RESOURCES


home.aspx
   
Zero Trust – Demystified ZERO TRUST – DEMYSTIFIED

article

Jul 29, 2020

1. Zero Trust – DemystifiedEveryone seems to be talking about Zero Trust in the security world at the moment. Unfortunately there seems to be multiple definitions of this depending on which vendor you ask. To help others understand what Zero Trust is, this white paper covers the key aspects of...

Read More

A Framework for Measuring InfoSec as a Business Function A FRAMEWORK FOR MEASURING INFOSEC AS A BUSINESS FUNCTION

article

Feb 02, 2020

In my December column, I ended with the observation that many CISOs struggle when it comes to first determining and then actually communicating the business value of the security options out there. Often, that failure stems from CISOs who lack a background in finance and economics, and their inabili...

Read More

New Maryland Bill Will Make Possession of Ransomware Illegal NEW MARYLAND BILL WILL MAKE POSSESSION OF RANSOMWARE ILLEGAL

article

Jan 30, 2020

A new bill introduced in the Maryland Senate aims to make the possession of ransomware illegal in the state. In May 2019, the city of Baltimore experienced its biggest run-in with ransomware. One of the largest municipalities in the city was attacked by ransomware and malicious actors asked for 13 B...

Read More

The Navy THE NAVY'S NETWORKS ARE VULNERABLE TO CYBER ATTACKS IT'S TIME FOR ACTION

article

Nov 18, 2019

The threat to the U.S. Navy from cyber intrusion has become a crisis. Hackers, particularly those from Russia and China, are not limiting themselves to attacks on computers and networks. Now they are engaged in a massive assault on the entire Navy enterprise, including ships, weapons systems, resear...

Read More

Maritime Meets Cyber Security MARITIME MEETS CYBER SECURITY

article

Oct 16, 2019

As of October 2019, to the best of my knowledge, there has not been a single, dedicated hacking attack against a vessel at sea by malicious actors. While there have been rumors specifically one from an American telco provider in 2016 that hackers have teamed up with pirates to track high value cargo...

Read More

Hacking Is Not a Crime! Additional Thoughts from DEFCON 2019 HACKING IS NOT A CRIME! ADDITIONAL THOUGHTS FROM DEFCON 2019

article

Oct 10, 2019

In my previous post, I spoke about all of the different DEFCON villages where attendees can learn about and purchase all sorts of fun hacking/counter hacking tools. Even so, I covered only a small fraction of the activities at the conference. For example, attendees have the opportunity to participat...

Read More

How to get specific security information about AWS services HOW TO GET SPECIFIC SECURITY INFORMATION ABOUT AWS SERVICES

article

Jul 15, 2019

We are excited to announce the launch of dedicated security chapters in the AWS documentation for over 40 services. Security is a key component of your decision to use the cloud. These chapters can help your organization get in depth information about both the built in and the configurable security ...

Read More

Security SECURITY'S NEW FOCUS: DEFENSIBILITY

article

Jul 08, 2019

So, you’ve obtained the buy-in, spent the money, and have gone through the motions of creating your information security program. You’ve done what you believe to be right in terms of design, implementation and ongoing oversight, all in the interest of minimizing business risks. Framework...

Read More

WHY ARE WE MAKING INFORMATION SECURITY SO HARD? WHY ARE WE MAKING INFORMATION SECURITY SO HARD?

article

Jun 18, 2019

I often hear from folks that in general, small and medium-sized businesses lack a strategy and proper controls, but the big guys have it covered. Well, it might surprise you to learn that 30% of large enterprises state they still lack an overall information security strategy and we’re talking ...

Read More

7 Ways to Bridge the Cyber Security Skills Gap 7 WAYS TO BRIDGE THE CYBER SECURITY SKILLS GAP

article

Nov 09, 2018

Make security training compulsory and fun with a variety of on-demand media. To scale up cyber security, people who are not part of the security team also need to think and care about it. This was a key takeaway for scalable cyber security from both the AppSec EU and Black Hat security conferences a...

Read More

How Can You Get More from Your AppSec Education Program? HOW CAN YOU GET MORE FROM YOUR APPSEC EDUCATION PROGRAM?

article

Nov 09, 2018

Forbes recently published an article titled “The Cybersecurity Talent Gap Is An Industry Crisis” – and without question, there’s a real lack of cybersecurity talent. Cybersecurity Ventures predicts about 3.5 million unfilled cybersecurity job openings by 2021! The need for cy...

Read More

So, You SO, YOU'VE EXPERIENCED A HIPAA BREACH—NOW WHAT?

article

Oct 17, 2018

It’s a day every CISO dreads. You think you’ve been doing everything right, but despite your best efforts, you’ve experienced a HIPAA breach, and now the OCR is coming in to perform an investigation. What should you do? First, take a deep breath. Relax. While what you do in the fol...

Read More

The 5 most common reasons for implementing ISO 27001 THE 5 MOST COMMON REASONS FOR IMPLEMENTING ISO 27001

article

Oct 16, 2018

If you’re considering implementing ISO 27001, the international standard for information security, you’ve probably heard experts like us talk about the benefits. However, it’s always best to find out what organisations with first-hand experience think, which is why we created our I...

Read More

The Risks of Storing Your Passwords in Google Sheets THE RISKS OF STORING YOUR PASSWORDS IN GOOGLE SHEETS

article

Oct 12, 2018

Our team loves Google. We use it every day to search, email, store and share documents, and keep our lives (both work and personal) more organized. Honestly, how did we ever function without it? For someone who has no system in place to keep track of their passwords then Google Sheets is a great pla...

Read More

A Career in Cybersecurity Has Many Positives, But It’s Not Without Challenges A CAREER IN CYBERSECURITY HAS MANY POSITIVES, BUT IT’S NOT WITHOUT CHALLENGES

article

Oct 12, 2018

There aren’t many fields where the majority say they’re happy with their profession. A satisfying career path—one where we feel successful—can be a long journey that most of us aren’t taught in school. In fact, 70 percent of workers say they don’t feel satisfied w...

Read More

A new era for customer data – could security be ‘the new green’ for businesses? A NEW ERA FOR CUSTOMER DATA – COULD SECURITY BE ‘THE NEW GREEN’ FOR BUSINESSES?

article

Oct 10, 2018

There was a tipping point not so long ago in the realm of environmental responsibility for businesses. For some time, curbing emissions and waste was simply something the corporate world did if it had to, in order to comply with governmental regulations and avoid a hefty fine. Now, driven by a few &...

Read More

HHS Urges FDA to Do More on Medical Device Security HHS URGES FDA TO DO MORE ON MEDICAL DEVICE SECURITY

article

Oct 08, 2018

We’ve been writing for a few years now about the dangers of connected medical devices and how the U.S. F.D.A. has sought to increase the security of these devices. Previously, in St. Jude Takes Steps to Secure Vulnerable Medical Implants we covered the security surrounding St. Jude medical dev...

Read More

4 Cybersecurity Factors Every Board Member Must Consider for 2019 Planning 4 CYBERSECURITY FACTORS EVERY BOARD MEMBER MUST CONSIDER FOR 2019 PLANNING

article

Oct 05, 2018

Cybersecurity is a growing topic of discussion in Board meetings everywhere — given this fact, Board members need to be prepared to speak knowledgeably about their organization’s cybersecurity posture and programs. As businesses near the last quarter of the year and begin their planning ...

