BlackBerry Cylance 2019 Threat Report Highlights

We know. It’s an impossible question to answer. There’s no such thing as a “worst web application security issue,” because every app and every organization has its own unique set of issues. But if you’re a development organization with limited resources, how do you know where to start? Which issues appear over and over in data breaches, exploits, and top N lists such as the OWASP Top 10? We asked some experts—and Twitter—to give us their opinions.

One of the hottest topics at RSA San Francisco 2019 was the Mitre ATT&CK framework. Along with the Lockheed-Martin Kill Chain, it has become a standard reference model for cybersecurity professionals. Specifically, it is used to describe each stage of an attack. Pen testers, security analysts and Security Operations Center (SOC) professionals must learn how to mature their operations, as well as hone the skills of red team and blue team workers.

On Monday, Dec. 11, as part of the SIA Webinar series, a webinar titled Cybersecurity: Bridging the Gap between Physical Security and IT/IoT covered best practices from edge to core hardening, bridging cyberprotection techniques, and technologies that help unify disparate technologies into a common cybersecurity framework. Speakers Vince Ricco (Axis Communications) and Ken Mills (Dell EMC) discussed how successful practitioners are hardening the physical security edge, enabling the authentication of devices systemwide and utilizing IT and IoT methodology to secure the enterprise.

The Domain Name System (DNS) is essentially the central nervous system of the internet—everyone needs it to work because without DNS services, digital business would come to a halt. Cybercriminals know this, too, and use DNS services to launch their attacks while they simultaneously attack the DNS services of their targets.