Help Net Security

A new threat matrix outlines attacks against machine learning systems

Tue, 27 Oct 2020 07:54:17 GMT

A report published last year has noted that most attacks against artificial intelligence (AI) systems are focused on manipulating them (e.g., influencing recommendation systems to favor specific content), but that new attacks using machine learning (ML) are within attackers’ capabilities. Microsoft now says that attacks on machine learning (ML) systems are on the uptick and MITRE notes that, in the last three years, “major companies such as Google, Amazon, Microsoft, and Tesla, have had their … More →

The post A new threat matrix outlines attacks against machine learning systems appeared first on Help Net Security.

Work from home strategies leave many companies in regulatory limbo

Tue, 27 Oct 2020 06:00:55 GMT

Like most American businesses, middle market companies have been forced to rapidly implement a variety of work-from-home strategies to sustain productivity and keep employees safe during the COVID-19 pandemic. This shift, in most cases, was conducted with little chance for appropriate planning and due diligence. This is especially true in regard to the security and compliance of remote work solutions, such as new cloud platforms, remote access products and outsourced third parties. Many middle market … More →

The post Work from home strategies leave many companies in regulatory limbo appeared first on Help Net Security.

MDR service essentials: Market trends and what to look for

Tue, 27 Oct 2020 05:30:51 GMT

Mark Sangster, VP and Industry Security Strategist at eSentire, is a cybersecurity evangelist who has spent significant time researching and speaking to peripheral factors influencing the way that legal firms integrate cybersecurity into their day-to-day operations. In this interview, he discusses MDR services and the MDR market. What are the essential building blocks of a robust MDR service? Managed Detection and Response (MDR) must combine two elements. The first is an aperture that can collect … More →

The post MDR service essentials: Market trends and what to look for appeared first on Help Net Security.

Organizations struggle to obtain quality threat data to guide key security decisions

Tue, 27 Oct 2020 05:00:14 GMT

Organizations are often forced to make critical security decisions based on threat data that is not accurate, relevant and fresh, a Neustar report reveals. Just 60% of cybersecurity professionals surveyed indicate that the threat data they receive is both timely and actionable, and only 29% say the data they receive is both extremely accurate and relevant to the threats their organization is facing at that moment. Few orgs basing decisions on near real-time data With … More →

The post Organizations struggle to obtain quality threat data to guide key security decisions appeared first on Help Net Security.

78% of Microsoft 365 admins don’t activate MFA

Tue, 27 Oct 2020 04:30:48 GMT

On average, 50% of users at enterprises running Microsoft 365 are not managed by default security policies within the platform, according to CoreView. Microsoft 365 administrators fail to implement basic security like MFA The survey research shows that approximately 78% of Microsoft 365 administrators do not have multi-factor authentication (MFA) activated. According to SANS, 99% of data breaches can be prevented using MFA. This is a huge security risk, particularly during a time when so … More →

The post 78% of Microsoft 365 admins don’t activate MFA appeared first on Help Net Security.

Cyber risk literacy should be part of every defensive strategy

Tue, 27 Oct 2020 04:00:11 GMT

While almost 95 percent of cybersecurity issues can be traced back to human error, such as accidentally clicking on a malicious link, most governments have not invested enough to educate their citizens about the risks, according to a report from the Oliver Wyman Forum. Cyber risk literacy of the population Cyber literacy, along with financial literacy, is a new 21st century priority for governments, educational institutions, and businesses. “Cyberattacks are now one of the fastest … More →

The post Cyber risk literacy should be part of every defensive strategy appeared first on Help Net Security.

Imperium RelevantID helps market research and panel orgs combat synthetic identity frauds

Tue, 27 Oct 2020 02:00:25 GMT

Imperium announced the release of a significantly upgraded version of its flagship ID-validation tool RelevantID. This major release is designed to help market research and panel organizations combat the rise of highly sophisticated synthetic identity frauds that are becoming increasingly difficult to catch using conventional fraud-detection models. From today, the company’s powerful fraud-blocking tool Fraudience will be integrated into RelevantID as standard. New and existing clients will now automatically enjoy access to Fraudience, which monitors … More →

The post Imperium RelevantID helps market research and panel orgs combat synthetic identity frauds appeared first on Help Net Security.