Read More

Cybersecurity Starts with Your Employees CYBERSECURITY STARTS WITH YOUR EMPLOYEES

article

Oct 04, 2018

We’re all familiar with Smokey the Bear and the “Only You Can Prevent Wildfires” slogan. In 2015, Smokey got an update and the new “Receive a Bear Hug” ads ran nationwide. In the ad, Smokey runs out of the woods and gives a big bearhug to a camper for properly checking ...

Read More

4 Emerging Retail Cybersecurity Threats (and How to Stop Them) 4 EMERGING RETAIL CYBERSECURITY THREATS (AND HOW TO STOP THEM)

article

Oct 02, 2018

The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that cybersecurity threats have been a daily concern of retailers for a long time. Point of Sale (POS) system ha...

Read More

What is Browser Hijacking? How to Get Rid of This Virus? WHAT IS BROWSER HIJACKING? HOW TO GET RID OF THIS VIRUS?

article

Oct 01, 2018

In computing, a browser hijacking refers to the malicious intrusions made by a hijacker for personal gains. In order to accomplish this, the hijacker uses a malicious software which is placed on the internet browser that alters the activity of the browser. In all the cases, the user is typically una...

Read More

Quantifying Cybersecurity Risk: A Beginners Guide QUANTIFYING CYBERSECURITY RISK: A BEGINNERS GUIDE

article

Sep 27, 2018

For those who have been paying attention, this dramatic upward trend is hardly surprising. Data breaches are getting bigger, more damaging, and more expensive. It’s challenging to read the news without seeing a story about one massive cyber attack or another. In many industries, the fear of cy...

Read More

The World’s Most Popular Coding Language Happens to be Most Hackers’ Weapon of Choice THE WORLD’S MOST POPULAR CODING LANGUAGE HAPPENS TO BE MOST HACKERS’ WEAPON OF CHOICE

article

Sep 26, 2018

Python will soon be the world’s most prevalent coding language. That’s quite a statement, but if you look at its simplicity, flexibility and the relative ease with which folks pick it up, it’s not hard to see why The Economist recently touted it as the soon-to-be most used language...

Read More

Excerpts From “Why Companies Are Replacing AV with Advanced Endpoint Security” EXCERPTS FROM “WHY COMPANIES ARE REPLACING AV WITH ADVANCED ENDPOINT SECURITY”

article

Sep 26, 2018

Is legacy antivirus failing to keep your endpoints secure? In Carbon Black’s recent webinar, Fulcanelli Chavez, Sr. Security Operations Analyst at D.A. Davidson, shared how switching from McAfee to Cb Defense has improved protection and simplified operations for his team. Below are excerpts fr...

Read More

Microsoft Windows Server 2016 Security MICROSOFT WINDOWS SERVER 2016 SECURITY

article

Sep 20, 2018

You may have been following our series of blog posts on Microsoft Windows Server security features and capabilities for reducing risk in your IT infrastructure. Today, we’ve compiled a list of all these blog posts. You can use them in two ways as you work to secure your Windows Server operatin...

Read More

Cybersecurity, Information Security, Network Security, Information Assurance: What’s the Difference? CYBERSECURITY, INFORMATION SECURITY, NETWORK SECURITY, INFORMATION ASSURANCE: WHAT’S THE DIFFERENCE?

article

Sep 06, 2018

As hackers, security breaches and malware attacks continue to dominate headlines, cyber crime has emerged as a global “pandemic” that last year cost people and organizations an estimated $600 billion, according to CNBC. So it’s not surprising that combating such activities has beco...

Read More

An Introduction to AWS Cloud Security AN INTRODUCTION TO AWS CLOUD SECURITY

article

Aug 28, 2018

AWS is an indispensable part of business strategy for companies worldwide that make use of its infrastructure, platform, and software services. For example, giant pharmaceuticals slice into the time it takes to complete clinical trials on billion-dollar drugs by spinning up instance after instance o...

Read More

New Wi-Fi attack can crack your passwords NEW WI-FI ATTACK CAN CRACK YOUR PASSWORDS

article

Aug 24, 2018

Did you know that there exists a simple way to crack passwords from routers with WPA2 security? Fortunately, this hidden truth was uncovered by the white hat hackers recently! Everybody is using Wi-Fi network these days, and the usual protocols to count on are WPA or WPA2. In simple words, the Wi-Fi...

Read More

Tips to Avoid Phishing Attacks TIPS TO AVOID PHISHING ATTACKS

article

Aug 17, 2018

In an organization, Employees play a vital role in information security. Thus it is critical for organizations to educate employees about safe computing habits in addition to having the right security tools (such as antivirus software or virus protection software) in place. Employees hold the necess...

Read More

Tanium Versus Tachyon: The Big Beasts of the Endpoint Detection and Remediation Jungle go Head-To-Head TANIUM VERSUS TACHYON: THE BIG BEASTS OF THE ENDPOINT DETECTION AND REMEDIATION JUNGLE GO HEAD-TO-HEAD

article

Aug 06, 2018

Prevention trumping cure is a such a well-polished truism it can be slightly jarring to learn that the emphasis has lately been undergoing a reversal in the realm of cybersecurity – with “cure” (or, “remediation”) taking growing precedence. Whereas previously organizati...

Read More

How Panaseer is Leading the Way in Cyber Hygiene for Enterprise Security HOW PANASEER IS LEADING THE WAY IN CYBER HYGIENE FOR ENTERPRISE SECURITY

article

Jul 25, 2018

The recent data breaches at Equifax, Uber, Deloitte and Yahoo, are an indication of the ever-growing sophistication of hackers and cyberattacks. If this trend continues, breaches could be bigger, hackers smarter, and security teams more vulnerable. Prevention is better than cure. Defining and implem...

Read More

8 Reasons Mobile Apps Access Location + Security Policies to Consider 8 REASONS MOBILE APPS ACCESS LOCATION + SECURITY POLICIES TO CONSIDER

article

Jul 12, 2018

A fitness app, called Polar Flow, was recently found to be exposing the name, profile picture and whereabouts of high-ranking military personnel by oversharing user location data. Unfortunately, this is not the only security incident leaking user location. Back in February, Appthority noted how stud...

Read More

Need help implementing ISO 27001? NEED HELP IMPLEMENTING ISO 27001?

article

Jul 11, 2018

ISO 27001 is the international standard that describes best practice for an ISMS (information security management system). Successful ISO 27001 implementation relies on commitment and support from top management, so we’ve put together a bundle to help you get that support. Why achieve ISO 2700...

Read More

Employee Security Awareness Training – Management Side EMPLOYEE SECURITY AWARENESS TRAINING – MANAGEMENT SIDE

article

Jul 09, 2018

As many organizations have learned to their regret, a policy for cybersecurity – however comprehensive, proactive, and technologically sound it may be – is doomed to failure if its terms aren’t adhered to by stakeholders of the enterprise, across the board. This emphasizes the need...

Read More

Multiple data breaches at Dignity Health affect 60K+ MULTIPLE DATA BREACHES AT DIGNITY HEALTH AFFECT 60K+

article

Jun 25, 2018

On May 31, 2018, San Francisco-based Dignity Health reported a data breach affecting almost 56,000 patients to the Department of Health and Human Services (HHS). This was the third-largest data breach reported in May. Cause of breach. Due to an email sorting error by Dignity’s scheduling vendo...

Read More

Implement ISO 27001 on your current Windows system IMPLEMENT ISO 27001 ON YOUR CURRENT WINDOWS SYSTEM

article

Jun 21, 2018

ISO 27001 certification is considered among the top-ranking levels of accreditation for information security globally. It outlines best practice for an information security management system (ISMS), meaning that it has to be aligned with the organization’s business objectives and processes, as...

