Subterms
Photon photo/Shutterstock Think you’ve been involved in a data breach? This guide will help you find out where and when, and it lists the steps you should take next. Data breaches are security incidents we now hear about every day. They strike every industry, every sector, every county; victim organizations can be everything from small, […] More
A man looking tired and stressed out while sitting at his computer. Image: Getty/PeopleImages Cybersecurity staff are feeling burnout and stressed to the extent that many are considering leaving their jobs. According to research by VMware, 47% of cybersecurity incident responders say they’ve experienced burnout or extreme stress over the past 12 months. While […] More
Image: Shutterstock / stockfour The US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) have picked 11 malware families as their top threats. The list is made up of malware that has evolved over the past 10 years as banking trojans, remote access trojans, information stealers, and ransomware delivery […] More
Microsoft has released two new Windows 11 previews to the Windows Insider Beta Channel with improvements to Defender for Endpoint’s ransomware protections and other fixes. Microsoft’s latest Windows 11 Beta Channel builds have included two releases: a higher build number with features rolling out, and a lower build number with features off by default. In this case, build 22622.450 and 22621.450 don’t appear to be very different as both builds received fixes and other improvements. “We enhanced Microsoft Defender for Endpoint’s ability to identify and intercept ransomware and advanced attacks,” Microsoft’s Insider Program managers explained. That’s all Microsoft has to say about the enhancement for Defender for Endpoint, Microsoft’s endpoint security solution for enterprise to prevent, detect, investigate, and respond to advanced threats. Microsoft has several Windows tools to protect against ransomware, such as Controlled folder access for Windows, which can be configured with Defender for Endpoint to display a notification when an app tries to make changes to a file in a protected folder. The Windows 11 previews also improved storage replication over low bandwidth or congested wide area networks (WANs). For organizations that have configured Server Message Block (SMB) compression, Windows now compresses the file no matter its size. The updates fix issues with IE Mode in Edge, a process that causes a high amount of CPU usage, and tablet mode bugs. Microsoft’s August update to the Windows Subsystem for Android (WSA) targets improvements for those who’d like to use Android games on a Windows PC. The primary WSA gaming updates are improvements to the Settings app for compatibility for games with joysticks, gamepad, aiming in games with arrow keys, and sliding in games with arrow keys. There are also WSA improvements to scrolling, networking, windows sizing, and security updates. More
Getty / Uwe Krejci Google is always looking to make the Android platform more secure. Way back in 2018 (with Android still enjoying tasty treat nicknames, such as Pie), the developers introduced what’s called lockdown mode. Essentially, lockdown mode protects those who prefer to keep their private information from unwanted eyes. When lockdown mode is […] More
Image: Shutterstock / GaudiLab Google has released Chrome 104 stable with fixes for seven ‘high’ and 15 ‘medium’ severity flaws. Google has released Chrome version 104 for Windows, Mac and Linux, with fixes for 27 security bugs reported by third parties. None of the flaws are listed as being actively exploited, but the release notes for […] More
Singapore has passed amendments to two Bills that will clear the way for a new digital intelligence unit to be established as part of the country’s armed forces. The government has described the move as necessary amidst intensifying “cyber intrusions” that threaten critical systems. First mooted in March, the new digital and intelligence service (DIS) unit would be set up as a fourth service under the Singapore Armed Forces (SAF) and responsible for combating online attacks. The DIS team would work alongside the three other services–Army, Navy, and Air Force–to enable the country’s defence systems to work as a collective group. Expected to be operational by year-end, the new unit would be headed by a chief of digital and intelligence service (CDI), joining the other three service heads. The CDI also would be a member of the Armed Forces Council and hold legal powers, discharging their duties and authority to lead the DIS in times of conflict, said Minister for Defence Ng Eng Hen in parliament. Noting that the “battleground” had extended into the cyber realm, Ng said the DIS needed to be a “fully-fledged military service arm” to safeguard Singapore’s critical infrastructures. “The digital domain–just like air, land, and sea–has become a battle terrain which, if left unguarded, can impact the security and sovereignty of any country,” he said. He added that both state- and non-state actors recognised they could use the digital domain to achieve their objectives, particularly, terrorist cells. “Whether to recruit vulnerable inductees, spread false propaganda, supply funds, procure weapons, sabotage, or bypass state security systems, these areas have become standard fare for terrorist networks,” the defence minister