Collaborate Disseminate
IBM X-Force Research has been seeing a significant number of new malicious domains related to COVID-19 appear in the wild since late February 2020, based on Quad 9 data.
The post What the Data Is Telling Us About the Current Rise in Security Threats During the COVID-19 Pandemic appeared first on Security Intelligence.
Promote security awareness among your remote workforce and inform future training efforts by distributing tailored cybersecurity self-assessments to your employees.
The post Develop Tailored Cybersecurity Self-Assessments to Help Secure Your Remote Workforce appeared first on Security Intelligence.
American and British cybersecurity authorities on Wednesday issued a fresh warning that “a growing number of cyber criminals and other malicious groups” are exploiting the coronavirus pandemic, adding to a chorus of public and private-sector advisories intended to blunt COVID-19-related hacking. Criminals have been scanning for vulnerabilities in remote access software as people around the world stay home, while state-linked hackers, known as Advanced Persistent Threats (APTs), are impersonating trusted organizations to further their cyber-operations, U.S. and U.K. officials said. “Both APT groups and cybercriminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months,” says the advisory from the U.S. Department of Homeland Security’s cybersecurity division and the U.K.’s National Cyber Security Centre (NCSC). Overall levels of cybercrime haven’t increased, the agencies said, but the use of COVID-19-related hacking lures has grown. The NCSC pointed to a text-message-based phishing scam purporting to offer Britons financial relief […]
The post U.S., U.K. authorities warn of state-linked and criminal hacking exploiting coronavirus pandemic appeared first on CyberScoop.
As employers rapidly respond to the need to protect their workforce from potential exposure and spread of the novel coronavirus and the disease known as COVID-19, many of your organizations are making the very difficult decision to pivot to a work-from-home model. That means employees will be connecting to the corporate network from whichever device […]
The post 9 Best Practices from X-Force Red for Organizations and Employees appeared first on Security Intelligence.
Continue reading 9 Best Practices from X-Force Red for Organizations and Employees
When security researchers began warning about gaping vulnerabilities in virtual private network products months ago, they were hoping to head off the type of sweeping, data-stealing campaigns that could come from state-sponsored hacking groups. The VPN software, made by companies like Palo Alto Networks and Pulse Secure, and used by corporations around the world, offers an invaluable foothold into corporate networks for hackers able to breach the software. Iran-linked hackers are showing what happens when those warnings go unheeded. They are using the unpatched vulnerabilities as a tip of the spear in their long-running effort to spy on companies in the aviation, oil and gas, and telecommunications sectors, Israeli company ClearSky CyberSecurity said in research released Sunday. Companies in Israel, Saudi Arabia and the United States are among the targets. The report connects three years of activity from various hacking groups that researchers say appear to be operating on behalf of […]
The post Iran-linked hackers use VPN exploits in far-flung spying campaign appeared first on CyberScoop.
Continue reading Iran-linked hackers use VPN exploits in far-flung spying campaign
With hackers actively exploiting a critical vulnerability in its products, corporate virtual private network provider Citrix on Sunday issued the first of several patches for that flaw, and accelerated the timeline for releasing other fixes. In a statement, Citrix chief information security officer Fermin J. Serna urged customers to apply the latest patches, and said that the company had increased staffing should customers need help installing the new software. Experts say that successful exploitation of this bug could allow a hacker to burrow into the many Fortune 500 company networks that rely on the software, creating an opportunity for data theft. A flaw in VPN services, in particular, could result in the exposure of sensitive corporate information that victims incorrectly believe is protected behind an additional layer of security. The Department of Homeland Security’s cybersecurity division on Monday advised Citrix customers to “upgrade their vulnerable appliances as soon as possible.” The patches released Sunday cover certain versions of […]
The post Citrix issues first of several patches for critical bug appeared first on CyberScoop.
Continue reading Citrix issues first of several patches for critical bug
Over the course of a week, the security implications have grown more dire for a critical vulnerability in two popular products made by Citrix, a corporate virtual private network service provider used at many Fortune 500 companies. The flaw exists in a Citrix cloud-based application delivery tool, as well as in a product that allows remote access to the company’s applications. Experts say that successful exploitation of the bug could allow a hacker to burrow into the many enterprise networks that use the software. The result could be the exposure or theft of corporate information from Citrix clients who otherwise trust technology provided by the $2.5 billion company. First, experts said that attackers would soon begin exploiting the flaw. Citrix then issued an advisory assuring that its recommended stop-gap security measures would help address the issue. But as researchers warned that hackers had begun exploiting the vulnerability, Citrix updated its advisory to say that, in certain […]
The post Hackers are racing to exploit a Citrix bug that the company hasn’t patched yet appeared first on CyberScoop.
Continue reading Hackers are racing to exploit a Citrix bug that the company hasn’t patched yet
It’s been more than two weeks since researchers went public with a critical vulnerability in products made by corporate VPN service provider Citrix that could give a hacker free rein over the many enterprise networks that use the software. Now, with no sign of a complete patch for the vulnerability, cybersecurity experts are exhorting organizations to address the issue. “It’s extremely important to apply the mitigation steps and recognize that there is no patch for this,” said Dave Kennedy, founder of cybersecurity company TrustedSec, adding that he has already seen attackers scanning for vulnerable systems. “We have a working exploit, and it took us under a day to develop it,” Kennedy told CyberScoop. “Attackers have the same capabilities.” The flaw, discovered by cybersecurity company Positive Technologies, is in a Citrix cloud-based application delivery tool, as well as a product that allows remote access to the company’s applications. Based on the […]
The post Experts urge organizations to address festering critical Citrix flaw appeared first on CyberScoop.
Continue reading Experts urge organizations to address festering critical Citrix flaw
A critical vulnerability has been discovered in Citrix’s Application Delivery Controller (ADC) and Gateway products that could give attackers unauthorized access to enterprise networks as well as the ability to run code on them. Security company Positive Technologies, which first discovered the flaw, says the vulnerability spans several years’ worth of Citrix technology. It estimates that “at least 80,000 companies in 158 countries are potentially at risk.” Citrix’s ADC is a cloud-based application delivery and load balancing tool, while Gateway allows remote access to a company’s applications. The vulnerability affects Citrix ADC and Citrix Gateway 13.0, 12.1, 12.0, 11.1, and 10.5. “Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat,” Dmitry Serebryannikov, director of the security audit department for Framingham, Massachusetts-based Positive Technologies, said in a blog post. Citrix […]
The post Critical flaw in Citrix applications could allow unauthorized access to internal networks appeared first on CyberScoop.
Better personal security in everyday life isn’t something everyone considers — at least, not until something goes wrong. Here are six security awareness gifts for the cybersecurity unaware.
The post 6 Security Awareness Gifts for the Cybersecurity Unaware appeared first on Security Intelligence.
Continue reading 6 Security Awareness Gifts for the Cybersecurity Unaware