Read More

Achieve ISO 27001 compliance with our DIY packages ACHIEVE ISO 27001 COMPLIANCE WITH OUR DIY PACKAGES

article

Jun 05, 2018

With the General Data Protection Regulation (GDPR) taking effect, it’s important to ensure that you’re taking the necessary steps towards GDPR compliance. ISO 27001 is the international standard that describes best practice for an information security management system (ISMS). Achieving ...

Read More

Researchers use new technique to target Android phones RESEARCHERS USE NEW TECHNIQUE TO TARGET ANDROID PHONES

article

May 14, 2018

It appears that researchers have found a new way to hack smartphones. The technique is called ‘Rowhammer’, in which hackers manipulate the physical electric charge in memory chips, corrupting the data and even running specific code. The cyber attack is able to compromise fundamental comp...

Read More

Yahoo gets $35 million slap on wrist for failing to disclose colossal 2014 data breach YAHOO GETS $35 MILLION SLAP ON WRIST FOR FAILING TO DISCLOSE COLOSSAL 2014 DATA BREACH

article

Apr 25, 2018

In an ongoing investigation by the Securities and Exchange Commission, Yahoo (now Altaba) has been fined $35 million for failing to report a known data breach in two straight years of SEC filings. Publicly traded companies in the United States are required by law to disclose any mishaps that may imp...

Read More

Kick-start your career in information security management KICK-START YOUR CAREER IN INFORMATION SECURITY MANAGEMENT

article

Apr 12, 2018

Attendees will gain a solid understanding of risk management, technical controls, legal frameworks, physical security, international standards and business continuity, including. The concepts relating to information security management, including confidentiality, integrity and availability (CIA). vu...

Read More

Why ISO 27001 is integral to data protection compliance WHY ISO 27001 IS INTEGRAL TO DATA PROTECTION COMPLIANCE

article

Apr 10, 2018

With the EU General Data Protection Regulation (GDPR)’s compliance deadline looming, any organisation that processes EU residents’ data will likely be investigating implementation options to help tackle its compliance project, if it hasn’t already done so. Supervisory authorities s...

Read More

How CISMP can help your information security career HOW CISMP CAN HELP YOUR INFORMATION SECURITY CAREER

article

Apr 03, 2018

A career in information security management is very alluring: it’s rewarding, there’s a high demand for skilled professionals and it comes with a generous salary. All you need to do to get started is gain a Certificate in Information Security Management Principles (CISMP). CISMP provides...

Read More

An introduction to the NIST Risk Management Framework AN INTRODUCTION TO THE NIST RISK MANAGEMENT FRAMEWORK

article

Mar 16, 2018

The Risk Management Framework (RMF) is a set of information security policies and standards for federal government developed by The National Institute of Standards and Technology (NIST). The RMF is covered specifically in the following NIST publications: The Risk Management Framework (RMF) is a set ...

Read More

3 STRATEGIES FOR WHEN MANAGEMENT DOESN’T GET THE IMPORTANCE OF INFORMATION SECURITY 3 STRATEGIES FOR WHEN MANAGEMENT DOESN’T GET THE IMPORTANCE OF INFORMATION SECURITY

article

Mar 05, 2018

The information security industry is broken. We talk about it all the time. There are things that happen constantly in our industry that put data (and people) at risk. One of those things is management groups who don’t fully understand the importance of information security as a business issue...

Read More

INFORMATION SECURITY NEWS ROUNDUP: JANUARY 2018 INFORMATION SECURITY NEWS ROUNDUP: JANUARY 2018

article

Feb 01, 2018

A new year means new developments in the world of information security news. We’ve already started to see some of Evan’s 2018 Information Security Predictions come true. The NSA is dealing with a shrinking talent pool as many employees jump to the private sector. Ransomware was one of th...

Read More

WHAT’S THE DIFFERENCE BETWEEN CYBERSECURITY AND CYBER RESILIENCE? WHAT’S THE DIFFERENCE BETWEEN CYBERSECURITY AND CYBER RESILIENCE?

article

Jan 23, 2018

While the term “cybersecurity” is as old as the hills in the security world, the term “cyber resilience” has been gaining momentum. This is a good thing. Cybersecurity management is complex and always changing, and focusing on security alone simply isn’t enough – ...

Read More

Information Security Advisory: 2018 InfoSec Predictions INFORMATION SECURITY ADVISORY: 2018 INFOSEC PREDICTIONS

article

Jan 22, 2018

2017 proved to be a challenging year on many fronts in the information security realm. The Equifax breach, WannaCry ransomware attacks, and Russian manipulation of social media were just some of the lowlights. How will 2018 pan out? Here are some thoughts from the Kroll Information Security team: Th...

Read More

Just Keep Swimming: How to Avoid Phishing on Social Media JUST KEEP SWIMMING: HOW TO AVOID PHISHING ON SOCIAL MEDIA

article

Jan 22, 2018

Phishing attacks attempt to steal your most private information, posing major risks to your online safety. It’s more pressing than ever to have a trained eye to spot and avoid even the most cunning phishing attacks on social media.

Read More

Cybersecurity Trends: What to Expect in 2018 and Beyond CYBERSECURITY TRENDS: WHAT TO EXPECT IN 2018 AND BEYOND

article

Jan 17, 2018

The last year saw huge spikes in ransomware and threat actors have become even more proficient at lateral movement. Organizations aren't getting breached by advanced persistent threats specifically targeting them – at least for the most part. Opportunistic threat actors are taking advantag...

Read More

Are You Ready for the Evolution of Ransomware? ARE YOU READY FOR THE EVOLUTION OF RANSOMWARE?

article

Jan 15, 2018

With 2017 in the rearview mirror, we’re looking towards the changes a new year will bring. However, while the calendar may have changed, the threat of ransomware across industries and geographies has remained. And worse, it‘s looking like it’s about to evolve into an even greater p...

Read More

Top Seven Cybersecurity Predictions for 2018 TOP SEVEN CYBERSECURITY PREDICTIONS FOR 2018

article

Jan 11, 2018

With a turbulent 2017 finally behind us, what’s the cybersecurity forecast for 2018? Some predictions need no crystal ball – the cyber labor shortage will continue, spending on security solutions will go up, the breaches that do occur will be bigger and messier.

Read More

8 Cyber Security Predictions for 2018 8 CYBER SECURITY PREDICTIONS FOR 2018

article

Jan 09, 2018

In preparation for the upcoming publication of the 2018 Annual SonicWall Threat Report, we’re busy reviewing and analyzing data trends identified by SonicWall Capture Labs over the course of 2017.The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat inf...

Read More

The Healthcare / Cyber-Security Connection THE HEALTHCARE / CYBER-SECURITY CONNECTION

article

Jan 09, 2018

One of the businesses in the spotlight lately when it comes to cyber-attacks is healthcare – in fact, 46% of healthcare organizations experienced a data breach. The data associated with this industry is extremely sensitive and highly regulated, and also actively sought by hackers.

Read More

Cybersecurity Compliance and Resilience CYBERSECURITY COMPLIANCE AND RESILIENCE

article

Jan 08, 2018

IT security professionals have to worry about defending against ever-evolving cyber threats and, increasingly, the C-suite has to worry about following cybersecurity laws. The year 2018 will be marked by increasing regulations, and discussions about regulations, that are intended to protect cyberspa...

Read More

10 INFORMATION SECURITY PREDICTIONS FOR 2018 10 INFORMATION SECURITY PREDICTIONS FOR 2018

article

Jan 02, 2018

In 2017, the hacking group known as the Shadow Brokers made a name for themselves with their April release of (alleged) NSA tools (including EternalBlue). Ransomware became even more mainstream, at least in the news, with the WannaCry outbreak in May. Arguably the biggest news of the year was the Eq...

