team with this mini router that offers 10,000 sq ft coverage and a built-in VPN for the low price of $599.99. When people visit your office or event, they expect to find Wi-Fi. It’s a digital courtesy that all credible businesses provide today. Delivering this kind of service can pose some surprising technical challenges.… Continue Reading
10. Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines - Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December DeadlinesYour email has been sent Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules. The U.S. Securities and Exchange Commission’s new rules around disclosure of cybersecurity incidents go into effect on Dec. 15 for public companies with fiscal years starting on or… Continue Reading

What are cybersecurity threats?

A cybersecurity threat is any malicious attack by an individual or organization to gain access to another individual’s or organization’s network to corrupt data or steal confidential information. Sometimes, the attacks destroy computer systems.
No company is immune from cyber attacks and the resulting data breaches. As cyber threats become increasingly sophisticated, businesses must ensure they implement the security necessary to safeguard their data and their networks.
However, before they can do that, organizations need to understand the types of threats they’ll be facing almost daily, including:

• Trojan: A type of malicious software (malware) or code that acts as a legitimate application or file to trick a user into loading and executing the malware on his device. A Trojan’s goal is to damage or steal an organization’s data or otherwise inflict some harmful action on its network.
• Virus: A malicious program aimed at infecting a company’s systems, destroying data and bringing its network to a standstill. A virus attaches itself to a program, file, or document and lies dormant until some event triggers the device to execute its code.
• Phishing attacks: A type of social engineering that attempts to trick users into bypassing normal cybersecurity practices and giving up sensitive data, such as user names and passwords, bank account information, Social Security numbers, and credit card data. Typically, hackers send out phishing scam emails that appear to come from trusted senders, such as PayPal, eBay, financial institutions, as well as friends and co-workers. The cybercriminals try to get users to click on links in the emails that will redirect them to fraudulent websites that ask for personal information or install malware on their devices. Opening attachments sent with phishing emails can also install malware on users’ devices, or allow the hackers to control their devices remotely.
• Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again. … It has the ability to lock a computer screen or encrypt important, predetermined files with a password.
• Distributed denial of service (DDoS): A DDoS attack aims to take down a company’s website by overwhelming its servers with requests. In this attack, requests come from hundreds or thousands of IP addresses that have probably also been compromised and tricked into continuously requesting a company’s website. A DDoS attack overloads an organization’s servers, slows them down significantly or temporarily takes them offline. This prevents customers from accessing the website and completing orders.