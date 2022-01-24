ContributorsPublishersAdvertisers
API Security, Ransomware Top 2022 Threats

By Nathan Eddy
securityboulevard.com
 3 days ago

Cover picture for the articleCompanies are looking for ways to reduce the risks from cyberattacks and 2022 looks to be the year organizations accept that security must become an adaptable, changeable system within the business and overhaul their legacy static approaches accordingly. As the public grows more aware of the impacts of cyberattacks...

securityboulevard.com

theregister.com

Visibility, immutability, security … a revolutionary approach to fighting off ransomware

Webinar It’s a truism that your data is your organisation's most precious asset. Here’s another. Once data is backed up, many organisations tend to forget about it. This is a mistake, to put it mildly. Firstly, ransomware attackers are data savvy enough to know that hitting a target’s backups first means they are more likely to pay up a ransom. So, ensuring the safety of your backups is an ongoing concern.
COMPUTERS
HackerNoon

Securing Your HTTP APIs

If you are building an application with HTTP APIs that serve sensitive data, one of the key considerations is security. You want to ensure that callers of your API are authorized to make those calls before they are granted access to sensitive information or perform sensitive operations. This post will review a few HTTP API access control approaches, from simple API keys to OAuth. It will also discuss a more complex yet flexible scheme that enables your customers to influence how access control decisions are made, based on how we approached securing API traffic to [Fusebit].
COMPUTERS
securityboulevard.com

How to Back Up and Restore Your Linux System Using the Rsync Utility

It’s easy to take for granted the importance of having a server backup — until you experience a system failure, a natural disaster, or a malware attack. This can potentially paralyze your business through the loss of vital records such as financial and customer data. Your ability to recover will only be as good as your last backup.
SOFTWARE
bleepingcomputer.com

TellYouThePass ransomware returns as a cross-platform Golang threat

TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target more operating systems, macOS and Linux, in particular. The return of this malware strain was noticed last month, when threat actors used it in conjunction with the Log4Shell exploit to target vulnerable machines. Now, a report from...
COMPUTERS
securityboulevard.com

Observability, AI And Context: Protecting APIs From Today’s (And Tomorrow’s) Attacks

In today’s world, application programming interfaces (APIs) — the connective communication tissue between applications — are everywhere. Everyday consumer electronics, from cars to TVs, are busy talking to servers and to each other, enabled through APIs. Mission-critical enterprise applications have moved to the cloud, built on microservices architectures that communicate through APIs in order to work together in tandem, delivering critical services to users. Today’s digital economy is built on a foundation of APIs that enable critical communications, making it possible to deliver a richer set of services faster to users.
SOFTWARE
securityboulevard.com

Understanding and Preventing Account Takeover

In the previous installment of our blog series on the modern threat landscape, we looked at how attackers can use credential stuffing attacks to break into valid user accounts. Today, we will continue to follow that theme by diving into the world of account takeovers (ATOs) to see how attackers use compromised accounts to commit fraud.
securityboulevard.com

API Gateway Security – What kind of security do API gateways offer?

APIs are critical building blocks of modern applications and also represent one of the fastest-growing facets of an organization’s attack surface. Naturally, enterprises need to ensure that these assets are properly managed, provisioned, and remain protected from threats and attackers. API protection solutions and API gateways both play key...
SOFTWARE
NewsBreak
Data Security
NewsBreak
Technology
NewsBreak
Computers
securityboulevard.com

Analysis of Xloader’s C2 Network Encryption

Xloader is an information stealing malware that is the successor to Formbook, which had been sold in hacking forums since early 2016. In October 2020, Formbook was rebranded as Xloader and some significant improvements were introduced, especially related to the command and control (C2) network encryption. With the arrival of Xloader, the malware authors also stopped selling the panel’s code together with the malware executable. When Formbook was sold, a web-based command and control (C2) panel was given to customers, so they could self-manage their own botnets. In 2017, Formbook’s panel source was leaked, and subsequently, the threat actor behind Xloader moved to a different business model. Rather than distributing a fully functional crimeware kit, Xloader C2 infrastructure is rented to customers. This malware-as-a-service (MaaS) business model is likely more profitable and makes piracy more difficult.
SOFTWARE
securityboulevard.com

Buyers Guide to Compliant Cloud Services for Defense Contractors

When defense contractors look for a reliable source to store and share their controlled unclassified information (CUI), they will frequently turn to a cloud service provider (CSP). Cloud is a superior choice for contractors over storing on premise as cloud enables unlimited storage, access to data from anywhere, data resiliency, and freedom from managing and maintaining hardware.
SOFTWARE
securityboulevard.com