Confluera 2.0: Enhanced autonomous detection and response capabilities to protect cloud ...

Tue, 27 Oct 2020 01:30:53 GMT

Confluera announced Confluera 2.0 which includes new features and capabilities that will address evolving customer needs as they battle cyberattack amid the current volatile security environment. Confluera XDR delivers a purpose-built cloud workload detection and response solution with the unique ability to deterministically track threats progressing through the environment. Confluera holistically integrates security signals from the environment to provide a complete attack narrative of a cyberattack in real-time, as opposed to showing isolated alerts. With … More →

The post Confluera 2.0: Enhanced autonomous detection and response capabilities to protect cloud infrastructure appeared first on Help Net Security.

HackerOne introduces integrations and partnerships to connect and defend customers

Tue, 27 Oct 2020 01:00:55 GMT

HackerOne introduced a set of strategic integrations and partnerships that make it easy to integrate HackerOne data with existing security and development workflows. Announced at the fourth annual Security conference, the integrations seek to ensure the HackerOne platform fits into customers’ existing security workflow with minimal friction, enabling them to identify, prioritize, and respond to threats in real time. “Our mission is to empower the world to build a safer internet,” Co-founder Michiel Prins explained. … More →

The post HackerOne introduces integrations and partnerships to connect and defend customers appeared first on Help Net Security.

Dropbox qualifies Western Digital Ultrastar 20TB SMR HDD to meet growing cloud storage demands

Tue, 27 Oct 2020 00:30:28 GMT

Empowering the world’s most essential data infrastructures, Western Digital announced that Dropbox is one of the first to qualify the Ultrastar DC HC650 20TB, host-managed, shingled magnetic recording (SMR) hard disk drives (HDD). With Western Digital SMR HDDs serving as the storage foundation for its custom-built, multi-exabyte storage platforms, Dropbox continues its strategic path, taking advantage of the highest storage densities with the lowest TCO without sacrificing data durability and availability for its 600 million+ … More →

The post Dropbox qualifies Western Digital Ultrastar 20TB SMR HDD to meet growing cloud storage demands appeared first on Help Net Security.

Deeptree selects Stellar Cyber to deliver intelligent next generation SOC

Tue, 27 Oct 2020 00:15:35 GMT

Stellar Cyber announced that Deeptree has selected the Stellar Cyber platform as the basis of its intelligent next generation SOC. Through this partnership, Deeptree can bring tailored, enterprise-class cybersecurity services to customers of all sizes. The Stellar Cyber platform goes beyond other SOC solutions in that it tightly integrates native capabilities, such as network detection response (NDR), cloud detection response (CDR) and SIEM, while also analyzing data from existing third-party solutions to provide the most … More →

The post Deeptree selects Stellar Cyber to deliver intelligent next generation SOC appeared first on Help Net Security.

Hackers breach psychotherapy center, use stolen health data to blackmail patients

Mon, 26 Oct 2020 11:31:33 GMT

News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released. Therapist session notes of some 300 patients have already been published on a Tor-accessible site on the dark web. Among the victims are Finnish politicians (e.g., Member of Parliament Eeva-Johanna Eloranta) and minors. What is known about the … More →

The post Hackers breach psychotherapy center, use stolen health data to blackmail patients appeared first on Help Net Security.

Attackers finding new ways to exploit and bypass Office 365 defenses

Mon, 26 Oct 2020 06:15:58 GMT

Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways (SEGs), an Area 1 Security study reveals. How criminals bypass Office 365 defenses Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise to evade traditional email defenses, which are based on already-known threats. Attackers also often use Microsoft’s own tools and branding to bypass legacy defenses and email authentication … More →

The post Attackers finding new ways to exploit and bypass Office 365 defenses appeared first on Help Net Security.

