Protection requirements for cloud workloads continue to grow as organizations accelerate their adoption of containers and host an ever-increasing number of workloads in hybrid and multi-cloud architectures. Cloud Workload Protection Platforms (CWPP) are critical to protect these workloads from cyberattack and provide security teams with visibility into, and control of, cloud-based infrastructure and applications.
The potential dangers of ransomware are top of mind for cyber security and IT leaders around the world. The threat of these attacks continues to rise with no organization completely safe. Ransomware attacks have been reported by businesses of all sizes and vertical industries.
As organizations expand their operations to multiple platforms, they must also manage the content disseminated there. This raises questions of how to protect audiences from illicit content, particularly when it comes to email security. One of the best ways to deal with these attacks is to integrate deep learning technology that can identify complex and subtle malicious files in emails.
During a recent investigation, our researchers encountered a new version of the BADHATCH malware used by the well-known threat actor, FIN8. We previously reported that FIN8 was working on a new version of the BADHATCH malware - and this recent attack supports our findings and conclusions. FIN8 is known for taking extended breaks to improve their tactics, techniques, and procedures (TTPs) which increases their success rate. With each new version of their toolkit, they start with small tests on a limited pool of victims before launching a full-scale attack.
Advanced Persistent Threats (APTs) continue to produce challenges for security teams. The ability to track and mitigate threats, such as StrongPity APT, Lazarus and the elusive Nebulae backdoor , is critical to being resilient against APTs. One of the best ways that security teams can both detect and respond to advanced threats is by using the MITRE framework. Unfortunately, these resources are not always available to security operation centers (SOCs), managed security services providers (MSSPs) or in-house security teams due to budget constraints and available high-level talent.
-
A growing number of organizations are increasing their use of the cloud.
-
These workloads, including databases, transactions, and analytics, are vital to business operations.
-
Cloud workloads are different from regular endpoints which is why security teams need to deploy platforms specifically designed to protect these resources.
Newer versions of Windows 10 (build 1809 - 2018-present) may be vulnerable to a local privilege escalation enabled by misconfiguration on the Security Account Manager (SAM) database file. SAM is a database file that stores password hashes for all local user accounts. (This file can be found in folder %SystemRoot%\System32\Config\SAM and it is mounted in registry under HLKM\SAM.)
When it comes to managing the security of their data and business-technology systems, many healthcare enterprises focus heavily on regulatory compliance efforts, such as their HIPAA security and patient privacy mandates. This is for an excellent reason — noncompliance can lead to costly fines and the ire of regulators. While it’s likely that focusing on regulatory compliance can incrementally improve security, that shift alone won’t take the organization to the level of security maturity it needs to have to protect against today’s threats such as ransomwar.
Come August, the Bitdefender team – along with some 20K security and InfoSec professionals – will descend on Las Vegas for four days of revelry on and about the latest security risks, research, and trends.
Healthcare providers are operating in a time of extraordinary pressure. Whether it's recovering their operations from a devastating pandemic year or it's the pace that their organization is embracing a rapid digital transformation aimed to optimize and modernize their systems. The last thing healthcare organizations needed this past year was an increase in ransomware and other types of attacks — but that's precisely what they experienced.
Every three to five years a new cybersecurity technology term gets hyped. In 2021 it’s eXtended Detection and Response (XDR). I’m old enough to remember way back in 2017 when endpoint detection and response (EDR) was considered the ‘Holy Grail’ of cyber defense.
In an earlier blog this year, I compared the concepts of cybersecurity and cyber-resiliency, arguing that the main difference between the two is one of perspective. Cybersecurity is centered on the idea that attacks can (and should) be prevented while cyber-resilience acknowledges that some attacks will go through, and that organizations must prepare to deal with the consequences quickly and effectively.
