Kawasaki Heavy Industries, a Partner of Defense Companies and Agencies, Reports Breach
Managing access control and data permissions is difficult without a proper understanding of the who, what, and where of data access models. To truly understand data flow and access, organizations need to observe privilege based on real world activity and assess the access that does occur. This would allow an organization to differentiate between what should and should not occur.
Cyber Attack, Terrorism, Theft and Scams: Threats to Covid-19 Vaccines
La France a mis en place un protocole sécuritaire très strict afin d’acheminer et stocker ces vaccins en France, alors que la menace qui plane sur ces antidotes au coronavirus est protéiforme.
Critical Flaws Put Dell Wyse Thin Client Devices at Risk
Researchers at the security firm CyberMDX have uncovered two significant vulnerabilities in certain Dell Wyse thin client devices that, if exploited, could enable threat actors to remotely run malicious code and access files on affected devices.
Have you been impacted by the massive SolarWinds hack?
Vectra's Ammar Enaya says this is a significant example of a well-executed supply chain attack compromising a popular IT administration tool as a penetration mechanism. The subsequent exploitation of authentication controls enabled the threat actor to pivot to the cloud and operate undetected for an extended time in Microsoft 365, which allowed them to gather intelligence.
SolarWinds hack: Security experts weigh in on US cyber-attack
The SolarWinds hack, which is reportedly being link to Russia, is shaping up to be the biggest cyber-attack this year. The attack targeted the US government, its agencies and several other private companies. It was first discovered by cybersecurity firm FireEye, and since then more developments are being reported each day.
Highly Skilled Hackers Breach US Agencies and Private Companies
United States officials have blamed Russian hackers for recent breaches at federal agencies, companies, and high-profile cybersecurity vendor FireEye, with the malicious activity appearing to come from highly skilled attackers. "Attackers could also set up automated workflows to consolidate all the activities and run them autonomously while quietly exfiltrating data," Vectra's Matt Walmsley shares.
The 25 Best Cyber Security Books — Recommendations from the Experts
While all of these things together sound like the makings of a best-selling fiction novel, the cyber security industry – and all of the threats and dangers that exist within it – is all too real. That’s one reason why cybersecurity books make for some pretty interesting reading both in terms of academics and entertainment. Hashed Out reached out to many IT and cyber security experts within the industry to inquire about their favorite books on cyber security and create a comprehensive list of the “best cyber security books.”
Officials use language of war, deterrence to discuss US response to suspected Russian hack
The recentbreach, which began in March, targeted the SolarWinds Orion software, a popular IT network administration tool used by companies around the world and by U.S. government agencies including the Department of Homeland Security, the Treasury Department, the Department of Commerce, the Department of Energy, the Pentagon and the White House. The hackers attached malware to a SolarWinds software update that was downloaded by as many as 18,000 organizations.
Officials Use Language of War, Deterrence to Discuss US Response to Suspected Russian Hack
Causing 18,000 organizations, the vast majority of which were not actually targets of interest, to have to remediate and possibly rebuild their devices and networks represent a huge amount of collateral damage," Vectra's Oliver Tavakoli said. "Obviously, the concept of collateral damage exists on a spectrum – but we can probably all agree this attack was on the far end of the spectrum.
Vectra and Baidam to offer cybersecurity scholarships for Indigenous peoples
Vectra AI has formed a new partnership with Baidam Solutions. This partnership provides First Nations’ people with scholarships, a full education and technical skills to combat the rise in cyberattacks against businesses, government and infrastructure.
5 NDR Vendors to Watch in 2021
Solutions Review’s NDR Vendors to Watch is an annual listing of solution providers we believe are worth monitoring. Companies are commonly included if they demonstrate a product roadmap aligning with our meta-analysis of the marketplace. Other criteria include recent and significant funding, talent acquisition, a disruptive or innovative new technology or product, or inclusion in a major analyst publication.
