CSO Security News Analysis

TSA to issue cybersecurity requirements for US rail, aviation sectors.

Views expressed in this cybersecurity-intelligence update are those of the reporters and correspondents.

Accessed on 10 October 2021, 1313 UTC.

Content supplied by https://www.csoonline.com

Source:

https://www.csoonline.com/news-analysis/

Please click link or scroll down to read your selections.

News Analyses

Fragmented image of a Boeing 787 airplane represented in encrypted data.
trojan horse malware virus binary by v graphix getty

Identity access management  >  abstract network connections and circuits reflected in eye

One Identity acquires OneLogin in bid to offer consolidated IAM suite

In a move to offer its customers a consolidated suite of security applications, One Identity has acquired OneLogin, an IAM (identity and access management) provider, adding to its own set of PAM (privileged access management, IGA…

endpoint security hacker vulnerablility secure mobile security app

FCC asks carriers to step up to stop SIM swapping, port-out fraud

The US federal agency puts pressure on telecom carriers to put better authentication, account protection safeguards in place.

Security system alert, warning of a cyberattack.

Why today’s cybersecurity threats are more dangerous

Greater complexity and interdependence among systems gives attackers more opportunity for widespread, global damage, say government and industry experts.

backdoor / abstract security circuits, locks and data blocks

APT29 targets Active Directory Federation Services with stealthy backdoor

The FoggyWeb post-exploitation backdoor is persistent and steals configuration databases and security token certificates.

botnet

Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots

The automated bots are highly successful because they effectively emulate legitimate service providers.

cybersecurity ts

MITRE ATT&CK, VERIS frameworks integrate for better incident insights

The MITRE ATT&CK/VERIS collaboration aims to create a common dictionary for communicating information about security incidents.

Ransomware  >  An encrypted system, held ransom with lock + chain, displays a dollar sign.

US cryptocurrency exchange sanctions over ransomware likely not the last

The sanctions are aimed to cut ransomware gangs off from their revenue. Advisory on sanctions risks regarding ransomware payments also updated.

USA / United States of America stars + stripes and binary code superimposed over The White House

Software cybersecurity labels face practical, cost challenges

The federal government wants consumer software to have cybersecurity labels; experts question the feasibility of the mandate.

security threats and vulnerabilities

APT actors exploit flaw in ManageEngine single sign-on solution

US government agencies urge immediate action to look for indicators of compromise and, if found, take recommended steps to mitigate.

danger lurking in mobile binary code

How APTs become long-term lurkers: Tools and techniques of a targeted attack

A new McAfee report details the tools and techniques an APT group used to go undetected on a client network for over a year.

CIO | Middle East  >  UAE / United Arab Emirates  >  Flag

3 cyber mercenaries: An insider threat case study

Three US nationals, working as cyber mercenaries on behalf of the United Arab Emirates, have accepted a deferred plea agreement for exploiting U.S. entities using U.S.-controlled technologies.

Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars

Federal agencies face new zero-trust cybersecurity requirements

The OMB and CISA issue guidance to move all federal agencies to a shared zero-trust maturity model for FY22-24. The catch: No new funding.

a hooded figure targets a coding vulnerability

Cosmos DB users advised to regenerate their keys following serious vulnerability

The Azure vulnerability, which affects only those using the Jupyter Notebook feature, gives attackers access to data in databases.

radar grid / computer circuits / intrusion detection / scanning

LockFile ransomware uses intermittent encryption to evade detection

This newly discovered ransomware works fast, has multiple ways to avoid detection, and preys on Windows systems with known vulnerabilities.

A laptop displays binary code and the flag of China.

China’s PIPL privacy law imposes new data handling requirements

The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.

joe biden cyberceomeeting public domain wh

Tech giants pledge at least $30 billion to improve cybersecurity following White House meeting

Technology, financial, and education leaders commit to a wide range of initiatives to enhance the nation’s cybersecurity posture in collaboration with the Biden Administration.

ransomware breach hackers dark web

OnePercent ransomware group hits companies via IceID banking Trojan

This new, aggressive ransomware group also uses Cobalt Strike to move laterally across the network.

Ransomware  >  A masked criminal ransoms data for payment.

4 most dangerous emerging ransomware threat groups to watch

New research identifies four emerging ransomware groups currently affecting organizations and that show signs of becoming bigger threats in the future.

LOAD MORE

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.  Thanks for joining us today.

Russ Roberts

https://cyber-security-intelligence.org

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s