Drones pose cyber-security and privacy threats, says report

Smart Cities World | March 28, 2019

Without new safeguards, the growing use of drones in populated areas brings significant risks that could result in attacks by "malicious entities" An open-skies policy that allow drones to fly over populated areas pose significant risks in terms of security and privacy within society, a new study warns. And without additional safeguards, could result in attacks by malicious entities and be exploited for use in cyber-attacks, terrorism, crime and invasion of privacy the research report, Security and Privacy Challenges in the Age of Drones, from Ben-Gurion University (BGU) and Fujitsu System Integration Laboratories, evaluates 200 academic and industry techniques designed to detect and disable drones flying in both unrestricted and restricted areas. US government proposal. Its findings coincide with the US government proposal to allow civilian drone flights with new security rules that permit deliveries and other commercial uses in populated areas.

Spotlight

Cyber attacks and data leakage are daily threats to organizations globally, reminding us that we are all potential targets of this type of threat. Attorneys are discussing the potential risk of individual liability for corporate directors who do not take appropriate responsibility for oversight of cybersecurity.

Spotlight

Cyber attacks and data leakage are daily threats to organizations globally, reminding us that we are all potential targets of this type of threat. Attorneys are discussing the potential risk of individual liability for corporate directors who do not take appropriate responsibility for oversight of cybersecurity.

Related News

SOFTWARE SECURITY

MERIPLEX acquires Louisiana-based MSP, Verma Systems

Meriplex | July 18, 2022

Meriplex, a nationwide leader in managed cybersecurity and IT solutions, is pleased to announce the asset acquisition of Louisiana-based managed service provider, Verma Systems. For over 31 years, Verma Systems has been a leading and trusted IT and consulting partner for businesses in Baton Rouge and across Louisiana. They provide personalized solutions to their clients allowing them to leverage IT and technology to enhance business efficiency. "Verma Systems is an excellent addition to the Meriplex organization. "With their talented team and longstanding reputation in the Louisiana market, we will be able to provide more innovative technology and service offerings to their clients and work towards our goal of being the number one MSP/MSSP in the nation." David Henley, CEO of Meriplex "For me, it has always been about the customer and our employees," said Mitch Verma, President of Verma Systems. "Joining forces with Meriplex means we have more resources at our fingertips including additional IT experts, new product lines, and the capability to offer more well-rounded technical solutions. I know the people behind Meriplex, and we share the same core values and work ethic. With their expertise, size and seasoned approach, I am confident we can provide more for our clients and our employees." As a fast-growing managed services provider, Meriplex focuses on strategically acquiring businesses in leading markets in order to establish a regional presence and acquire talent to support their increasing large organic and inorganic growth. If you are interested in learning more about our M&A process, please reach out to us here. About Meriplex Meriplex is a managed cybersecurity, IT, and SD-WAN solutions provider that enables transformation by combining secure, innovative technology with advanced expertise. As a trusted partner, we deliver business-driven solutions that provide the scalability and support needed to power growth for organizations. About Verma Systems Established in 1991, Verma Systems is a Baton Rouge IT services company specializing in business technology tailored towards the SMB market. With our highly talented and experienced team, we know how to meet business needs by incorporating the right technology solutions to help your company be successful. Our mission is focused on hard work, smart work, and superior customer service.

Read More

SOFTWARE SECURITY

LogRhythm Accelerates Threat Detection Capabilities with Innovations to Product Suite

