- Attacks or misconfigurations exposed sensitive cloud-hosted data from companies such as Capital One, Uber and Netflix.
- A report by Orca Security found that at least 80% of surveyed organizations had at least one workload facing the internet that is running on unsupported OS or has remained unpatched for more than 180 days.
- Reports by major IT Industry Analysts highlight the problem of using security designed for physical environments to protect the cloud and recommend the use of dedicated Cloud Workload Protection Platforms (CWPP).
All about Virtualization and Cloud Security | Recent Articles:
- Not all BEC attacks are about large frauds
- Attackers spend a long time finding vulnerable people in the infrastructure
- The number of BEC campaigns is on the rise
Many Consumers Don’t Trust the Way Companies are Using Their Data—and Businesses Need to Change that Perception
- Data privacy, particularly for personally identifiable information, has become more important for consumers.
- Many consumers do not trust how companies are using their data.
- Businesses need to take steps to ensure optimum data security and privacy.
- CISA is aware of active exploitation of Netlogon bug
- A remote attacker can exploit the vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access
- Agency urges admins to applyi patches from Microsoft’s August 2020 Security Advisory for CVE-2020-1472
- New phishing campaign uses the European Union’s General Data Protection Regulation (GDPR) compliance as a lure
- Attackers are targeting businesses in several industries
- Emails also target high-profile individuals (executives and upper management)
- Household IoT devices face an ever-increasing risk without proper security
- Hackers compromise IoT devices and integrate them into botnets responsible for major DDoS attacks
- ISPs can do much more to protect their customers and infrastructure
- SMBs are not prepared for security incidents but are looking for more protection
- Cybersecurity investment from SMB will likely rise
- A majority of SMBs believe that cybersecurity will be outsourced in the next five years
Seven in Ten CISOs Believe Cyberwarfare Is an Imminent Threat to Their Organisations
- Most CISOs are concerned about the threat of cyberwarfare to their organisation yet a lot of businesses don’t have a strategy in place to protect against it. In fact, new research by Bitdefender found 71% of CISOs believe cyberwarfare is a threat to their organisation.
- Despite this, only just over a fifth (22%) admit to not having a strategy in place to mitigate this risk.
- Healthcare breaches continue in high numbers
- Vendor report details minority of healthcare providers can't meet NIST CSF criteria
- Healthcare providers can get back on track, but it will take a strong focus on an effective remediation plan
- Your customers can be helped to change their weak passwords
- All your company needs to do is make one change to its website
- Supports new feature coming to Google Chrome next month
Zerologon: How Bitdefender Protects Customers from this No-Credential Post-Exploit Technique
- Zerologon is a zero-credential vulnerability that exploits Windows Netlogon to allow adversaries access to the Active Directory domain controllers, first reported in August 2020
- “This attack has a huge impact” according to researchers, as attackers on the local network can launch this exploit to compromise the Windows domain controller with no authentication
- Bitdefender customers are protected from this post-exploit technique via our Network Attack Defense, Anti-Malware SDK and Indicator of Risk (IOR) technologies
- The main driver of the IoT market is not innovation and the final product suffers
- The IoT gold rush brings more and more unsecure devices because standards and regulations don’t really exit
- Security for IoT devices can still be achieved, even in these conditions, and the solution is in the ISPs’ hands
- Chief Information Security Officers are preparing for an average of 3.3 security compliance standard audits over the next six to 12 months
- Of the CISOs working for software companies, 77% said they were preparing for SOC-2 audits
- Security seniors are worried about their current resources facing upcoming audits and security compliance
Researchers Identify the Departments and Industries Most Susceptible to Email-Based Cyber-Attacks
- Simulated phishing campaign reveals recipients typically open the email 50% of the time, 32% click the malicious attachment or link, and 13% submit sensitive data
- Employees in Quality Management & Health, Purchasing / Administrative Affairs, Legal / Internal Control, Human Resources, and Research & Development have the highest rates opening and interacting with malicious emails
- Phishing attacks are winning because they target fundamental and typical human nature, researchers say
- The adoption of telehealth vendors has significantly expanded healthcare providers' attack surface
- Researchers find a noticeable increase in leaks from primary healthcare and telehealth companies on the dark web since February 2020
- Threat actors use strains of ransomware that are uniquely tailored to take down healthcare IT infrastructures
- Despite new risks from telehealth vendors, the healthcare sector has improved its security posture compared to 2019
- Ransomware retakes the lead (from business email compromise) as the top cyber insurance claim the first half of the year
- Analysts observed a 47% increase in the severity of ransomware attacks, on top of a 100% increase from 2019 to Q1 2020
- Ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) were the most frequent types of loss
- More organizations are moving applications and data to the cloud, driven in part by changing work environment caused by the pandemic
- Ensuring data security is a key challenge in taking full advantage of public cloud resources
This year has seen a few dramatic trends that directly affect IT, in large part results of the global health crisis: the massive shift to a work-from-home model, a significant increase in e-commerce activity, and a big jump in the use of videoconferencing and other collaborative tools—to name a few.
