Security is more important than ever. Cybersecurity has been a problem from the start of IT and it will be till the end. It all started with endpoint and network security, but today, we are also facing with cloudsecurity and managing employees to incorporate good security practices.
All these new technologies that help us innovate also helps cybercriminals and state sponsored hackers to get new tools they can use to get access to our systems, and in a worst case scenario, access to our most valuable data and business secrets. Also, with new legislation in place like GDPR, you need to make sure everything is secure, otherwise you just don’t lose your reputation, but you can also be fined by the government. Protecting IT-environments is more important than ever.
Your first line of defense is usually endpoint protection. The devices your employees work with need to be protected against ransomware and other malware which can bring lots and lots of trouble. This nowadays the most basic form of protection and many of the bigger vendors and suites can help you achieve this.
Network security is a bit more advanced, where you can manage which traffic goes across your network. You can also connect different networks together with e.g. SD-WAN. So, you can run protection software and share data between multiple locations. The trend we see in network protection on the datacenter side is to lock down the traffic by only allowing known, benevolent traffic sources. Regarding office networking, we see new initiatives like ZScaler coming up, where you tunnel all your staff over the network of ZScaler so they can analyse the traffic and block patterns that they marked as malicious. Especially for companies with employees that travel a lot, this is a smart solution.
Many thought that bringing workloads to the cloud would reduce their responsibility of doing security. It is now clear that this is not the case. Most cloud vendors practice the “shared responsibility” approach. This means that big hyperscalers can offer a first line of defense against well known threats and port scanners. For the more sophisticated attacks that are directly pointed at your servers, you need to have your protection in place.
Researchers found malicious plugins on nearly 25,000 WordPress websites. Researchers at the Georgia Institute of Technology discovered 47,337 malicious plugins on 24,931 unique WordPress websites. Each website used two or more infected plugins. 94 percent were actively engaged in malicious acti... Read more
2 years ago
The attack forced the agency to shut down its IT systems for some time. Italy’s energy agency, Gestore dei Servizi Energetici (GSE), suffered a malware attack on Sunday night and Monday morning, according to a report in Bloomberg. GSE is responsible for the country's energy security. Accordin... Read more
2 years ago
Atlassian issued a security alert for its Bitbucket Server and Datacenter solution. A vulnerability allows hackers to execute arbitrary code on affected instances. Bitbucket is a Git-based code tool for hosting, management and collaboration. The tool integrates with Atlassian's Jira and Trello s... Read more
2 years ago
Developers and maintainers of PyPI are under attack by digital scammers through email phishing. Several PyPI developers and maintainers have fallen for phishing scams conducted by digital scammers. The malicious campaign was disclosed by Adam Johnson, a project board member at Django, who receiv... Read more
2 years ago
Mitiga finds the Microsoft 365 accounts of business executives under attack by malicious attackers who use a combined strategy of spear phishing and man-in-the-middle methods. Cybersecurity firm Mitiga disclosed that a dubious Business Email Compromise (BEC) campaign is continuously targeting Mi... Read more
2 years ago
RedPacket Security claims that telecom giant Altice fell victim to a cyberattack by ransomware group Hive. RedPacket Security uses web crawlers to collect threat information on the dark web. According to the company, telecom giant Altice fell victim to a ransomware attack on August 9. The attac... Read more
2 years ago
Google's Virtual Machine Threat Detection (VMTD) is now generally available. The service allows customers to detect crypto mining activity in their Google Cloud environments. VMTD was released as a public preview six months ago. The service is now generally available to all Google Cloud users. N... Read more
2 years ago
Popular password manager LastPass fell victim to a cyberattack. Hackers managed to steal technical information. LastPass, one of the largest and most popular password managers, fell victim to a cyberattack about two weeks ago. An "unauthorized party" penetrated the dev environment by compromisin... Read more
2 years ago
Elastic revised its automation and feedback framework with Security Orchestration, Automation and Response (SOAR). The release of Elastic Security 8.4 should optimize data analysis through new integrations with the systems of Elastic's partners. Security experts spend large amounts of time perfo... Read more
2 years ago
Avast updated its Ransomware Protection functionality to give organizations an additional line of defense against ransomware threats. According to Avast, the number of ransomware threats rose by 24 percent in 2022 compared to 2021. Hence, Avast revealed a new way to protect small businesses agai... Read more
2 years ago
