Wednesday, November 30, 2022

BrandPost: SASE: The Only Way to Improve Network Security Without Added Complexity

By: Mike Spanbauer, Field CTO, Security at Juniper NetworksThe future of network security has a new shiny architecture to meet organizational needs with Secure Access Service Edge (SASE). Still, most network administrators are either not ready or able to decommission...

How to build a public profile as a cybersecurity pro

Cybersecurity professionals interested in raising their profiles as subject matter experts can count on social media to become more visible. With everyone being online this may not be enough though. CSO spoke to Forrester analyst Jinan Budge and cybersecurity...

BrandPost: Threat Notification Isn’t the Solution – It’s a Starting Point

Most organizations have the tools in place to receive notification of attacks or suspicious events. But taking the information gleaned from cybersecurity tools is only step one in handling a security threat.“The goal of a security practitioner is to...

Financial services increasingly targeted for API-based cyberattacks

A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical...

BrandPost: 5 Reasons to Protect the Performance and Security of Your Pharmaceutical Business

One of the greatest lessons resulting from the COVID-19 pandemic is to expect the unexpected and proactively prepare for future unknowns. Like many others, the pharmaceutical industry has been revolutionized by accelerated digital transformation over the last few years....

Website offering spoofing services taken offline after joint operation

Judicial and law enforcement authorities in Europe, Australia, the US, Ukraine, and Canada took down a so-called spoofing website that allowed fraudsters to impersonate trusted corporations or contacts in order to steal more than $120 million from victims.In a...

EU Council adopts NIS2 directive to harmonize cybersecurity across member states

The Council of the European Union (EU) has adopted a new cybersecurity directive designed to improve resilience and incident response capacities across the EU, replacing NIS, the current directive on the security of network and information systems.The new directive,...

500 million WhatsApp mobile numbers up for sale on the dark web

A database of 487 million WhatsApp users’ mobile numbers has been put up for sale on a hacking community forum. The data set contains WhatsApp user data from more than 84 countries, the post shows. The story was first...

Top 7 CIAM tools

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. To helps organizations compare their needs against the options...

Here is why you should have Cobalt Strike detection in place

Google recently released a list of YARA detection rules for malicious variants of the legitimate Cobalt Strike penetration testing framework that are being used by hackers in the wild. Cobalt Strike is a commercial attack framework designed for red...

Cybercriminals are increasingly using info-stealing malware to target victims

Cybercriminals are increasingly shifting from automated scam-as-a-service to more advanced info stealer malware distributors as the competition for resources increases, and they look for new way to make profits, according to a report by Group-IB. The cybersecurity company has identified...

Top cybersecurity M&A deals for 2022

The number of cybersecurity mergers and acquisitions deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That’s up from 94 for the same period...

EPSS explained: How does it compare to CVSS?

The Common Vulnerability Scanning System (CVSS) is the most frequently cited rating system to assess the severity of security vulnerabilities. It has been criticized, however, as not being appropriate to assess and prioritize risk from those vulnerabilities. For this...

DUCKTAIL malware campaign targeting Facebook business and ads accounts is back

A group of attackers, likely based in Vietnam, that specializes in targeting employees with potential access to Facebook business and ads management accounts, has re-emerged with changes to its infrastructure, malware, and modus operandi after being initially outed a...

Meta outlines US involvement in social media disinformation in new report

A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military.“Coordinated inauthentic behavior”...

The Biden administration has racked up a host of cybersecurity accomplishments

When it comes to hitting the ground running on cybersecurity, the Biden administration has engaged in an extensive set of initiatives that far outstrip those of the Trump administration – and even those of the Obama administration, which established...

UK finalizes first independent post-Brexit data transfer deal with South Korea

The UK has finalized its first independent data adequacy decision since leaving the European Union (EU) which will allow UK organisations to securely transfer personal data to the Republic of Korea without restrictions by the end of the year....

How to reset a Kerberos password and get ahead of coming updates

Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT...

Online retailers should prepare for a holiday season spike in bot-operated attacks

With the holiday shopping season in full swing, retail websites can expect a spike in account takeover fraud, DDoS, and other attacks, including attacks via APIs, which now represent almost half of e-commerce traffic.According to a recent report from...

Microsoft Azure launches DDoS IP protection for SMBs

Microsoft is extending the Azure DDoS Protection family with a new product focusing on small and medium-size businesses (SMBs). The product, DDoS IP Protection for SMBs, was announced at Microsoft's Ignite conference and is now in public preview.DDoS IP...
TechRepublic

Gartner: How to Respond to the 2022 Cyberthreat Landscape

A new Gartner® report, How to Respond to the 2022 Cyberthreat Landscape, focuses on the new threats organizations will face as they prepare for the future of work and accelerate digital transformations. Gartner’s advice will help security and risk...
TechRepublic

Gartner MQ WAAP 2022

Research shows that web applications and API attacks continued to explode in the first half of 2022. Does your organization have the best defense today? Akamai recommends deploying a holistic web application and API protection (WAAP) solution. The right...
TechRepublic

How Akamai Helps to Mitigate the OWASP API Security Top 10 Vulnerabilities

Experts warn that API attacks will soon become the most common type of web application attack. As a result, organizations and their security vendors need to align across people, processes, and technologies to institute the right protections. The Open...
TechRepublic

What is Account Takeover and How to Prevent It in 2022

An account takeover (ATO), in which criminals impersonate legitimate account owners to take control of an account, are on the rise in Asia and across the world. Fraudsters are swindling money and digital assets from consumers across industries, with...
TechRepublic

The OWASP Top 10 – How Akamai Helps

OWASP publishes a list of the 10 most common vulnerabilities in web applications. This white paper details how Akamai can help mitigate these threat vectors. The post The OWASP Top 10 – How Akamai Helps appeared first on TechRepublic.