Malware

Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with zero-trust-level certainty, according to Beyond Identity. Without such enhanced verification capacities, organizations cannot truly implement zero trust security, it said.…

Managed detection and response (MDR) company Trustwave said Wednesday that it will be partnering with extended detection and response (XDR) company Trellix. The partnership calls for Trustwave to support Trellix endpoint security and to sell  MDR with Trellix, Trustwave said. MDR, as offered by Trustwave, essentially works as a remote, third-party security operations center. The idea is, given the growing complexity of modern security threat landscapes, to let end user companies simply offload key parts…

During every quarter last year, between 10% and 16% of organizations had DNS traffic originating on their networks towards command-and-control (C2) servers associated with known botnets and various other malware threats, according to a report from cloud and content delivery network provider Akamai. More than a quarter of that traffic went to servers belonging to initial access brokers, attackers who sell access into corporate networks to other cybercriminals, the report stated. “As we analyzed malicious…

Although some cybersecurity researchers say that ransomware attacks are on the downswing as cybercriminals face declining payments, a spate of recent ransomware attacks makes it feel like the scourge is continuing at the same, or even an elevated, pace. Nowhere is this more apparent than in the higher education sector, with at least eight colleges and universities in North America reporting ransomware attacks since December 2022. Among recent incidents are: On December 30, 2022 Bristol…

ReversingLabs has added new secret detection capabilities to its software supply chain security (SSCS) tool to help developers prioritize remediation with context-based data on secrets. In a development environment, secrets refer to digital authentication credentials used in software components including login credentials, API tokens, and encryption keys. “We are using our knowledge of exposed secrets in the billions of files we’ve previously analyzed to provide that context,” said Tomislav Pericin, co-founder and chief software architect, ReversingLabs.…

Ring, a home security and smart home company owned by Amazon, has reportedly suffered a ransomware attack by Russia-linked ALPHV group, according to a tweet by VX-Underground. The ALPHV ransomware group, also known as BlackCat, has posted the company’s logo on its website along with a message that reads, “There’s always an option to let us leak your data.” The group has threatened to leak the stolen data if the company refuses to pay the ransom. It is…