LogRhythm | July 06, 2022

LogRhythm, the company helping busy and lean security operation teams save the day, today announced the launch of version 7.9 of the LogRhythm SIEM Platform and updates to LogRhythm NDR and LogRhythm UEBA. “LogRhythm arms security teams with intelligent analytics and automated responses to reduce cybersecurity exposure, eliminate blind spots and quickly shut down attacks,” said Kish Dill, chief product and customer officer at LogRhythm. "The company is changing the way we work by becoming customer-centric throughout our whole organization. We are listening to our customers and promise to deliver quarterly innovations that address the challenges our customers face every day. We recognize that security teams don’t have time to spare on long processes and inefficient workflows. With these latest updates, security teams will have the tools they need to make operations more effective and efficient to defend their organization against today’s top threats.” LogRhythm 7.9, LogRhythm NDR and LogRhythm UEBA (formerly CloudAI) provide new features designed to help security teams overcome everyday obstacles by accelerating threat response, improving workflows and simplifying processes, including: Faster time to value through improved analyst workflows Enhanced automation with Admin API: LogRhythm 7.9 improves the Admin API by adding system monitoring management (LogRhythm SysMon) endpoints to the API library. This enables SIEM administrators to connect through the Admin API and manage the SysMon agent, allowing for automated process batching. Embedded Expertise: LogRhythm accelerates customer time to value through its out of the box LogRhythm SmartResponse™. LogRhythm 7.9 includes added and enhanced SmartResponses to its already extensive library of over 120 integrations. Enable packet capture in UI: LogRhythm NDR users can download PCAP files for specific incidents and cases to pull in more detail, helping investigations and improving threat hunting. Easier and faster event log filtering: LogRhythm 7.9 includes a new way to filter logs at the agent. Users can now select the types of Windows event logs the agent queries, accelerating the time to process logs and removing the burden on the collection pipeline. Expanded threat detection capabilities Enhanced LogRhythm NDR detection models: Users can detect a wider array of ransomware attacks with LogRhythm NDR’s improved analytics capabilities. Advanced analytics models: LogRhythm UEBA offers advanced UEBA analytics as a cloud-native, easy to deploy add-on for LogRhythm 7.9 users. Models were improved and new models added to ensure today's complex attacks can be detected and anomalies requiring priority attention can be identified, further reducing alert fatigue and accelerating response times. Policy violation alerts: LogRhythm NDR offers alerts about expired certificates, weak ciphers used in connections, and authentication activity happening in clear text, offering additional context to what could represent a risk. Extended flexibility Controlled overages with powerful license metering reporting: LogRhythm added a new reporting feature to make licensing overages more visible and easier to understand by displaying any overages in the past 30 days. This feature will help teams better manage license usage and costs. Expanded endpoint integrations: LogRhythm now includes Cisco Secure Endpoint (formerly AMP for Endpoints) in its family of EDR integrations. About LogRhythm LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.

Read More

SOFTWARE SECURITY

Bugcrowd Launches Reseller Partnership with SocialProof Security

Bugcrowd | June 27, 2022

Bugcrowd, the market leader in crowdsourced cybersecurity, announced today a strategic reseller collaboration with SocialProof Security, advancing the organization's objective to keep clients ahead of growing cyber threats. As part of the cooperation, Bugcrowd will resell SocialProof Security's services, including social engineering prevention training, protocol and practitioner seminars, and penetration testing. In addition to reselling social engineering services, Bugcrowd continues to innovate and invest in its award-winning Security Knowledge Platform, which provides the most comprehensive suite of security solutions such as bug bounty, vulnerability disclosure programs, attack surface management, and pen testing as a service. Bugcrowd, for example, allows consumers to buy pen tests from a single supplier for any sort of use case, from basic assurance of simple web apps and networks to continuous testing of cloud services and APIs, and now, social engineering. Due to their friendly hacker approach to boosting customer defenses against human-based assaults, SocialProof Security and CEO Rachel Tobac, the market leader in social engineering prevention services, have gained prominence. Twitter, PayPal, Uber, Prudential Insurance, Cisco Systems, WhatsApp, NATO, and the US Air Force are among the noteworthy clients of SocialProof Security. "We are excited to work with Bugcrowd on this reseller partnership as we move forward with our aligned mission to arm organizations with a proactive means to reduce social engineering risk through education, identity verification protocol improvements, technical tools, and measuring those updates with social engineering penetration testing. The majority of cyber attacks now start with some element of social engineering—manipulating people to take actions that could harm organizations. This partnership illustrates the priority Bugcrowd places on actionable and measurable social engineering risk mitigation in a well-rounded security program," said Tobac. "Even with current elevated threat levels, many organizations are surprisingly unprepared for the threats from social engineering attacks, as we repeatedly find low awareness across organizations, outdated or inconsistent identity verification, and limited practitioner skill sets. Fortunately, taking a multidimensional approach that combines prevention training and tools, human-based protocol updates, and pen testing can dramatically reduce the risk of social engineering attacks. We look forward to bringing this innovative solution to market as a part of our services." Ashish Gupta, CEO of Bugcrowd SocialProof specializes in defending against social engineering attacks, in which attackers deceive workers in order to get personally identifiable information (PII), passwords, and unauthorized access to accounts, money, or other sensitive information. Common attack vectors like phishing, impersonation, and pretexting can be used to carry out such manipulation. In fact, respondents to ISACA's 2021 State of Cybersecurity Survey rated social engineering as the #1 cyber threat.

Read More