Deepfakes and LinkedIn: malign interference campaigns

Deepfakes haven’t quite lost the power to surprise, but given their wholesale media saturation in the last year or so, there’s a sneaking suspicion in some quarters that they may have missed the bus. When people throw a fake Boris Johnson or Jeremy Corbyn online these days, the response seems to be fairly split between “Wow, that’s funny” and barely even amused.

From Thousands of Security Alerts to a Handful of Insights

Understanding an attacker’s workflow and how Attack Analytics hunts them down

In recent years we’ve seen a significant increase in the number and complexity of cyber-attacks. The accessibility of public tools and their automation capabilities, as well as distributed and anonymization features that enable attackers to work under the radar, create quite a challenge for organizations in protecting their main business. Many report alert fatigue – the exhaustion of sifting through a large number of false-positive and non-valuable information. Imperva’s survey shows that more than a quarter of IT professionals receive at least a million alerts a day, while many more (55%) report over 10,000. Traditional defense systems of the past use tools and methods that have failed to face this evolving challenge – unable to handle the majority of alerts, SOC teams can simply crash under the daily overload (Figure 1).

Login Friction: Diminish the Risk, Not the User Experience

The Authentication Situation. How Can Companies Evaluate Risk without Impacting the User Experience?

According to Riskified, losses from account takeover increased 122% from 2016 to 2017 and grew by 164% in 2018. This percentage is expected to be even higher by the end of 2019. In this environment, it is critical that companies find a way to secure credentials. At the same time, however, users are demanding a seamless online experience and companies are in a difficult position trying to address ATO without introducing login friction.

The Lazarus’ gaze to the world: What is behind the second stone ?

// Introduction

In a recent blog post (link here) we analysed the first part of an operation likely conducted by APT38/Lazarus, which targeted various organizations, including financial and banking ones. We already described the initial phase of the kill chain where we get to describe the fact that the actor implemented in the operation two different first-stage payloads to be released to the victims on the basis of their system architecture. These payloads are used in order to carry out a first recognition phase. Beyond this, we have already described a first-level backend script used by the threat actor inside a compromised website to manage victims and to release an additional payload if the victims are of interest.

Spotify’s free music service will now stream on Alexa devices, plus Bose and Sonos smart speakers

Spotify has worked with Amazon Echo since 2016, but only for premium subscribers. Today, that changes as Spotify says its free tier will now stream across Alexa-powered devices, as well as other smart speakers from Sonos and Bose. The Alexa support will be available for users in the U.S., Australia, and New Zealand. Support for Sonos and Bose is more broadly available to users around the world.

Recorded Future’s ServiceNow Integration Provides a Threat-Centric View of Third-Party Risk

November 20, 2019 • Ellen Wilson

As your ecosystem of third parties, contractors, and partners grows in size and complexity, you’ve likely embraced new ways to manage third-party risk. Many organizations have adopted governance, risk, and compliance (GRC) technology to consolidate risk information from internal and external sources and better understand their third-party risk landscape. However, even with these tools in place, it can be difficult to maintain the relevant, real-time data required to feed these systems.

Online Phishing: How to Stay Out of the Hackers’ Nets

Despite the growing popularity of social media and messaging apps, email remains the preferred way to communicate online for millions of Americans. And the bad guys know it. Of the 28.6 billion cyber-threats Trend Micro blocked globally in the first half of 2019, over 24.3 billion were carried by email. That’s 91%. Many of these threats were made possible via phishing: a tried-and-true technique that hackers having been using for years.

A security solution for irregular cases

Products that don’t fit a standard mold sometimes need tailored protective solutions. For example, take a company that has a Web portal to which customers or employees can upload documents. That portal needs a mechanism to check files for cyberthreats. And it is impossible to equip such portal with a traditional antivirus.

Starburst raises $22M to modernize data analytics with Presto

Starburst, the company that’s looking to monetize the open-source Presto distributed query engine, today announced that it has raised a $22 million funding round led by Index Ventures, with the firm’s partner Mike Volpi joining the board. The general idea behind Presto is to allow anybody to use the standard SQL query language to run interactive queries against a vast amount of data that can sit in a variety of sources.

Reduce the Risk of Ransomware by 90%, for Free, in One Day

A common misperception about ransomware is that we are helpless to prevent it. Attackers are always several steps ahead of our defense mechanisms and we are in a constant game of whack-a-mole. This mantra may certainly apply to other types of cybercrime, but is not true of ransomware. Ransomware is an economics-driven industry, and currently, those economics are skewed to favor the attackers. Buckets of low hanging fruit / cheap targets make these compelling economics possible and continue to fuel the growth in the ransomware industry.