The UK’s National Cyber Security Centre (NCSC) recently released its cyber incident trends report for the period between October 2018 and April 2019. The report covers five main cyber attack trends seen in the UK – (1) attacks on Office 365 deployments (and cloud services in general), (2) ransomware, (3) phishing, (4) vulnerability scanning, and (5) supply-chain attacks. “All the incident types noted have resulted in compromises within the UK, some significant in nature,” it says.
Cyberattacks come in all shapes and forms. They are everywhere, and whether you know it or not, you’ve likely been a victim of one at some point. Even an occasional look at IT news will tell you just how widespread cybercrime is and how many areas of life it affects. Yet many of us don’t have more than a superficial idea of how cyberattacks work, where they originate, and how severe their repercussions can be.
Check Point Research released its 2019 mid-year report on Cyber Attack Trends last month. The report puts targeted ransomware attacks at the top of its list of dominant ongoing trends in 2019. Cryptomining attacks, on the other hand, have declined considerably over the past year, with only 21 percent organizations affected by cryptominers’ attacks this year, compared to 42 percent in 2018.
EthicalHatCyber Attack Trends 2019 – Check Point Research
The SANS Institute released its 2019 SOC Survey report – Common and Best Practices for Security Operations Centers – earlier this month. The survey was designed to “provide objective data to security leaders and practitioners who are looking to establish a SOC or optimize their existing SOCs”. The average size of the SOC teams represented in the survey was 10, with a majority of the respondents based either in North America or Europe, and drawn predominantly from the cybersecurity industry, followed by government, banking and finance, technology, and a few others.
CIS CSAT is a free web-based tool that allows organizations to assess their cybersecurity strategy and infrastructure against the Center for Internet Security’s 20 Critical Controls. The tool was developed for CIS by EthicalHat Cyber Security, and is based on AuditScripts’ popular CIS Controls Manual Assessment spreadsheet. It helps businesses easily track their documentation, implementation, automation and reporting of CIS Controls, and compare their own security performance with the industry average.
EthicalHatCIS CSAT – A web-based tool to track your implementation of CIS Controls
Company sued by client; Data leak under investigation
Real estate giant First American Financial Corp (NYSE:FAF), that suffered a serious data leak recently, was sued by a client late last month for failing to implement “even rudimentary security measures” and putting millions of clients’ information at risk.
EthicalHatFirst American Financial Corp facing the heat after data exposure
The SANS Institute released a new cloud security report recently based on a survey of several hundred companies across the US, Asia, Europe, and Canada. The companies surveyed ranged from the small (under 1000 employees) to the very large (over 50000 employees) and represented a variety of industries including 32 percent from the technology sector and 11 percent from the finance sector.
In a massive patch update on Tuesday, Adobe released security patches for 87 vulnerabilities in four of its products – Adobe Acrobat, Adobe Reader, Adobe Flash Player, and Adobe Media Encoder. As many as 84 of the 87 patches address vulnerabilities in Acrobat and Reader.
EthicalHatAdobe releases 87 patches for vulnerabilities in Acrobat, Reader, Flash Player, Media Encoder
We all receive malicious or spammy emails from time to time, and while most are easy to tell apart from legitimate mail, there are some that require greater attention to detect. An Unsolicited Commercial Email (UCE), more commonly known as spam, may be an irritant, but it is not a threat to you. Malicious emails, on the other hand, are intended to swindle or steal, and are far more dangerous.
EthicalHatA few tips to find out if that suspicious-seeming email you received is really malicious
EthicalHat partners with CISOs to help them achieve their security goals in alignment with their business goals. We support companies of varying sizes by developing custom security solutions, well-suited for their environments and needs.
We are a group of highly motivated security engineers who see the online security challenges as opportunities to help diverse business models achieve their security objectives. Information security is not our career – it is our passion.