The SolarWinds Perfect Storm: Default Password, Access Sales and More
A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password (“SolarWinds123”) that gave attackers an open door into its software-updating mechanism; and, SolarWinds’ deep visibility into customer networks.
SolarWinds Cyberattack Likely Affected Thousands Worldwide
Vectra's Matt Walmsley comments on the recent SolarWinds breach, discussing how security teams need to drastically reduce the overall risk of a breach by gaining instant visibility and understanding of who and what is accessing data or changing configurations, regardless of how they are doing it, and from where.
Cyber Experts Weigh-In on FireEye Breach, SolarWinds Supply Chain Attack
The recent supply chain attack, which has affected around 18,000 SolarWinds Orion customers, is thought to have been executed by a sophisticated nation-state threat actor. Vectra's Matt Walmsley says that IT administrators and security teams have access to highly privileged credentials as part of their legitimate work. Attacking the digital supply chain of their software tools is an attempt to gain penetration and persistence right at the heart of their operations, gain privileged access and to provide springboard out across their digital hybrid-cloud enterprise.
US Treasury, Commerce Departments Hacked
A number of key US government departments have been hacked, with concern that the attack has allowed a foreign power to monitor American government communication.
A Safe Return to Office May Mean Higher Burden for Companies to Collect, Protect Medical Data
For many businesses, recovery from the pandemic fallout hinges in part on employees working safely and virus-free outside their homes. That leaves organizations facing the very real possibility that they will serve as both trackers and guardians of health data to ensure the safety of employees.
Here Are the Critical Responses Required of All Businesses After SolarWinds Supply-Chain Hack
SolarWinds estimates that between last March and June, roughly 18,000 user organizations downloaded updates of its Orion software that Russian APT actors allegedly corrupted with Sunburst backdoor malware. John Mancini, senior product manager at Vectra, said that a core point of the DHS’ guidance for remediating the SolarWinds hack is to analyze for any listed indicators of compromise and then “identify potential behaviors in metadata that may be related to the compromise.”
Email Systems Breached at the US Treasury and Commerce Departments
Hackers working on behalf a foreign government are believed to be behind a highly sophisticated attack into a range of key government networks, including in the Treasury and Commerce Departments, and other agencies. The hackers had free access to their email systems.
Cybersecurity in 2021: 5 Trends Security Pros Need to Know
With 2021 fast approaching, cybersecurity experts and analysts note that cybersecurity will continue to evolve even as most of the world enters a post-COVID-19 era, with cybercriminals, threat actors and nation-state hackers ready to take advantage of whatever may happen next. This will keep CISOs, their security teams, as well as their counterparts in IT, trying to catch up and stay ahead.
18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack
In what may well turn out to be one of the most significant supply-chain attacks in recent years, a likely nation-state backed group compromised systems at SolarWinds and inserted malware into updates of the company's widely used Orion network management products that were released between March and June 2020. Matt Walmsley, EMEA director at Vectra, says the attackers likely manipulated Security Assertion Mark-up Language (SAML) authentication tokens used in Single Sign On to try and escalate privileges in the early stages of the campaign.
Hackers breach US agencies, Homeland Security a reported target
The US Department of Homeland Security was the third federal department to be targeted in a major cyberattack, US media reported Monday, a day after Washington revealed the hack which may have been coordinated by a foreign government.
Hackers breach US agencies, Homeland Security a reported target
Cyberespionnage des Agences US : comment les attaquants compromettent les comptes Microsoft 365 commente Vectra
L’Agence de cybersécurité et de sécurité des infrastructures (CISA) du gouvernement américain a publié une directive d’urgence appelant « toutes les agences fédérales américaines à examiner leurs réseaux à la recherche d’indicateurs de compromission et à déconnecter ou éteindre immédiatement les produits SolarWinds Orion ».
Hackers breach US agencies, Homeland Security a reported target
SolarWinds over the weekend admitted that hackers had exploited a backdoor in an update of some of its software released between March and June. The hacks are part of a wider campaign that also hit major cybersecurity firm FireEye, which said its own defenses had been breached by sophisticated attackers who stole tools used to test customers' computer systems.