said. As digital threats continued to scale, occurring in the millions each day, they could have real physical impact on countries that were unprepared, he said. Pointing to ransomware attacks that brought down crucial services such as the US Colonial Pipeline, which cut off gas supplies, he noted that cyber intrusions could affect critical systems including water systems, hospitals, air traffic, and financial systems. Ng said attacks that had the most “pernicious” intent and aimed to undermine Singapore’s sovereignty or security had to be differentiated, stressing the need for a dedicated unit to build, train, and maintain “cyber troops” and capabilities to defend the country’s digital borders.”The DIS will ensure Singapore is defended against the full spectrum of threats against potential aggressors,” he said. “The digital environment is more porous than the physical one, but the DIS will be responsible to guard against these aggressors in that domain.”The amendments to the SAF Act passed in parliament this week set the path for the DIS to be formally established, along with changes to other Acts to ensure the new service–and its “soldiers”–would be officially recognised as a part of the military. The Constitution also was amended to grant discretionary power to Singapore’s president in appointing the CDI.RELATED COVERAGE More
Microsoft has launched two security services that aim to boost the intelligence capabilities of an organization’s security operations center (SOC) rather than solely protect devices. Microsoft has launched Defender Threat Intelligence and Defender External Attack Surface Management (EASM) — two new products that merge technology Microsoft gained after acquiring security firm RiskIQ last July for $500 million. There may appear to be some overlap between Microsoft’s existing services like its Azure-powered Sentinel security information and event management (SIEM) service and Microsoft Defender Experts for Hunting, a managed threat hunting service, and its Defender Experts for XDR, a managed extended detection and response (XDR) service. But Microsoft says these RiskIQ-based threat intel service offerings differ in that they provide customers with “direct access to real-time data” from Microsoft’s security signals. Microsoft chief Satya Nadella last week said the firm receives 43 trillion security signals each day. Besides signals, Microsoft says its new threat intel service is based on intel merged between RiskIQ, Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC, pronounced ‘Mystic’), and the Microsoft 365 Defender security research team.Rob Lefferts, corporate VP of Microsoft Modern Protection and SOC unit tells ZDNet the threat intel service is about “connecting SOCs with Microsoft’s own researchers from MSTIC”.Meanwhile, Microsoft Defender External Attack Surface Management is about “how do we make sure that you get to see the whole world the way that the attacker would,” says Lefferts.”We’re gonna scan the internet and help you understand what do you present out on the public internet and what exposure does that mean for your company.”The attack surface management service could be useful given data that attackers start scanning the internet for exposed vulnerable devices within 15 minutes of a major flaw’s public disclosure and generally continue scanning the internet for older flaws like last year’s nasty Exchange Server flaws, ProxyLogon and ProxyShell. This service discovers a customer’s unknown and unmanaged resources that are visible and accessible from the internet – giving defenders the same view an attacker has when they select a target. Defender EASM helps customers discover unmanaged resources that could be potential entry points for an attacker. Across MSTIC and Microsoft 365 Defender Research, Microsoft is tracking 250 different actors and ransomware families. “We’re providing intelligence across all of them and bringing that into your security team — not just to learn the latest news… but also to explore it, so if I see an indicator, I might explore where that might live on the network and connect that to what I’m seeing in my company. It’s like a workbench for analysts inside a company,” says Lefferts. Microsoft’s security business is growing at a rapid clip. It was worth $10 billion a year in 2021, and as of April had grown to become a $15 billion a year business. At its Q4 FY 2022 earnings update, Nadella said Microsoft’s “security revenue increased 40 percent” and that its security business now spans 50 categories, well beyond its Defender antivirus for Windows PCs.Other recent acquisitions include IoT security firms CyberX and ReFirm Labs to boost its cybersecurity offerings. Microsoft rebranded its Defender lineup in 2020 to bring Microsoft Threat Protection, Defender ATP, Azure Security Center, and others brought under the Microsoft Defender monicker. Microsoft Defender would become its XDR product, while Azure Sentinel became its SIEM line.Lefferts says the two new Defender-branded services are standalone products. “This is different to protecting endpoint. It’s about improving your security team, giving them new views and perspectives. If you think about a game of chess, if you turn it around and look at it from your opponent’s point of view, this is a tool that is designed to help analysts do that by giving them that different perspective,” he says. More