Read More

8 VISIONARY PREDICTIONS FOR INFORMATION SECURITY IN 2018 8 VISIONARY PREDICTIONS FOR INFORMATION SECURITY IN 2018

article

Jan 02, 2018

In 2017, the InfoSec community saw the continuance of several trends from 2016 as well as the emergence of some new and nasty surprises. File-less attacks continued to rise in popularity, ransomware attacks on healthcare organizations became more prevalent, spending on cyber insurance increased, and...

Read More

Cyber Security Trends: What to Watch for in 2018 CYBER SECURITY TRENDS: WHAT TO WATCH FOR IN 2018

article

Dec 27, 2017

As we wrap up another calendar year, we can’t help but think about the near future and what it holds in store for the cyber security - and Distributed Denial of Service (DDoS) as a growing issue. Based on Corero’s visibility into environments dealing with DDoS, we’ve summarized a f...

Read More

This Android CryptoMining Malware is Capable of Destroying Android Phones THIS ANDROID CRYPTOMINING MALWARE IS CAPABLE OF DESTROYING ANDROID PHONES

article

Dec 18, 2017

Cybersecurity researchers have discovered a “jack of all trades” cryptocurrency mining malware called Loapi that is capable of destroying phones from within in two days. A new strain of malware targeting Android phones, called Loapi, capable of triggering a number of malicious activities...

Read More

The Convergence of Security and Network Operations THE CONVERGENCE OF SECURITY AND NETWORK OPERATIONS

article

Dec 13, 2017

More complex business networks, including cloud services and infrastructure, mobile applications, virtual desktops, SDN/NFV, and IoT systems, are taxing both security and network operations teams. At the same time, increasingly sophisticated and persistent attacks are challenging traditional organiz...

Read More

10 Cybersecurity Predictions for 2018 10 CYBERSECURITY PREDICTIONS FOR 2018

article

Dec 12, 2017

It has been a turbulent year of devastating ransomware attacks (e.g. NotPetya) and gut-wrenching breaches (e.g. Equifax). Undoubtedly, the question on everyone’s mind is, “what’s in store for us in the New Year?” Webroot’s top 10 cybersecurity predictions for 2018 cover...

Read More

3 Disruptive Trends Driving Demand for Automated Cyber Security for SMBs 3 DISRUPTIVE TRENDS DRIVING DEMAND FOR AUTOMATED CYBER SECURITY FOR SMBS

article

Dec 11, 2017

Organizations typically struggle to provide a holistic security posture. There are many security vendors providing exciting and innovative solutions. But from a customer perspective, they often become various point solutions solving several unique problems. This often becomes cumbersome, expensive a...

Read More

Your Cybersecurity is Made from Human Suffering YOUR CYBERSECURITY IS MADE FROM HUMAN SUFFERING

article

Dec 04, 2017

Welcome! You’re here because you know I say things that let you ridicule me to your coworkers or because you happen to have a morbid curiosity about human suffering. If it’s the second one, then please skip directly to the vile pictures at the end of the article to get your jollies. Now ...

Read More

Holiday Hackers Can Ruin Website Availability and Security for Retailers HOLIDAY HACKERS CAN RUIN WEBSITE AVAILABILITY AND SECURITY FOR RETAILERS

article

Dec 01, 2017

The few days after Thanksgiving in the U.S. are traditionally peak holiday shopping days for U.S. residents. They flood both physical and online stores to check off items on their holiday shopping lists, with hopes of scoring a few bargains. Almost everyone does some shopping online, according to th...

Read More

Catch the Latest Malware with Capture Advanced Threat Protection CATCH THE LATEST MALWARE WITH CAPTURE ADVANCED THREAT PROTECTION

article

Nov 22, 2017

Now that Halloween is over and your coworkers are bringing in the extra candy they don’t want, let’s look back at the last quarter’s results from SonicWall Capture Advanced Threat Protection (ATP) network sandbox service. Grab the candy corn and let’s crunch some data. Note: ...

Read More

New Research: Mobile Malware Hits Every Business NEW RESEARCH: MOBILE MALWARE HITS EVERY BUSINESS

article

Nov 17, 2017

Every business has experienced at least one mobile cyberattack in the past year, according to a new study published today by Check Point mobile threat researchers. The report, entitled Mobile Cyberattacks Impact Every Business, is the first study to document the volume and impact of mobile attacks a...

Read More

Banking Malware Spin-Off Targets Twitter, Facebook Accounts BANKING MALWARE SPIN-OFF TARGETS TWITTER, FACEBOOK ACCOUNTS

article

Nov 17, 2017

First reported by ZDNet, the Zeus offshoot has been repurposed with “new espionage capabilities” to both monitor and modify Facebook and Twitter posts, as well as gain the ability to eavesdrop on emails.

Read More

FIND YOUR WEAKEST LINK TO PROTECT AGAINST MALWARE FIND YOUR WEAKEST LINK TO PROTECT AGAINST MALWARE

article

Nov 16, 2017

According to Verizon’s Data Breach Investigation Report for 2017, two-thirds of cybersecurity breaches are caused by malware installed by malicious email attachments, and 43 percent of those attacks happen when hackers successfully utilize social-engineering tactics to breach company security....

Read More

Phishing Threats – How to Identify and Avoid Targeted Email Attacks PHISHING THREATS – HOW TO IDENTIFY AND AVOID TARGETED EMAIL ATTACKS

article

Nov 15, 2017

What is Phishing? As you may already know, phishing threats involve malicious emails that attempt to get you to disclose your personably identifiable information (PII) to compromise your personal identity or corporate data.

Read More

Exploring Anti-Malware Testing Methodologies EXPLORING ANTI-MALWARE TESTING METHODOLOGIES

article

Nov 09, 2017

The simple objective in testing an anti-malware product is to verify that it stops execution of malware on the endpoint. Testing in this case is not about features and functions, it’s about preventing the malware from executing.

Read More

Is Your DDoS Cloud Signaling Just Blowing Smoke? IS YOUR DDOS CLOUD SIGNALING JUST BLOWING SMOKE?

article

Nov 08, 2017

More and more organizations today are adopting a hybrid DDoS approach which combines both on-prem DDoS appliances with cloud mitigation capabilities. A hybrid DDoS approach takes a best-of-both worlds approach, combining the immediate response times of premise-based devices, with the capacity and fl...

Read More

SonicWall First to Identify 73 Percent of New Malware with Capture ATP Sandbox SONICWALL FIRST TO IDENTIFY 73 PERCENT OF NEW MALWARE WITH CAPTURE ATP SANDBOX

article

Nov 08, 2017

Last month, I wrote how we found nearly 26,500 new forms of malware and shared some general stats. Let’s take a look at the new threats found by SonicWall’s network sandbox, Capture Advanced Threat Protection (ATP).

Read More

Legislation Incoming: How Prepared Is the Cybersecurity Community? LEGISLATION INCOMING: HOW PREPARED IS THE CYBERSECURITY COMMUNITY?

article

Nov 08, 2017

It’s hard to miss the spotlight shone on the cybersecurity industry recently. There’s been a procession of infamous, high-profile cyberattacks. At the same time, organisations are being required to comply with tougher data protection and regulations that, in the case of EU GDPR, will be ...