Biden Signs Authority for NSS to NSA: Think CISA for Military, Intel Systems

Depending on how you look at it, President Biden’s Wednesday memorandum—which gave the NSA the type of authority over agencies operating national security systems that the Cybersecurity and Information Security Agency (CISA) has on civilian agencies—is either an example of the administration delivering on its promise to bolster cybersecurity or an example of it being a little slow putting teeth to the executive order the president signed last spring. Or maybe it’s both.
U.S. POLITICS
The Press

Pure Storage Enables Organizations to Close the Ransomware Security Gap, Implement Meaningful Data Protection Strategies

MOUNTAIN VIEW, Calif., Jan. 19, 2022 /PRNewswire/ -- Pure Storage® (NYSE: PSTG), the IT pioneer that delivers storage as-a-service in a multi-cloud world, today addressed the state of ransomware security among modern businesses, highlighting the importance of backup and recovery to build a comprehensive data protection strategy. Ransomware attacks...
COMPUTERS
securityboulevard.com

Zero Trust Security – A Quick Guide

Zero Trust is a security framework that requires authentication, authorization, and validation from all users, whether inside or outside the organization’s network. This is mandatory for security configuration and precedes granting privileged access to the organization’s data or applications. The term Zero Trust means that the network doesn’t trust anyone connected to a local network, cloud, or hybrid.
COMPUTERS
martechseries.com

New Cybersecurity Report from Hornetsecurity Cites Growing Threats of Brand Impersonation and Ransomware Leaks

Cybercrime remains one of the biggest threats worldwide, according to a new report from email cloud security and backup provider Hornetsecurity. The Cyber Threat Report Edition 2021/2022 details the latest insights and data on the current threat situation with a focus on email communication. The report examines the development of spam and advanced threats, shows which industries are most under threat, and identifies the most frequently used cyberattack methods. It also reviews the most crucial cybercrime-related events of the past year.
TECHNOLOGY
securityboulevard.com

Imperva Champions Data Privacy Week 2022

As a cybersecurity industry leader, Imperva is working with the National Cybersecurity Alliance (NCA) as a 2022 Data Privacy Week Champion to promote the need for businesses to prioritize data privacy and protection and the importance of individuals and companies to secure their online data. As part of Data Privacy...
TECHNOLOGY
securityboulevard.com

How to Build a Security Awareness Training Program

With increased digitization of everything post-pandemic, cybersecurity has become a top concern for global CEOs with almost half planning to increase cybersecurity investment by 9%, according to PwC. Since 85% of breaches involve human error, throwing more money at the problem by buying the latest cybersecurity technology may hit a point of diminishing returns. At its core, cybersecurity isn’t just a technical problem, it’s a human problem. Organizations need more than technology—they need employees as both their first and last line of defense; employees who embrace security awareness and who identify, avoid and flag activities and items that are of a suspicious nature.
COMPUTERS
securityboulevard.com

Vulnerability Disclosures Rise to Meet Federal Requirements

For all its other security milestones, 2021 was the year that vulnerability disclosures began to get their due, taking on greater importance across all sectors, but particularly in government where valid submissions rose 1,000% and in financial services and software, where they rose 82% and 73%, respectively. In FinServ, the...
securityboulevard.com

Lessons from the Log4j crisis: Are we ready for the next global vulnerability?

It was an unwelcome early Christmas gift shared with the entire world on December 9th, 2021. Log4Shell rocked the industry when we realized just how dangerous and far-reaching its effects could be. The mad scramble to find and patch the flaw left many organizations wondering why they weren’t better prepared in the first place and what they need to do next.
SOFTWARE
securityboulevard.com

Kubernetes Incident Response: Building Your Strategy

Kubernetes is the popular container orchestration platform developed by Google to manage large-scale containerized applications. Kubernetes manages microservices applications over a distributed cluster of nodes. It is very resilient and supports scaling, rollback, zero downtime, and self-healing containers. The primary aim of Kubernetes is to mask the complexity of overseeing...
SOFTWARE
securityboulevard.com

Four Steps Manufacturers Can Take to Build a Robust Security Program

In the not-too-distant past, manufacturers spent the vast majority of their security resources on physical security. But now with the convergence of IT and OT (operational technology), that’s not an option. In fact, manufacturing was the second most-attacked industry in 20201 (we’re still waiting on 2021 figures). This means taking surface-level measures like air gapping (ensuring a computer or network has no network interfaces connected to outside networks), is not enough. In this blog, we’ll take manufacturers through the four steps they can build a robust security program. Plus, we offer a free downloadable checklist at the end of the article.
TECHNOLOGY