DNS attacks increasingly target service providers

Mon, 26 Oct 2020 06:00:07 GMT

The telecommunications and media sector is the most frequent victim of DNS attacks, according to EfficientIP. DNS attacks on service providers According to the IDC 2020 Global DNS Threat Report, organizations in the sector experienced an average of 11.4 attacks last year, compared to 9.5 attacks across industries. Overall, 83% of service provider organizations experienced a DNS attack. In addition to being well above the overall average of 79%, a successful attack on telecommunications providers … More →

The post DNS attacks increasingly target service providers appeared first on Help Net Security.

Adapt cybersecurity programs to protect remote work environments

Mon, 26 Oct 2020 05:30:41 GMT

Earlier this year, businesses across the globe transitioned to a remote work environment almost overnight at unprecedented scale and speed. Security teams worked around the clock to empower and protect their newly distributed teams. Protect and support a remote workforce Cisco’s report found the majority of organizations around the world were at best only somewhat prepared in supporting their remote workforce. But, it has accelerated the adoption of technologies that enable employees to work securely … More →

The post Adapt cybersecurity programs to protect remote work environments appeared first on Help Net Security.

Organizations need to understand risks and ethics related to AI

Mon, 26 Oct 2020 05:00:38 GMT

Despite highly publicized risks of data-sharing and AI, from facial recognition to political deepfakes, leadership at many organizations seems to be vastly underestimating the ethical challenges of the technology, NTT DATA Services reveals. Just 12% of executives and 15% of employees say they believe AI will collect consumer data in unethical ways, and only 13% of executives and 19% of employees say AI will discriminate against minority groups. Surveying 1,000 executive-level and non-executive employees across … More →

The post Organizations need to understand risks and ethics related to AI appeared first on Help Net Security.

Enterprises should strive for composability to be resilient during uncertainty

Mon, 26 Oct 2020 04:30:59 GMT

CIOs and IT leaders who use composability to deal with continuing business disruption due to the COVID-19 pandemic and other factors will make their enterprises more resilient, more sustainable and make more meaningful contributions, according to Gartner. Analysts said that composable business means architecting for resilience and accepting that disruptive change is the norm. It supports a business that exploits the disruptions digital technology brings by making things modular – mixing and matching business functions … More →

The post Enterprises should strive for composability to be resilient during uncertainty appeared first on Help Net Security.

HITBSecTrain: Cutting-edge virtual cyber security trainings on a monthly basis

Mon, 26 Oct 2020 04:00:24 GMT

For better or for worse, the global COVID-19 pandemic has confined most of us to our own countries (our houses and apartments, even), has changed how and from where we do our work, and has restricted our social lives. The distractions and tools still available to help us battle our growing anxiety and sadness are few, but some of them, such as learning new things, are very powerful. Happily for all of us, many courses … More →

The post HITBSecTrain: Cutting-edge virtual cyber security trainings on a monthly basis appeared first on Help Net Security.

CrowdStrike Falcon X Recon: Enabling orgs to get ahead of nation-state, eCrime, hacktivist attacks

Mon, 26 Oct 2020 02:30:21 GMT

CrowdStrike announced the new CrowdStrike Falcon X Recon module that will provide customers an increased level of situational awareness through the deep, broad collection of data from digital sources. Falcon X Recon will help uncover potential malicious activity so security teams can better protect their brand, employees and sensitive data. CrowdStrike Falcon X Recon is designed to go beyond the dark web to include forums with restricted access on the deep web, breach data, source … More →

The post CrowdStrike Falcon X Recon: Enabling orgs to get ahead of nation-state, eCrime, hacktivist attacks appeared first on Help Net Security.

Protegrity Data Protection Platform enhancements help secure sensitive data across cloud ...

Mon, 26 Oct 2020 02:00:07 GMT

Protegrity announced a significantly transformed Protegrity Data Protection Platform, offering enterprises the flexibility to easily secure sensitive data across cloud environments from a single platform. Built for hybrid-cloud and multi-cloud serverless computing, Protegrity’s latest platform enhancements allow companies to deploy and update customized policies across geographies, departments, and digital transformation programs. Protegrity enables businesses to quickly and safely turn sensitive data – wherever it resides – into intelligence-driven insights to deliver better customer experiences, monetize … More →

The post Protegrity Data Protection Platform enhancements help secure sensitive data across cloud environments appeared first on Help Net Security.