Read More

Protecting the Healthcare System from Cyberattacks PROTECTING THE HEALTHCARE SYSTEM FROM CYBERATTACKS

article

Nov 06, 2017

Last year HHS established the Health Care Industry Cybersecurity Task Force following the passage of the Cybersecurity Act of 2015. The Task Force was composed of government and private industry leaders who are innovators in technology and leaders in healthcare cybersecurity.

Read More

Bad Rabbit Ransomware Attack Was Hiding A Spear Phishing Campaign BAD RABBIT RANSOMWARE ATTACK WAS HIDING A SPEAR PHISHING CAMPAIGN

article

Nov 06, 2017

During the attacks in eastern Europe with the Bad Rabbit ransomware, a more insidious attack was taking place in Ukraine under its cover, Reuters reported. Serhiy Demedyuk, head of the Ukrainian state cyber police, stated that a number of Ukrainian entities were targeted by phishing campaigns at the...

Read More

7 Tips for Defending Your Network against DDoS Attacks 7 TIPS FOR DEFENDING YOUR NETWORK AGAINST DDOS ATTACKS

article

Nov 02, 2017

Today’s distributed denial of service (DDoS) attacks are almost unrecognizable from the early days of attacks, when most were simple, volumetric attacks intended to cause embarrassment and brief disruption.

Read More

5 Biggest Takeaways From WannaCry Ransomware 5 BIGGEST TAKEAWAYS FROM WANNACRY RANSOMWARE

article

Nov 01, 2017

Global in scale, with across the board press coverage, the WannaCry ransomware attack has quickly gained a reputation as one of the worst cyber incidents in recent memory. Despite the scale, this attack relied on the same tried and true methods as other successful malware: find exposed ports on the ...

Read More

What is Bad Rabbit Ransomware? WHAT IS BAD RABBIT RANSOMWARE?

article

Nov 01, 2017

Bad Rabbit ransomware has recently created headlines on 24th of October after it attacked computer networks across Russia, Ukraine, Turkey & Germany. Bad Rabbit attack is similar to the attacks of Petya Ransomware & WannaCry Ransomware, which locked data of computer users and demanded a rans...

Read More

‘Reaper’ Botnet – A DDoS Trick or Treat? ‘REAPER’ BOTNET – A DDOS TRICK OR TREAT?

article

Oct 31, 2017

Researchers have discovered a massive new botnet, dubbed ‘Reaper’ or ‘IoTroop’, targeting poorly-defended IoT devices to form a ‘zombie army’ of devices that could rock the entire Internet with a powerful DDoS attack.

Read More

Meet the latest cyber threats: FreeMilk and Bad Rabbit MEET THE LATEST CYBER THREATS: FREEMILK AND BAD RABBIT

article

Oct 30, 2017

First detected in May 2017, FreeMilk is considered a particularly dangerous cyber threat because, once activated, it uses your computer to continue downloading sophisticated malware. complicated series of events leading up to the malware strike begins with the attacker observing an email exchange.

Read More

Sage Ransomware Distinguishes Itself with Engaging User Interface and Easy Payment Process SAGE RANSOMWARE DISTINGUISHES ITSELF WITH ENGAGING USER INTERFACE AND EASY PAYMENT PROCESS

article

Oct 26, 2017

In early 2017, the Sage ransomware distinguished itself with a fresh take on the business model for criminal ransomware operations. Built with an engaging, intuitive user interface for requesting the ransom payment, it also reinforced the fact criminals are willing to invest in developing new versio...

Read More

Everything You Need to Know About DDoS Attacks EVERYTHING YOU NEED TO KNOW ABOUT DDOS ATTACKS

article

Oct 26, 2017

Since the first Denial-of-Service (DoS) attack was launched in 1974, Distributed Denial-of-Service (DDoS) attacks have remained among the most persistent and damaging cyber-attacks. Let’s examine how these attacks have evolved and how your company can mitigate them.

Read More

BANK PHISHING SCAM IS USING SHORTENED LINKS BANK PHISHING SCAM IS USING SHORTENED LINKS

article

Oct 26, 2017

Earlier this month, we witnessed a phishing attack on bank customers in Malaysia which combines some common social engineering techniques (scare tactics) with some newer technical misdirection techniques (URL shortening), and decided to provide a detailed blow-by-blow for you below on how this parti...

Read More

Cb Defense’s ‘Streaming Ransomware Prevention’ Stops Bad Rabbit in Its Tracks CB DEFENSE’S ‘STREAMING RANSOMWARE PREVENTION’ STOPS BAD RABBIT IN ITS TRACKS

article

Oct 25, 2017

Bad Rabbit appeared to infect machines via a drive-by-download that prompted the user to download a fake Adobe Flash installer. No exploits were used during initial infection. Once executed, Bad Rabbit shared similar worming capabilities as NotPetya & WannaCry.

Read More

Bad Rabbit Ransomware: The Latest Attack BAD RABBIT RANSOMWARE: THE LATEST ATTACK

article

Oct 24, 2017

On Tuesday, Oct. 24, a new strand of ransomware named Bad Rabbit appeared in Russia and the Ukraine and spread throughout the day. It first was found after attacking Russian media outlets and large organizations in the Ukraine, and has found its way into Western Europe and the United States.

Read More

Threat Advisory & Analysis: ‘Bad Rabbit’ Ransomware THREAT ADVISORY & ANALYSIS: ‘BAD RABBIT’ RANSOMWARE

article

Oct 24, 2017

On October 24, a large-scale ransomware campaign spread across Europe, in campaigns closely mimicking the NotPetya attacks from earlier this year. Just as was the case with NotPetya, the sample appeared to spread through traditional methods of making SMB connections within a corporate environment, s...

Read More

Protecting Xero’s Cloud-Based Accounting Platform from Cyber Attacks PROTECTING XERO’S CLOUD-BASED ACCOUNTING PLATFORM FROM CYBER ATTACKS

article

Oct 24, 2017

Meeting with customers is always insightful, and recently I got a chance to sit down with Aaron McKeown, head of security engineering and architecture at Xero, to talk about how they use Imperva SecureSphere for their cloud-hosted applications.

Read More

One Year after the Largest DDoS Attack ONE YEAR AFTER THE LARGEST DDOS ATTACK

article

Oct 20, 2017

It’s been a full year since what most believe to be the world’s largest volumetric Distributed Denial of Service (DDoS) attack occurred; on October 21, 2016 over the course of several hours the Domain Name Service Provider Dyn came under attack by two large and complex DDoS attacks again...

Read More

Resilience in the Age of Automated Hacking RESILIENCE IN THE AGE OF AUTOMATED HACKING

article

Oct 18, 2017

When we think about cyber attacks, we usually think about the malicious actors behind the attacks, the people who profit or gain from exploiting digital vulnerabilities and trafficking sensitive data.

Read More

Mobile Phishing Attacks Jump, Financial Industry Is Biggest Target MOBILE PHISHING ATTACKS JUMP, FINANCIAL INDUSTRY IS BIGGEST TARGET

article

Oct 17, 2017

Jason Koestenblatt at Enterprise Mobility Exchange wrote: "Thanks to the amount of time employees are spending online to get work done, hackers have a veritable treasure trove of opportunities and touch points to gain entry into an enterprise’s data and sensitive information.

Read More

DDoS Attacks Still on the Rise and Now Targeting Corporate Data DDOS ATTACKS STILL ON THE RISE AND NOW TARGETING CORPORATE DATA

article

Oct 13, 2017

A new global survey by Kaspersky found that Distributed Denial of Service (DDoS) attacks have doubled over the last year. The research emphasised how any organisation, regardless of its size, type or location, can be seriously impacted by such attacks.