- 94% of IT pros have experienced a data breach at some point in time
- 79% are worried their current employer could be next
- Employee data breaches most commonly occur through external email services such as Gmail and Outlook
Companies Should Tell Workers It’s OK to Confess to Security Mistakes, Stanford Professor Says
- 88% of data breaches are caused by human error
- Employees between the ages of 18 and 30 are five times more likely to admit to errors that compromised cybersecurity
- IT reps can leverage integrated Risk Management and Analytics to address misconfigurations and vulnerabilities, including human-triggered ones
IT Leaders Grossly Overestimate the Maturity of Their Vulnerability Management Programs
- 84% of companies say their vulnerability management is efficient
- Researchers find a significant disconnect between perception and reality
- Organizations must update and automate remediation processes
Most companies place a lot of trust in their vulnerability management programs, with 84% of IT leaders rating them as "mature." However, a deeper dive into the state of vulnerability management at various companies reveals a major disconnect between that perception and reality.
A Third of Companies Expose Unsafe Network Services to the Internet, Research Reveals
- Data storage, remote access and network administration are most prevalent services exposing sensitive data
- Unsafe services are linked to other security issues in the digital supply chain
- Ukraine, Indonesia, Bulgaria, Mexico and Poland are among countries with the highest rate of domestically hosted systems running unsafe services
A third of companies in the digital realm expose unsafe services to the internet and exhibit several other critical security lapses, according to an in-depth study on the prevalence of unsafe network services.
- Most security professionals have difficulty maintaining security configurations in the cloud
- 22% still assess their cloud security posture manually
- Security pros confess they need more automated enforcement
Organizations face shortcomings in monitoring and securing their cloud environments, according to a survey of 310 security professionals.
- Criminals look for higher BEC payments
- Gift card frauds are the most common BEC incidents
- One Russian BEC operation tries to hit companies with $1.27 million attack
The average payments made through Business Email Compromise (BEC) attacks are increasing significantly, according to a new report APWG Phishing Activity Trends Report.
- Cybercrime will cost more than $11 million per minute globally by 2021
- Organizations spend on average $25 per minute to tackle malicious activity
- Threat intelligence emerges as a key asset in defending the enterprise against cyber threats
The global cost of cybercrime has doubled since 2015. Cybercrime now costs organizations $25 per minute and will have a per-minute global cost of more than $11 million by 2021, according to a new report.
- 50% of businesses find it harder to detect insider threats after migrating to the cloud
- customer data is the most vulnerable to insider attacks
- the average cost of remediation after an insider attack is anywhere between $100,000 and $2 million
Insider threats pose a significant danger to any organization. This danger is exacerbated as the global pandemic forces a shift to cloud applications and remote work. According to a new report, 50% of businesses find it harder to detect insider threats after migrating to the cloud.
- Security is not only a technology problem. It’s also a people problem
- The impact in mean time to respond (MTTR) is increasing as a direct result of a lack of time to investigate every alert
- New MDR services are designed to help customers instantly up-level their incident response capabilities
Cloud Security
Subscribe to Blog Updates
Posts by Categories
- Advanced Persistent Threats (7)
- CISO (20)
- Cloud Security (122)
- Cybersecurity Awareness (28)
- Endpoint Detection and Response (6)
- Endpoint Protection & Management (25)
- Enterprise Security (428)
- Events (4)
- Financial Services (16)
- Healthcare (22)
- IoT Security (24)
- IT Compliance & Regulations (53)
- Machine Learning (9)
- Managed Detection and Response (8)
- Managed Service Providers (19)
- Network Protection (11)
- Privacy and Data Protection (105)
- Ransomware (12)
- Remote Work (5)
- SMB Security (44)
- Telecommunications (2)
- Threat Research (94)
- Virtualization & Data Center Security (81)
Latest Tweets
Tweets by @Bitdefender_EntPosts by Month
- February 2021 (9)
- January 2021 (12)
- December 2020 (31)
- November 2020 (33)
- October 2020 (39)
- September 2020 (26)
- August 2020 (29)
- July 2020 (34)
- June 2020 (40)
- May 2020 (33)
- April 2020 (31)
- March 2020 (28)
- February 2020 (23)
- January 2020 (26)
- December 2019 (28)
- November 2019 (24)
- October 2019 (28)
- September 2019 (19)
- August 2019 (17)
- July 2019 (23)
- June 2019 (15)
- May 2019 (17)
- April 2019 (20)
- March 2019 (19)
- February 2019 (20)
- January 2019 (19)
- December 2018 (19)
- November 2018 (23)
- October 2018 (22)
- September 2018 (22)
- August 2018 (23)
- July 2018 (24)
- June 2018 (22)
- May 2018 (28)
- April 2018 (23)
- March 2018 (22)
- February 2018 (19)
- January 2018 (19)
- December 2017 (13)
- November 2017 (17)
- October 2017 (19)
- September 2017 (18)
- August 2017 (16)
- July 2017 (17)
- June 2017 (16)
- May 2017 (17)
- April 2017 (15)
- March 2017 (16)
- February 2017 (13)
- January 2017 (14)
- December 2016 (11)
- November 2016 (14)
- October 2016 (11)
- September 2016 (10)
- August 2016 (15)
- July 2016 (12)
- June 2016 (15)
- May 2016 (10)
- April 2016 (13)
- March 2016 (15)
- February 2016 (14)
- January 2016 (6)
- December 2015 (6)
- November 2015 (9)
- October 2015 (8)
- September 2015 (11)
- August 2015 (8)
- July 2015 (10)
- June 2015 (3)
- May 2015 (8)
- April 2015 (6)
- March 2015 (5)
- February 2015 (7)
- January 2015 (8)
- December 2014 (8)
- November 2014 (9)
- October 2014 (8)
- September 2014 (9)
- August 2014 (9)
- July 2014 (8)
- June 2014 (8)
- May 2014 (6)
- April 2014 (8)
- March 2014 (5)