How to Create an Effective Incident Response Plan
The complexity and precision of today’s cyberattacks may make you long for the simpler days of the Michelangelo virus. Add the sheer number of security alerts and false positives, and it’s easy to understand why incident response teams suffer...
Does Your Cloud Vendor Contract Include These Crucial Security Requirements?
Cloud adoption is on the rise: According to International Data Corporation (IDC)’s “Nine Ways to Maximize the Value of Cloud Contracts,” 52 percent of all companies are currently using cloud-based delivery models and an additional 27 percent have firm...
I Can’t Believe Mirais: Tracking the Infamous IoT Malware
Devices and networks are where cybercriminals go to find data and financial profit. But attacks on simpler connected devices can be devastating in their own ways and cause damage that can be just as complicated to repair and pay...
Enterprise Mobility Management Gets Personal
Enterprise mobility management (EMM) is now widely adopted, with more than three-quarters of enterprises deploying the technology, according to IDC survey data. However, there are still roadblocks to end user adoption and penetration of the technology in terms of...
The Expiration Date on Passwords Has Expired
Changing your passwords frequently sounds like commonsense advice, and has served as conventional wisdom in computer security for a long time. However, just because something is common doesn’t mean it makes sense.
In fact, many experts believe forced, arbitrary password...
The Fine Art of Protecting Microsoft Office 365 Apps With Multifactor Authentication
The initials MFA, as every computer security professional knows, stand for multifactor authentication. The same initials also stand for Master of Fine Arts, and maybe that’s no accident. Protecting your organization’s internal systems and data against intrusion is indeed...
The Wild West Era Has Ended — What’s Next for Data Privacy?
While many have long viewed the digital space as a Wild West, cybersecurity and data breach regulations have existed for more than 15 years. Today, a host of new regulations, standards and frameworks is becoming the norm for organizations...
Threat Intelligence Is the SOC’s Road Map to DNS Security
Remember the nervousness and excitement you felt when you took your driving test? You had to practice for weeks, complete the required paperwork and study countless traffic signs. The latter is especially important because these signs are used to...
Why Security Incidents Often Go Underreported
If you saw a coworker browsing through a database they weren’t supposed to have access to, would you report it? What would you do if you accidentally clicked on a link in a phishing email?
Most people would say they’d...
Take a Proactive Approach to the Darknet Threat
Imagine this scenario: Everyone in your accounts payable department receives an invoice for a service your organization uses frequently. The invoice appears legitimate and doesn’t set off any alarm bells, but is in fact loaded with malware purchased on...
The Cyber Kill Chain Is Getting Shorter As the Skills Gap Widens
The pressure keeps mounting for individuals with cyber skill sets as well as organizations that can’t afford or attract them as employees. At the same time, cybercriminals are consolidating the cyber kill chain by launching attacks more quickly through...
Why Cybercriminals Are Targeting Travel and Transportation
Cybercriminals must take vacations sometimes, but right now they are just as likely to be hacking the airline that would get them there or the hotel where they would stay. Last year, when a global airline carrier revealed that...
Mobile Device Management Evolves to Support New Device Use Cases
Mobile device management (MDM) technology has matured and is widely adopted across the enterprise. MDM now serves as a baseline management tool for organizations, supporting workers using smartphones, tablets and laptops for business use. While MDM technology has somewhat...
Taking Over the Overlay: Reconstructing a Brazilian Remote Access Trojan (RAT)
This is the third installment in a three-part series on the AVLay RAT discovered by IBM X-Force. Parts one and two explained how the researchers reverse engineered the malware. This installment will demonstrate how X-Force gained control of AVLay...
Your ‘Invisible Workforce’ Needs More Visibility in Security Planning
The cybersecurity workforce is becoming more invisible. Trends in employment and talent seeking for specialized skills are increasingly shifting organizational workloads from employees to nonemployees — such as freelancers, independent contractors, service providers, consultancies and agencies. But just like...
Cisco Patches Critical Flaw in Vision Dynamic Signage Director
Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.
Tracked as CVE-2019-1917, the vulnerability was found in the REST...
The Great Hack: the film that goes behind the scenes of the Facebook data scandal
This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
Scotland Yard Twitter and Emails Hacked
London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages.
read more
Browser Extensions Scraped Data From Millions of People
Slack passwords, NSO spyware, and more of the week's top security news.
Hackers breach FSB contractor, expose Tor deanonymization project and more
SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.
