Does Your Business Have a Well-Known URL for Changing Passwords? It Should!
by Graham Cluley, from Business Insights , on 22.09.2020
Your customers can be helped to change their weak passwords All your company needs to do is make one change to its website Supports new feature coming to Google Chrome next month read more
Mozi Botnet Accounts for Most Traffic in Q1 2020, New Research Shows
by Silviu STAHIE, from IoT Security Insights , on 21.09.2020
Security researchers found that a relatively new botnet named Mozi has picked up some steam, and its’ currently spiking in IoT usage. It’s using one of the most common techniques to compromise devices, command injection. Many of the current IoT botnets are Mirai-based and share code with the already famous malware. Mozi falls into the ... The post Mozi Botnet Accounts for Most Traffic in Q1 2020, New Research Shows appeared first on Bitdefender. read more
Zerologon: How Bitdefender Protects Customers from this No-Credential Post-Exploit Technique
by Ashish Chakrabortty, from Business Insights , on 21.09.2020
Zerologon is a zero-credential vulnerability that exploits Windows Netlogon to allow adversaries access to the Active Directory domain controllers, first reported in August 2020 “This attack has a huge impact” according to researchers, as attackers on the local network can launch this exploit to compromise the Windows domain controller with no authentication Bitdefender customers are protected from this post-exploit technique via our Network Attack Defense, Anti-Malware SDK and Indicator of Risk (IOR) technologies read more
IoT Devices Ship with Security Flaws Because Profit Drive the Market
by Silviu Stahie, from Business Insights , on 18.09.2020
The main driver of the IoT market is not innovation and the final product suffers The IoT gold rush brings more and more unsecure devices because standards and regulations don’t really exit Security for IoT devices can still be achieved, even in these conditions, and the solution is in the ISPs’ hands The IoT ecosystem is built on a sand foundation, with its devices always in the spotlight for their lack of security, vulnerabilities and other potential problems looming on the horizon. With no solution in sight, even in the long run, the devices' security now falls into the users' or ISPs' responsibility. read more
New ‘BLESA’ Bluetooth Vulnerability Could Affect Billions of IoT Devices, Researchers Warn
by Alina Daniela BIZGA, from IoT Security Insights , on 17.09.2020
A new Bluetooth vulnerability could potentially affect billions of smartphones and IoT devices running on Bluetooth Low Energy (BLE) protocol, researchers from Purdue University warn. Unlike the latest BLURtooth vulnerability that refers to the way Bluetooth devices pair with one another, BLESA (Bluetooth Low Energy Spoofing Attack) was discovered in the reconnection process of BLE devices. ... The post New and#8216;BLESA' Bluetooth Vulnerability Could Affect Billions of IoT Devices, Researchers Warn appeared first on Bitdefender. read more
COVID-19 Amplifies CISOs’ Concerns about Doing More with Less
by Filip Truta, from Business Insights , on 17.09.2020
Chief Information Security Officers are preparing for an average of 3.3 security compliance standard audits over the next six to 12 months Of the CISOs working for software companies, 77% said they were preparing for SOC-2 audits Security seniors are worried about their current resources facing upcoming audits and security compliance Chief Information Security Officers (CISOs) must prepare for more than three audits on average in the next six to 12 months but struggle with inadequate tools, limited budgets and personnel, and inefficient manual processes. read more
Researchers Identify the Departments and Industries Most Susceptible to Email-Based Cyber-Attacks
by Filip Truta, from Business Insights , on 16.09.2020
Simulated phishing campaign reveals recipients typically open the email 50% of the time, 32% click the malicious attachment or link, and 13% submit sensitive data Employees in Quality Management and Health, Purchasing / Administrative Affairs, Legal / Internal Control, Human Resources, and Research and Development have the highest rates opening and interacting with malicious emails Phishing attacks are winning because they target fundamental and typical human nature, researchers say Users that deal with extensive email exchanges daily are proportionally more prone to phishing attacks than those that don’t. Hardly a surprise. But, according to one report, researchers have been able to pinpoint the exact industries and departments most prone to falling victim to email-borne cyber threats. read more
Telehealth Now the Biggest Cyber-Threat to Healthcare, New Data Shows
by Filip Truta, from Business Insights , on 15.09.2020
The adoption of telehealth vendors has significantly expanded healthcare providers' attack surface Researchers find a noticeable increase in leaks from primary healthcare and telehealth companies on the dark web since February 2020 Threat actors use strains of ransomware that are uniquely tailored to take down healthcare IT infrastructures Despite new risks from telehealth vendors, the healthcare sector has improved its security posture compared to 2019 While COVID-19 has proven the healthcare industry's overall resilience, it has also increased its cybersecurity risk. A new report indicates that the rapid adoption and onboarding of telehealth vendors has led to a significantly increased digital footprint and attack surface, leaving both provider and patient data at risk. read more
Ransomware Was the Top Cyber Insurance Claim in Q1 2020
by Filip Truta, from Business Insights , on 14.09.2020
Ransomware retakes the lead (from business email compromise) as the top cyber insurance claim the first half of the year Analysts observed a 47% increase in the severity of ransomware attacks, on top of a 100% increase from 2019 to Q1 2020 Ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) were the most frequent types of loss Data from 25,000 small-to-midsize organizations reveals ransomware as the top cyber insurance claim in the first half of 2020, with the average ransomware demand increasing 100% from 2019 through Q1 2020. read more
Bluetooth Low-Energy Vulnerability Exposes Millions of Devices to Man-in-the-Middle Attacks
by Alina Daniela BIZGA, from IoT Security Insights , on 11.09.2020
Devices supporting Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing are vulnerable to man-in-the-middle (MITM) attacks, according to the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University researchers. The vulnerability, dubbed “BLURtooth,” could let attackers overwrite or reduce the encryption key strength for pairing Bluetooth devices securely, allowing additional access to ... The post Bluetooth Low-Energy Vulnerability Exposes Millions of Devices to Man-in-the-Middle Attacks appeared first on Bitdefender. read more
