Google Cloud Wednesday announced the general availability of what it calls “curated detection” for its Chronicle security analysis platform, placing the company into the ranks of the contenders in the fast-growing managed detection and response market (MDR).Chronicle’s new curated detection feature leverages the threat intelligence that Google gains from protecting its own user base into an automated detection service that covers everything from ransomware, infostealers and data theft to simple misconfigured systems and remote access tools.To read this article in full, please click here

The Institute for Security and Technology (IST) recently released a “Blueprint for Ransomware Defense.” The guide includes recommendations of defensive actions for small- and medium-sized businesses (SMBs) to protect against and respond to ransomware and other common cyberattacks. It focuses on the identify, protect, respond, and recover format that aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework. IST’s guidelines do not include one item from the NIST framework: the detect function. The authors recommends that SMBs should work with a cybersecurity services provider for that function.To read this article in full, please click here

Zk-SNARK, which stands for zero-knowledge succinct non-interactive argument or knowledge,  is the most popular zero-knowledge protocol. This a space of increasing importance, as zero knowledge systems are an area of active development that stand to disrupt how authentication works. While the math is intense, the overall ideas are not hard to understand. What is zero knowledge? Zero knowledge is the attempt to use the smallest amount of information possible when verifying a statement.  It works to devise proofs that avoid transfer of extra data.Ground zero for this field is the paper Knowledge Complexity of Interactive Proof Systems, which appeared in a few editions during the 1980’s.  As the name implies, the paper undertakes to get an understanding of how knowledge behaves in proving statements between interacting systems. To read this article in full, please click here

Most attack scenarios against industrial installations, whether in manufacturing or in critical infrastructure, focus on compromising programmable logic controllers (PLCs) to tamper with the physical processes they control and automate. One way to get malicious code running on PLCs is to first compromise a workstation that engineers use to manage and deploy programs on them, but this can be a two-way street: A hijacked PLC can also be used to compromise engineering workstations, and this opens the door to powerful lateral movement attacks.In a new paper released over the weekend, researchers from industrial control systems (ICS) cybersecurity firm Claroty documented proof-of-concept "Evil PLC Attacks" against engineering software from seven ICS manufacturers: Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson.To read this article in full, please click here

Cybersecurity risk assessment company Safe Security on Tuesday rolled out two new online risk assessment tools for businesses to use, in order to help them understand their vulnerability to cyberattacks and the costs of insuring against them.Both tools—an interactive cost calculator for cyberattacks and a cyberinsurance assessment app—are available as free-to-use web pages, created by Safe Security and based on the company’s institutional knowledge and in-house research into cybersecurity risk factors.Risk tools measure financial impact of cyberthreats The cost calculator for cyberattacks takes into account general data—like revenue, number of employees, vertical, headquarters location and the types of records stores—to arrive at an “annual loss expectancy” figure, according to vice president of AI and cyber insurance at Safe Security, Pankaj Goyal. This measures the likelihood of an attack against the potential financial impact, breaking the potential harms down by the type of attack—currently ransomware, data breach, and business email compromise, but with more types on the way, according to Goyal.To read this article in full, please click here

New research from threat intelligence and cybersecurity company Cyble has identified a peak in attacks targeting virtual network computing (VNC) – a graphical desktop-sharing system that uses the Remote Frame Buffer (RFB) protocol to control another machine remotely – in critical infrastructure sectors. By analyzing the data from its Global Sensor Intelligence (CGSI), Cyble researchers noticed a spike in attacks on port 5900 (the default port for VNC) between July 9 and August 9, 2022. Most attacks originated from the Netherlands, Russia, and Ukraine, according to the firm, and highlight the risks of exposed VNC in critical infrastructure.Exposed VNC putting ICS at risk, assets frequently distributed on cybercrime forums According to a blog posting detailing Cyble’s findings, organizations that expose VNCs over the internet by failing to enable authentication broaden the scope for attackers and increase the likelihood of cyber incidents. It detected more than 8,000 exposed VNC instances with authentication disabled. Cyble also found that exposed assets connected via VNCs are frequently sold, bought, and distributed on cybercrime forums and market.To read this article in full, please click here

Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. Now, the Equifax fine has been eclipsed by the $1.19 billion fine levied against the Chinese firm Didi Global for violating that nation's data protection laws, and by the $877 million fine against Amazon last year for running afoul of the General Data Protection Regulation (GDPR) in Europe.To read this article in full, please click here