Read More

Securing Critical Infrastructure Organizations Against the Next Cyber Breach SECURING CRITICAL INFRASTRUCTURE ORGANIZATIONS AGAINST THE NEXT CYBER BREACH

article

Oct 12, 2017

The cyber-attack on Ukraine power centers last December — an event that took 30 substations offline and left more than 230,000 residents without power — was a rude awakening for power generation plants and distribution centers around the world.

Read More

Ransomware Attacks on MySQL and MongoDB RANSOMWARE ATTACKS ON MYSQL AND MONGODB

article

Oct 12, 2017

Ransomware is arguably one of the most vicious types of attack cyber security experts are dealing with today. The impact ransomware attacks can have on an organization is huge and costly.

Read More

Why cybersecurity is everyone’s business WHY CYBERSECURITY IS EVERYONE’S BUSINESS

article

Oct 10, 2017

This month is the 14th National Cyber Security Awareness Month, the annual campaign organized by the Department for Homeland Security to raise awareness of the importance of cybersecurity for both businesses and consumers.

Read More

Cybersecurity in the Workplace is Everyone’s Business CYBERSECURITY IN THE WORKPLACE IS EVERYONE’S BUSINESS

article

Oct 10, 2017

October is National Cyber Security Awareness Month(NCSAM) in the US, which is an annual effort by the Department of Homeland Security to educate the public about privacy and security in our increasingly connected world.

Read More

Cybersecurity Awareness Means Data Awareness CYBERSECURITY AWARENESS MEANS DATA AWARENESS

article

Oct 10, 2017

There is an old joke about a police officer who sees a man searching for something under a streetlight. The officer asks what he has lost. The man responds that he lost his keys, and then they both proceed to look under the streetlight together.

Read More

Cybersecurity in the Workplace is Everybody’s Business CYBERSECURITY IN THE WORKPLACE IS EVERYBODY’S BUSINESS

article

Oct 10, 2017

What can individual users do to preserve cybersecurity at work? Your organization is spending on cybersecurity tools, you have an awareness program, and if you look you will find that there are standards and procedures for choosing and maintaining products to help keep information secure.

Read More

Survey Says More than One Third of US Businesses Experience DDoS Attacks SURVEY SAYS MORE THAN ONE THIRD OF US BUSINESSES EXPERIENCE DDOS ATTACKS

article

Oct 09, 2017

How common are distributed denial of service attacks? Very common, according to a survey of business executives released last week by The Hartford Steam Boiler Inspection and Insurance Company (HSB). According to that company’s press release, 35% of those companies surveyed said that they had ...

Read More

Cybersecurity in the Workplace: Adapt or Go the Way of the Dodo CYBERSECURITY IN THE WORKPLACE: ADAPT OR GO THE WAY OF THE DODO

article

Oct 08, 2017

The same goes for cybersecurity in the workplace. We can’t accept a set it and forget it cybersecurity culture. Rather, we must embrace one of adaptation. Leading analyst firm Gartner agrees. In its “CARTA” report, the company leads with adaptation – to risk, to trust assessm...

Read More

Strength in IT Security Numbers Can Be Misleading STRENGTH IN IT SECURITY NUMBERS CAN BE MISLEADING

article

Oct 06, 2017

There’s an assumption that bigger is somehow better when it comes to cybersecurity that doesn’t always play out the way one might expect. During an online Cybersecurity Summit 2017 event this week hosted by the Washington Post.

Read More

National Cyber Security Awareness Month: What Cyber Security Looks Like for Businesses on a Day-to-Day Level NATIONAL CYBER SECURITY AWARENESS MONTH: WHAT CYBER SECURITY LOOKS LIKE FOR BUSINESSES ON A DAY-TO-DAY LEVEL

article

Oct 05, 2017

October is National Cyber Security Awareness Month, but with the constant drum beat of headline-grabbing data breaches, I could argue at this point that every month is National Cyber Security Awareness Month. Equifax and the U.S. Securities and Exchange Commission (SEC) are the latest big organizati...

Read More

PROTECTING YOUR NETWORK AGAINST BRUTE FORCE PASSWORD ATTACKS PROTECTING YOUR NETWORK AGAINST BRUTE FORCE PASSWORD ATTACKS

article

Oct 05, 2017

Everyday, hackers are finding new and sophisticated techniques to compromise networks, yet one of the most tried and true attack methods – brute force attacks – remains popular. It is such a common password-cracking method because it can be used against nearly any type of encryption.

Read More

A Psychological Approach to Cyber Security A PSYCHOLOGICAL APPROACH TO CYBER SECURITY

article

Oct 04, 2017

It’s no secret that I’m passionate about Cyber Security. So naturally, I do what any other person obsessed would do: listen to podcasts whenever I get the chance. This past Monday, I was walking from my campus to the train station while listening to an interview on Recorded Future with M...

Read More

Simple Steps to Online Safety SIMPLE STEPS TO ONLINE SAFETY

article

Oct 02, 2017

Based on what we discussed above, it doesn’t take too much time or effort to launch a successful phishing attack. As a result, it’s one of the more effective ways for attackers to get what they want, which is often financial gain or political/ideological motives.

Read More

Bitdefender Creates Ransomware Recognition Tool BITDEFENDER CREATES RANSOMWARE RECOGNITION TOOL

article

Oct 02, 2017

The AV vendor created a free tool to help ransomware victims find which family and sub-version of ransomware has encrypted their data and then get the appropriate decryption tool, if it exists.

Read More

Threat Analysis: Don’t Forget About Kangaroo Ransomware THREAT ANALYSIS: DON’T FORGET ABOUT KANGAROO RANSOMWARE

article

Oct 02, 2017

The age of ransomware is upon us. Advanced ransomware variants are using NSA-leaked exploits to ravage hundreds of thousands of computers and collect thousands of dollars in bitcoins, while new variants are being produced on a weekly basis.

Read More

New Ransomware Strain Evades Machine Learning Security Software NEW RANSOMWARE STRAIN EVADES MACHINE LEARNING SECURITY SOFTWARE

article

Sep 29, 2017

Here is the latest tactic in the cat-and-mouse game between cybercrime and security software vendors. The bad guys have come up with new a ransomware phishing attack, tricking users to open what appears to be a document scanned from an internal Konica Minolta C224e.

Read More

The Growth of DDoS-as-a-Service: Stresser Services THE GROWTH OF DDOS-AS-A-SERVICE: STRESSER SERVICES

article

Sep 28, 2017

The growth of DDoS-as-a-Service has resulted in a wide array of powerful and affordable DDoS services available to the public. Since the beginning of 2016, Radware’s ERT Research division has been monitoring a number of services available on both the clear and the darknet.

Read More

Phishing: don’t take the bait PHISHING: DON’T TAKE THE BAIT

article

Sep 27, 2017

Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access t...

Read More

Helping Mobile Operators Keep Customers Safe with Virtualized Network Security HELPING MOBILE OPERATORS KEEP CUSTOMERS SAFE WITH VIRTUALIZED NETWORK SECURITY

article

Sep 27, 2017

At Trend Micro we’re always looking for innovative new ways to support our customers and help overcome their cybersecurity challenges. Mobile network operators (MNOs) are increasingly adopting virtualization and software acceleration technologies to become more agile in how they deploy.

Read More

Phantom RDoS Might Be a Fake Ploy, But Beware PHANTOM RDOS MIGHT BE A FAKE PLOY, BUT BEWARE

article

Sep 25, 2017

A group that calls itself Phantom Squad has launched an email-based ransomware DDoS (RDoS) extortion campaign against thousands of companies across the globe in the past week. They are threatening to launch DDoS attacks on their target victims on September 30 unless each victim pays about $700 in bi...