The next big thing in security
Oliver Tavakoli, our CTO, shares his thoughts on the upcoming cybersecurity trends to watch.
How Worried Should I Be About My Password Being Compromised, Stolen In A Data Breach? Experts Say This
After a major data breach, do criminals actually have your password even if it has been encrypted? Companies have various ways of encrypting passwords. There are also techniques called salting and hashing. The upshot is, the average user will not take the time to find out how the affected company does their encrypting—or hashing or salting for that matter.
Why accelerated cloud adoption exposes organisations to security risk
Chris Fisher, Vectra's director of security engineering APJ, shares that as our reliance on technology grows exponentially, so does the need for robust cybersecurity to protect users and keep data and business operations safe from hackers.
IoT Cybersecurity Improvement Act Signed Into Law
The IoT Cybersecurity Improvement Act has been officially signed into law. The bipartisan legislation, sponsored by Reps. Robin Kelly, D-Ill., and Will Hurd, R-Texas, and Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo., requires that any IoT device purchased with government money meet minimum security standards.
Europol Warns of COVID-19 Vaccine Crime Gangs
As the time for distribution of COVID-19 vaccines comes closer, law enforcement agencies across the world are warning of organized crime threats, including schemes to sell counterfeit vaccine on the dark web, as well as physical and virtual attacks targeting supply chain companies.
Russian Hackers Exploit VMware Bug
To exploit VMware's vulnerability, an attacker must have access to the device’s management interface. This access can allow attackers to forge security assertion markup language (SAML) credentials to send seemingly authentic requests to gain access to protected data. Chris Morales, our head of security analytics, discusses howthat this is why granted access does not equate to trusted access.
Suspicious Email Aimed to Get Users to Give up Office 365 Credentials
Researchers at Abnormal Security said Monday they blocked an attack where a malicious email impersonating one of their customer’s vendors bypassed the customer’s Proofpoint gateway and set up a trap to steal Office 365 credentials. Chris Morales, head of security analytics at Vectra, said the known partner compromise technique equates to internal spear phishing, when a phishing email that originates from a trusted and legitimate connection doesn’t get blocked by the email gateway.
Channel round-up: Who’s gone where?
With the market demand for NDR solutions is generating significant traction among forward-thinking enterprises with this set to continue into 2021, we're excited to welcome Jerome Jullien to the Vectra team as vice-president of international partner sales.
Vectra unveils new Vice President of International Partner Sales
With more than 25 years’ experience in Enterprise Technology, including managing Channels, System Integrator and Service Provider (SI/SP) and Alliances, Jerome Jullien, now Vice President of International Sales, brings a strong track record of building successful business models for the Channel and will play a key role in managing and driving sales via the Vectra partner ecosystem.
How to protect against ransomware
Instead of monolithic ransomware, or a single piece of software that did everything and was highly automated, today’s ransomware tends to be modular and often obtained from a malicious developer or acquired “as a service”. There’s an organized dark ecosystem for ransomware with component and service supply chains, not dissimilar to the structures and practices we see in the legitimate world. It’s expeditious to change and morph, which makes traditional fingerprinting for signatures less effective.
IBM Uncovers Global Email Attack on COVID Vaccine Supply Chain
This week, IBM Security X-Force uncovered a global phishing campaign targeting the COVID-19 Vaccine Cold Chain. The company’s task force dedicated to tracking down COVID-19 cyber security threats said it discovered fraudulent emails impersonating a Chinese business executive at a credible cold-chain supply company. The emails, dating back to September, targeted organizations across six countries, including Italy, Germany, South Korea, Czech Republic, greater Europe and Taiwan, the company said.
Vectra appoints Jerome Jullien as Vice President of International Partner Sales
We are thrilled to announce the appointment of Jerome Jullien as Vice President of International Partner Sales to its leadership team.
