Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending February, 2023
Subscribers favorite #1
Microsoft Automatic Attack Disruption in Defender 365
Microsoft announced that it’s automatic attack disruption capabilities in Microsoft 365 Defender. Its enterprise defense suite will now help organizations disrupt business email compromise and human-operated ransomware attacks.
The signals on which Microsoft 365 Defender takes automated disruption actions are gathered from endpoints, identities, email, collaboration, and SaaS apps. They are then aggregated and automatically analyzed, and if a high level of confidence is established so they acted upon it.
Security teams can customize the configuration for automatic attack disruption. Also, to ensure that automatic actions don’t negatively impact the health of a network, Microsoft 365 Defender automatically tracks and refrains from containing network-critical assets and built client-side fail safe mechanisms into the containment lifecycle
Subscribers favorite #2
Dole down due to ransomware attack
Dole, Fresh grocery producers confirmed that it had been hit by a ransomware attack last month, following a report that a cyber incident forced it to shut down some production facilities. The attack had forced several of the company’s production plants in North America to close temporarily.
Subscribers favorite #3
Cisco Acquiring Valtix
Cisco has a plan to acquire cloud-native network security startup Valtix as part of a push to enhance its Security Cloud portfolio. Valtix, established in 2018, offers a multicloud network security platform designed to enable cloud teams to meet the most stringent security requirements in a cloud-first and straightforward way. Valtix claims the platform discovery feature achieves 100% security coverage through continuous discovery and takes 30 seconds to adapt to new apps and changes to existing apps dynamically.
Valtix platform takes only a small amount of time to deploy and increases productivity by eliminating constant upkeep or challenging upgrades. The service connects continuous visibility and control to discover new cloud assets and changes, associates tag-based business context, and automatically applies the appropriate policy to ensure security compliance.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Subscribers favorite #4
CVSS Scoring System Needs a Revamp
Researchers produced a detailed research report stating the weaknesses in the existing CVSS scoring system that is deemed to be responsible for overhyping some vulnerabilities. Personally, TheCyberThrone keep reiterating the same on numerous occasions that this approach may not yield the desired results.
Common Vulnerability Scoring System (CVSS), an open industry standard framework for assessing the severity of security problems and managed by the non-profit Forum of Incident Response and Security Teams (FIRST) with the National Vulnerability Database (NVD) providing CVSS scores for confirmed vulnerabilities.
Due to this scoring systems, so-called bug ratings are overinflated ratings and cybersecurity community keep spending time in it and not be focused on the bugs most likely to impact their organizations in favour of issues deemed critical across the board.
Subscribers favorite #5
Anonymous Sudan takes down Swedish Hospital Websites
Anonymous Sudan, a newly risen threat actor group has taken credit for DDoS attacks on sweden hospitals, that are carried out in retaliation for activists who had burned the Quran in Denmark in February.
Although the group claims to be based in Sudan, it is almost certainly a Russian hacker group, linked to the Russian government. It cited as evidence the fact that the group’s Telegram account is operated from Russia, that its posts are in Russian or English, and that its messages are amplified by accounts in the Russian hacker sphere.
The sites taken down on Sunday included: regionh.dk, amagerhospital.dk, bispebjerhospital.dk, bornholmshospital.dk, frederiksberghospital.dk, gentoftehospital.dk, rigshospitalet.dk, herlevhospital.dk, and hvidovrehospital.dk.