Read More

EMAIL SECURITY SHOULDN’T BE AN AFTERTHOUGHT WHEN MOVING TO CLOUD-BASED EMAIL EMAIL SECURITY SHOULDN’T BE AN AFTERTHOUGHT WHEN MOVING TO CLOUD-BASED EMAIL

article

Sep 25, 2017

The move to Microsoft Office 365TM is driven by the benefits of transitioning to a cloud-based solution, including reduced hardware and maintenance costs. At the same time, Office 365TM brings a new level of flexibility and agility to organizations. But what is less discussed is its inherent email s...

Read More

Deloitte Hit by ‘Sophisticated’ CyberAttack Revealing Client Emails DELOITTE HIT BY ‘SOPHISTICATED’ CYBERATTACK REVEALING CLIENT EMAILS

article

Sep 25, 2017

‘Big four’ accounting giant Deloitte has reportedly been the target of a sophisticated cyberattack where hackers gained access to confidential emails and plans of its blue-chip clients.

Read More

Scam of The Week: "Fake-tortion" Phishing Attacks SCAM OF THE WEEK: "FAKE-TORTION" PHISHING ATTACKS

article

Sep 24, 2017

The sophisticated attackers are targeting potential victims in an email sequence that starts with pornography and adult dating links, which are then followed up with extortion attempts.IT security company Forcepoint says it picked up more than 33,500 such emails in August, and Australian email addre...

Read More

NATIONAL HEALTH SERVICE CYBER SECURITY FEARS AND RESILIENCE STRATEGY NATIONAL HEALTH SERVICE CYBER SECURITY FEARS AND RESILIENCE STRATEGY

article

Sep 21, 2017

Cyber-attacks like the WannaCry incident which crippled many National Health Service (NHS) trusts in May this year brought into sharp focus the aging IT infrastructure and unpatched systems leading to the disruption of critical patient services.

Read More

TrickBot Targeting Financial and Cryptocurrency Data TRICKBOT TARGETING FINANCIAL AND CRYPTOCURRENCY DATA

article

Sep 21, 2017

While a great deal of focus for research into botnet trojans is on the multipurpose utility of this malware, many of these same tools are still utilized for direct financial crimes and fraud. This configuration data, provides a prima-facie insight into some of the preferred means for monetary gains ...

Read More

Barracuda Advanced Technology Group Tracks 20 Million Ransomware Phishing Attack BARRACUDA ADVANCED TECHNOLOGY GROUP TRACKS 20 MILLION RANSOMWARE PHISHING ATTACK

article

Sep 20, 2017

Barracuda Advanced Technology Group says it’s tracking a ransomware threat that has so far spawned about 20 million phishing emails sent to unsuspecting users around the world in in the last 24 hours and the threat is growing.

Read More

Do Hackers Have It Easy? DO HACKERS HAVE IT EASY?

article

Sep 19, 2017

Hackers got it easy. At least, it feels like it. They are in a growing “industry” with many, almost endless, targets to choose from. They have access to new tools and techniques, services that make it easy for them to launch an attack and lots of information and personal data at their fi...

Read More

Five questions you should be asking about cybersecurity FIVE QUESTIONS YOU SHOULD BE ASKING ABOUT CYBERSECURITY

article

Sep 18, 2017

The threat of hackers stealing private information and holding it for ransom is real, and the healthcare industry has become a prime target – in fact, phishing as emerged as the top security threat facing healthcare organizations.

Read More

Warning CCleaner Compromised With Malware WARNING CCLEANER COMPROMISED WITH MALWARE

article

Sep 18, 2017

CCleaner the evidence elimination tool that I recommend on The Complete Cyber Security Course has been compromised and Malware added to it. The effected Version is 5.33 of the CCleaner app offered for download between August 15 and September 12 2017.

Read More

Does your mobile anti-virus app protect or infect you? The truth behind DU Antivirus Security DOES YOUR MOBILE ANTI-VIRUS APP PROTECT OR INFECT YOU? THE TRUTH BEHIND DU ANTIVIRUS SECURITY

article

Sep 18, 2017

With mobile attacks representing nearly 20% of all cyberattacks in the Americas during the first half of 2017, users are constantly warned to be aware of security risks affecting their data and privacy, and install security software to protect their device.

Read More

Customized Phishing Simulations Keep You “Left of Breach” CUSTOMIZED PHISHING SIMULATIONS KEEP YOU “LEFT OF BREACH”

article

Sep 18, 2017

In part 2 we looked at Self-Enumeration, assessing security and business process gaps that phishing attackers exploit. It’s the first step in being “Left of Breach” the process that builds a proactive phishing defense strategy. In simulation design, you model known attacks—ei...

Read More

Apache Struts, RCE and Managing App Risk APACHE STRUTS, RCE AND MANAGING APP RISK

article

Sep 18, 2017

People used to argue about whether cyber security is a business problem or a technical problem. But this frames the issue poorly. “Problem” and “solution” imply that there is a definitive “solve.” Cybercrime isn’t a technical problem that can be definitively...

Read More

Integrating Artificial Intelligence into Cybersecurity: Collaboration is the Key INTEGRATING ARTIFICIAL INTELLIGENCE INTO CYBERSECURITY: COLLABORATION IS THE KEY

article

Sep 17, 2017

We have seen from the previous two posts on cybersecurity and AI the importance of using advanced technology to stay ahead of cybercriminals. But often times a threat transcends one particular box. This is where Fortinet’s collaboration is paramount. Regardless of the physical location of the ...

Read More

VEVO Data Breach Caused By LinkedIn Phishing Attack VEVO DATA BREACH CAUSED BY LINKEDIN PHISHING ATTACK

article

Sep 15, 2017

A Vevo spokesperson told Gizmodo that the company “can confirm that Vevo experienced a data breach as a result of a phishing scam via Linkedin. We have addressed the issue and are investigating the extent of exposure.”

Read More

How Can SMB Practices Improve Healthcare Cybersecurity? HOW CAN SMB PRACTICES IMPROVE HEALTHCARE CYBERSECURITY?

article

Sep 15, 2017

The healthcare sector has been under increasing attack from cybercriminals with a variety of tactics and motivations. In fact, cyberattacks targeting healthcare providers increased 63 percent in 2016. The increased attention cybercriminals are giving the healthcare space is not surprising. The prote...

Read More

3 Ways File Integrity Monitoring Identifies Zero-Day Attacks 3 WAYS FILE INTEGRITY MONITORING IDENTIFIES ZERO-DAY ATTACKS

article

Sep 14, 2017

A zero-day attack leaves your software vulnerable to be exploited by hackers. It is a serious security risk. Cybercriminals are becoming more and more adept in breaching IT security systems.

Read More

DDoS Attacks on Internet Providers Can Impact Downstream Customers DDOS ATTACKS ON INTERNET PROVIDERS CAN IMPACT DOWNSTREAM CUSTOMERS

article

Sep 13, 2017

Enterprises need to consider that even if they have protection against distributed denial of service (DDoS) attacks, their business could be taken offline if their Internet Service Provider (ISP), hosting provider or Domain Name Service (DNS) provider does not have adequate DDoS protection.

Read More

Paradise Ransomware Uses RSA Encryption to Attack Computers PARADISE RANSOMWARE USES RSA ENCRYPTION TO ATTACK COMPUTERS

article

Sep 13, 2017

A newly discovered ransomware-as-a-service (RaaS) program called Paradise is attempting to infect computers via hijacked Remote Desktop services. An RaaS is where the developer of ransomware manages its development and operates the Command and Control server in exchange for a small cut of all ransom...