Ransomware gang says they stole 2 million credit cards from E-Land
Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack. This is a timely reminder that ransomware operators have changed their tactics and become far more targeted. Not only are they performing data theft and public bullying, but they remain active inside an organization for extended periods prior to detection.
BEC Scammers Leverage Email Auto-Forward Rules to Intersect Financial Transactions
The FBI this week made public a private industry notification warning that business email compromise (BEC) scammers are exploiting web-based email clients’ auto-forwarding rules to secretly gather intel on their targets and also hide their fraudulent communications. Moreover, if organizations fail to sync their web-based email clients with their desktop-based clients, this suspicious activity may go unnoticed by infosec personnel.
Phishing campaign threatens coronavirus vaccine supply chain
A calculated cybercriminal operation is targeting companies in the coronavirus vaccine supply chain with phishing emails that appear to be designed to steal sensitive user credentials, IBM Security X-Force said in a report released Thursday. The targeted organizations are all associated with a COVID-19 cold chain, a component of the overall supply chain that ensures the safe storage of vaccines in cold environments during storage and transportation.
Vectra nomme Jérôme Jullien au poste de Vice-Président des Ventes aux Partenaires Internationaux
Vectra annonce le recrutement, au sein de son équipe de direction, de Jérôme Jullien au poste de Vice-Président des Ventes aux partenaires internationaux.
Vectra sets A/NZ channel in sights with new leadership hire
Jerome Jullien has been appointed to the leadership team of network threat detection and response (NDR) vendor, Vectra, as the international partner sales vice president.
Editor's Question - How can SME's best protect their company's data
Organizations that conduct almost all of their business online now face needing to protect an expanded threat surface. Ammar Enaya, our METNA regional director, shares his takes on how business can protect their data in the cloud.
Sales of CEO Email Accounts May Give Cyber Criminals Access to the "Crown Jewels" of a Company
A hacker began selling access to hundreds of stolen executive email accounts last Friday, ZDNet reported. Email and password combinations are being sold for anywhere from $100 to $1,500 on Exploit.in, an underground hacker forum populated by Russian speakers.
FBI: BEC Scams Are Using Email Auto-Forwarding
If businesses do not configure their network to routinely sync their employees' web-based emails to their internal network, an intrusion may be left unidentified until the computer sends an update to the security appliance set up to monitor changes within the email applications. This leaves the employee and all connected networks vulnerable to cybercriminals.
Machine Learning Models for Smart Cities
Artificial intelligence (AI) and machine learning (ML) will help make it possible to create an urban landscape that enables safe, efficient, convenient and self-optimizing traffic eco-systems, while dealing with highly increased complexity. As cities become “smarter”, data collected from sensors regarding energy consumption, traffic, sanitation, will all increase at a scale that makes it difficult for certain types of tasks to be done well by humans alone, or would be unthinkable without the aid of automated system.
On the Horizon
Next year we will also see more blurred lines across traditional channel boundaries. Sandra Hilt, senior director of channel sales for EMEA, at Vectra, shares her thoughts on how today’s channel partners are increasingly positioned as service-led, trusted advisors to their customers. Consequently, the offering of different service engagements is becoming more and more important.
Vectra Extends NDR to the Cloud With New Capabilities
The new cloud capabilities allow Vectra and its users to track and link accounts and data in cloud and hybrid environments. This helps users prevent the loss of visibility when environments expand to the cloud where users leverage multiple accounts and may access resources from shadow IT devices.
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
Techday's 10 Minute IT Jams provide sharp, to-the-point insights into emerging and established technology companies that operate in the Asia-Pacific region. In Techday's second IT Jam with Vectra AI, they speak with head of security engineering Chris Fisher, who discusses the organizational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organizations should take to protect employees from attacks.
CISA warns public about online holiday shopping scams
With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.
AI AND EQ
Adam Mendler sat down with our CEO, Hitesh Sheth, for a one-on-one interview. Hitesh shared his perspective on leadership, AI, and technology trends.