Tag Archive for: Modern

Emerging tech in security and risk management to better protect the modern enterprise

/in


Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

With growing agreement that the traditional enterprise perimeter and security architecture are dead, an array of security and risk management technologies have recently emerged that are worth considering in the enterprise, according to Gartner senior director and analyst Ruggero Contu.

The rapid pace of digital transformation, the move to cloud, and the distribution of the workforce mean that standard security controls “are not as effective as in the past,” Contu said during the research firm’s Security & Risk Management Summit — Americas virtual conference this month.

Most businesses report they’ve faced security struggles while trying to adapt to the accelerated technology changes of the past two years. A recent report by Forrester, commissioned by cyber vendor Tenable, found that 74% of companies attribute recent cyberattacks to vulnerabilities in technology put in place during the pandemic.

Of course, the irony is that the adoption of new technology also offers a solution for many of these issues. With a massive global shortage of cybersecurity talent and skills, tools and automation designed for the new digital world are essential for meeting the security challenge.

8 emerging technologies to watch

When it comes to emerging technologies in security and risk management, Contu focused on eight areas: confidential computing; decentralized identity; passwordless authentication; secure access service edge (SASE); cloud infrastructure entitlement management (CIEM); cyber physical systems security; digital risk protection services; and external attack surface management.

Many of these technologies are geared toward meeting the new requirements of multicloud and hybrid computing, Contu said. These emerging technologies also align to what Gartner has termed the “security mesh architecture,” where security is more dynamic, adaptable, and integrated to serve the needs of digitally transformed enterprises, he said.

Confidential computing

To process data, that data must be decrypted, opening a potential for unauthorized…

Source…

Google will introduce modern security measures for Android

/in


Over the years, Google has given Android more and more security features. These are meant to ensure users are protected, often in the details and areas they don’t care about.

To make sure that Android becomes more secure, not only in newer versions, but extends to older versions. Thus there is an obligation to bring some new features associated with permissions to these older versions.

With Android 11, Google has brought new permissions and the way apps and services use them.  Specifically, and in a very specific area, these permissions are removed after some time without using the app.


This novelty has ensured that no application can be hidden and data collected.  To do this, you will have to show the user a new message asking for new permissions and alert them to use them.


With this little action being successful, Google decided that it should also be extended to other versions of Android.  This news will be received with updates to other elements of Android itself, not depending on the brands or manufacturers.




From that point on, older versions of Android are also subject to these new rules.  The permissions of the app have validity, which if it expires due to lack of use, it must be requested again from the users.


Permissions for Android Google Security Apps


The limits created by Google directly determine who will receive this news soon.  We are talking about all versions of Android up to 6. Users here are subject to the rules set by this new policy.


This is an important step for Android and many smartphones that use this system.  Thus Google ensures that the latest security measures created are passed on to older models, keeping them protected.

Source...

The Modern Alternative to Prevent Ransomware Attacks

/in


Zero-Trust model

In the world of cyberattacks, ransomware attacks are not a new thing. But over recent years, the rate of such attacks are increasing at a tremendous rate. The attacks have risen by 40% to 199.7 million cases across the globe, as reported by cybersecurity experts. Such attacks create tough and complex challenges for growth as every industry whether it is a technological company or healthcare organization, is not safe from these attacks. These have been constantly adding more and more losses to the organizations. Thus, to avoid the loss which is resulting from such attacks, every organization must take crucial steps such as adopting the Zero-Trust model which includes significant security regulations.

Ransomware attacks take place 4,000 times every day across the globe. The process includes malware that infects a target computer and an attacker that encrypts valuable data and then sends the victim a notification demanding a ransom payment to release access to it.

In such circumstances, A zero-trust model is an important defense mechanism that helps in blocking ransomware. Therefore, the adoption of the zero-trust model is one of the most effective ways to prevent ransomware attacks. The zero-trust security is built on the principle “never trust, always verify”. This security strategy would help in preventing the attacks of ransomware by preventing it from spreading across the operations while keeping the operation running.

The Zero-Trust model also ensures that the customer IT assets are completely hidden away from the customer and only the applicable internal and external users will be provided access to what they require. The other users on the internet or network would be unable to get knowledge about the presence of these IP addresses.

The Zero-Trust model helps the IT managers to fully conceptualize the systems and resources to secure appropriate least privilege and safe access to accurate devices. It also provides controlling powers and threat investigation skills which are required to prevent systems from ransomware.

Ransomware Zero Trust security model intensifies the IT protection posture through the following:

  • Blackening of private applications
  • Network Segregation
  • Zones of…

Source…

The anatomy of a modern day ransomware conglomerate

/in


Written by Jeff Stone
Jan 4, 2021 | CYBERSCOOP

If school administrators, medical organizations and other crucial industries haven’t already had enough bad news over the past year, a new hacking group that relies on emerging techniques to rip off its victims should fulfill that need. 

What makes the pain even worse is that the group is using an innovative structure that’s becoming more common in the cybercrime underworld.

This ransomware gang, dubbed Egregor, in recent months appears to have hacked more than 130 targets, including schools, manufacturing firms, logistics companies and financial institutions, according to the U.K.-based security firm Sophos. Egregor works much like other strains of ransomware — holding data hostage until a victim pays a fee — though in some ways the group behind it also exemplifies the current state of the hacking economy. 

Rather than relying on lone hackers who mastermind massive data breaches, or dark web forums frequented only by Russian scammers, today’s cybercriminals function as part of a kind of cooperative shadow industry that rewards innovation and reputation. It’s like an informal professional network in Silicon Valley, only based on extorting schools rather than generating engagement.

“We’re seeing some of the same individuals who were active years ago still active now,” said Jason Passwaters, chief operating officer at the threat intelligence firm Intel 471. “They’re providing the same services they provided back then, it’s just that everybody is interdependent on each other.” 

Just as hundreds of people may be involved in the transportation of a Chiquita banana from its origin to a grocery store, security researchers suggest that dozens of individuals might be involved in a given data breach or digital extortion attempt. It’s not unique to the Egregor group. Hackers using the malware strains known as Conti, Thanos and SunCrypt, among others, also have deployed similarly cooperative techniques. 

It’s a style with roots in the mid-2000s when a hacker using the name “slavik” released the Zeus malware, a hacking tool…

Source…