Read More

Beware of the Bashware: A New Method for Any Malware to Bypass Security Solutions BEWARE OF THE BASHWARE: A NEW METHOD FOR ANY MALWARE TO BYPASS SECURITY SOLUTIONS

article

Sep 11, 2017

With a growing number of cyber-attacks and the frequent news headlines on database breaches, spyware and ransomware, quality security products have become a commodity in every business organization. Consequently a lot of thought is being invested in devising an appropriate information security strat...

Read More

Virginia Suspends E-Voting Machines Due to Cybersecurity Concerns VIRGINIA SUSPENDS E-VOTING MACHINES DUE TO CYBERSECURITY CONCERNS

article

Sep 11, 2017

Virginia has agreed to immediately pull all paperless touchscreen voting machines ahead of the upcoming gubernatorial election in November following concerns by cybersecurity experts. Taken on Friday, the decision comes following a recommendation by the Virginia Department of Elections that the mach...

Read More

Cybersecurity Risks are Substantial, Says SEC Chief CYBERSECURITY RISKS ARE SUBSTANTIAL, SAYS SEC CHIEF

article

Sep 06, 2017

The chairman of the Securities and Exchange Commission has urged Wall Street to educate everyday investors on teh ‘substantial risk’ of cybersecurity threats. Newly appointed SEC chairman Jay Clayton was speaking at a panel discussion at New York University’s School of Law on Tuesd...

Read More

HOW TO PREPARE FOR AND RESPOND TO AN EMAIL-BASED ATTACK HOW TO PREPARE FOR AND RESPOND TO AN EMAIL-BASED ATTACK

article

Sep 06, 2017

No matter how well you prepare technically for and educate and train your team on cyber resilience, at some point you’re going to experience a cyberattack. Yet, almost two-thirds (65%) of leaders don’t feel their organizations are fully equipped or updated to address email-based cybercri...

Read More

Maintaining Endpoint Security to Protect Your Network MAINTAINING ENDPOINT SECURITY TO PROTECT YOUR NETWORK

article

Sep 05, 2017

Growing innovation can mean a lot of things to an organization – new functionalities, increased efficiency, and potentially, added risk. New technologies and the proliferation of connected devices have increased the surface area for potential attacks, and to stay ahead of an evolving threat la...

Read More

Phishing Attack With PowerPoint Attachment Bypasses User Access Control PHISHING ATTACK WITH POWERPOINT ATTACHMENT BYPASSES USER ACCESS CONTROL

article

Sep 04, 2017

Fortinet researchers discovered a malicious PowerPoint file which currently is used to attack diplomats, United Nations- and government organizations worldwide. This will soon filter down to mass phishing attacks. The attack uses an existing Microsoft Office vulnerability in combination with a techn...

Read More

Cybersecurity Hygiene Set to Become a Higher Priority CYBERSECURITY HYGIENE SET TO BECOME A HIGHER PRIORITY

article

Sep 01, 2017

If passed The Promoting Good Cyber Hygiene Act instructs the National Institute of Standards and Technology (NIST), in consultation with the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS), to establish a baseline set of voluntary best practices for good cybersecurity hy...

Read More

The Rise of Ransom-Driven DDoS Attacks THE RISE OF RANSOM-DRIVEN DDOS ATTACKS

article

Sep 01, 2017

In recent weeks, cyber attackers have become even more interested in extorting money from organizations by threatening to organize a distributed denial of service (DDoS) attackon critically important online systems.

Read More

WannaCry illustrated: See how attitudes have changed WANNACRY ILLUSTRATED: SEE HOW ATTITUDES HAVE CHANGED

article

Aug 31, 2017

Clearswift's recent survey with Vanson Bourne into the impact of May 2017’s WannaCry attack has revealed big changes in the way organizations and employees deal with cyber security. We've created an infographic that shows not only the devastating impact of the attack but also how this ...

Read More

Active ransomware attack uses impersonation and embedded advanced threats ACTIVE RANSOMWARE ATTACK USES IMPERSONATION AND EMBEDDED ADVANCED THREATS

article

Aug 31, 2017

In the last 24 hours, the Barracuda advanced security team has observed about 20 million attempts at a ransomware attack through an email attachment “Payment_201708-6165.7z.” Here is a screenshot of the email with the addresses redacted: In this attack, the source of the email is a spoof...

Read More

SSL Attacks – When Hackers Use Security Against You SSL ATTACKS – WHEN HACKERS USE SECURITY AGAINST YOU

article

Aug 29, 2017

In World War II, the Allies had a significant advantage because they were able to compromise the encryption protocols that the Japanese and Germans used to send sensitive messages. They were able to intercept and decode messages to gain intelligence concerning sensitive military operations.

Read More

DDoS Attacks Blamed on Mirai-Style Botnet of 70,000 Android Devices DDOS ATTACKS BLAMED ON MIRAI-STYLE BOTNET OF 70,000 ANDROID DEVICES

article

Aug 29, 2017

Drawing striking parallels to last year’s Mirai botnet attacks, the new WireX botnet has, in recent weeks, pummeled a numbero f content providers and delivery networks with traffic from hijacked Android devices. Content delivery giant Akamai discovered the botnet malware after researching an a...

Read More

TRICKBOT BANKING TROJAN MAKING PHISHING MORE REAL TRICKBOT BANKING TROJAN MAKING PHISHING MORE REAL

article

Aug 14, 2017

Trickbot is back, new and improved, and was found targeting customers of Lloyds Bank of the UK last week in a renewed phishing campaign intended to steal online banking users' security codes. The updated version of the malware, which first appeared last year, uses new techniques to make it even ...

Read More

THE HUMAN SIDE OF CYBERSECURITY THE HUMAN SIDE OF CYBERSECURITY

article

Aug 09, 2017

As the waves of ransomware attacks continue to hit the shores of companies around the world prove, today’s cybersecurity balance still tips toward the bad guys. The odds are stacked against the good guys, as they need to mitigate all threats, whether it is against their networks, brand, or phy...

Read More

Protecting Your Organization From Phishing Schemes: Tips From the FBI PROTECTING YOUR ORGANIZATION FROM PHISHING SCHEMES: TIPS FROM THE FBI

article

Aug 08, 2017

It’s not just the bad actors that we at Core Security want to protect you from – we also want to protect you from yourself. It’s all hands on deck when it comes to securing your systems and the systems you interact with on a daily basis.

Read More

When to Decrypt and What to Decrypt For Cyber Security WHEN TO DECRYPT AND WHAT TO DECRYPT FOR CYBER SECURITY

article

Aug 07, 2017

It's certainly true that the use of network encryption has risen rapidly over the past few years on the Internet at large. A very broad range of threat actors have taken advantage of the easy availability of signed certificates from trusted certificate authorities (CAs).

Read More

FIVE THINGS TO KNOW ABOUT RANSOMWARE FIVE THINGS TO KNOW ABOUT RANSOMWARE

article

Jul 31, 2017

With WannaCry barely in the rear view mirror, ransomware was back in the spotlight with a new malware dubbed NotPetya. We can expect to see new ransomware strains as advanced attackers continue to evolve their tactics, and the ramifications on business will be significant if proactive measures are n...

Read More



SPOTLIGHT

In an effort to provide the most comprehensive look at how the SEC regulatory process works, Intelligize analyzed disclosure surrounding this rapidly growing area to see how effective the government agency has been in confronting cybersecurity, now a little more than halfway through 2014. With so ma

RESOURCES