Cybereason is excited to announce the new Process Timeline view, which provides threat hunters with a unified timeline of events in a powerful tabular view and full visibility of activity that happened on the endpoint around the time of a key …
Category: Security Bloggers
North America, Security Bloggers
Next Up: Integrating Information and Communication Technology Risk Programs with Enterprise Risk Management
by Stephen Quinn •
Given the increasing reliance of organizations on technologies over the past 50 years, a number of risk disciplines have evolved into full-fledged risk programs. In recent years, cybersecurity, supply chain, and privacy risk management programs have fo…
Security Bloggers, Vulnerabilities
The Future of Attack Surface Management: How to Prepare
by David Monnier •
Upwards of 70% of organizations have been compromised because of an unknown, unmanaged, or mismanaged visible asset. Improving your Attack Surface Management capabilities is critical, says David Monnier, a Fellow at Team Cymru.
The post The Future of …
Security Bloggers
Advanced Phishing Campaign Found to Target Middle Eastern Entities
by Guru Writer •
Researchers at CloudSEK have identified an extensive phishing campaign in which threat actors (TA) were impersonating the Ministry of Human Resources of the UAE government. Spotted through XVigil, the company’s artificial intelligence (AI) digital risk monitoring platform, the new threat would target various government and corporate entities across the finance, travel, legal, hospital, oil and […]
The post Advanced Phishing Campaign Found to Target Middle Eastern Entities appeared first on IT Security Guru.
Security Bloggers
Leak of California gun owners’ private data far wider than originally reported
by Guru Writer •
Last Thursday, June 30th, the California Department of Justice admitted that the personal information of all those who had been rejected or accepted for concealed carry permits from 2011 to 2021 was exposed. The California Department of Justice confirmed that among the affected departments were the state’s Assault Weapon Registry, Handguns Certified for Sale, Dealer […]
The post Leak of California gun owners’ private data far wider than originally reported appeared first on IT Security Guru.
Security Bloggers, Security Vendor News
The True Cost of a Security Breach
by Bob Covello •
There have been many articles about the cost of a security breach. With the emergence of privacy regulations that assign penalties based on a business’ profit, or those that calculate a value for each compromised record, it is possible to calculate the…
Security Bloggers
News & Analysis | NO. 338
by Daniel Miessler •
Security Bloggers, Security Vendor News
Malicious Life Podcast: Jacob Goldstein on the Future Of BitCoin
by Malicious Life Podcast •
Will Bitcoin and the other cryptocurrencies be able to replace money as we know it today? Will governments embrace a future where they have no control over their currencies? Jacob Goldstein (Planet Money, What’s Your Problem) talks to Nate Nel…
Security Bloggers
Will Facebook’s End-to-End Encryption Protect Abortion-Seeking Users?
by Guru Writer •
The recent abolition of the right to an abortion in the United States has raised questions about compliance for employers across the nation. Microsoft, Amazon, Google, and Facebook are central in this struggle between new laws and worker demands not just because of their size and social prominence but also because of the data they […]
The post Will Facebook’s End-to-End Encryption Protect Abortion-Seeking Users? appeared first on IT Security Guru.
Security Bloggers, Security Vendor News
Center for Internet Security (CIS) Controls v8: Your Complete Guide to the Top 18
by Megan Freshley •
The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense. Initially deve…
Security Bloggers
Ukrainian Authorities Arrest Phishing Gang For Embezzling 100 Million UAH
by Charley Nash •
Last week, the Cyber Police of Ukraine disclosed that it apprehended nine members of a criminal gang that embezzled 100 million hryvnias via hundreds of phishing sites that claimed to offer financial assistance to Ukrainian citizens as part of a campaign aimed at capitalising on the ongoing conflict. The agency said in a press statement […]
The post Ukrainian Authorities Arrest Phishing Gang For Embezzling 100 Million UAH appeared first on IT Security Guru.
Security Bloggers
Hacker Claims to Have Stolen Information on 1 Billion Chinese Citizens
by Charley Nash •
An anonymous threat actor is selling several databases which they claim contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approx. $195,000). The announcement was posted on a hacker forum by a user with the handle ‘China Dan,’ saying that the information was leaked from the Shanghai […]
The post Hacker Claims to Have Stolen Information on 1 Billion Chinese Citizens appeared first on IT Security Guru.
Security Bloggers
Dutch University Turns a Profit on Ransomware Payment
by Guru Writer •
The Netherlands Maastricht University has announced that an extended investigation into a ransomware attack in 2019 has finally resulted in the seizure of €500,000. Yet, what is remarkable is that Maastricht University only paid out €200,000 originally. In 2019 Maastricht University was hit by a wave of malware which paralyzed the campus. The attack prevented […]
The post Dutch University Turns a Profit on Ransomware Payment appeared first on IT Security Guru.
Security Bloggers
NATO Announce Plans to Develop Cyber Rapid Response Capabilities
by Charley Nash •
NATO has announced plans to develop virtual rapid response capabilities “to respond to significant malicious cyber activities.” These plans were published in a declaration made following the NATO Summit in Madrid, last week. The latest summit was significant in light of Russia’s invasion of Ukraine earlier this year, amid fears of the conflict spreading further. […]
The post NATO Announce Plans to Develop Cyber Rapid Response Capabilities appeared first on IT Security Guru.
Security Bloggers
HackerOne Insider Defrauded Customers
by Guru Writer •
HackerOne, a vulnerability coordination and bug bounty platform, announced that a former employee of theirs had used their access to sensitive information regarding the vulnerabilities of clients to turn a quick profit. The unnamed individual’s system access was terminated just 24 hours after a tip off from a customer revealed they had “improperly accessed information […]
The post HackerOne Insider Defrauded Customers appeared first on IT Security Guru.
Security Bloggers
The Workforce Pincer Move During Recessions
by Daniel Miessler •
Companies are doing something smart (and sometimes a bit gross) during this economic…whatever this is. They’re using the downturn as an opportunity to get rid of people they don’t like, which solidifies their workforce. Here’s the move: They have to remove people anyway because of the recession. Find the groups of people who have annoyed them in the…
Security Bloggers
The Workforce Pincer Move During Recessions
by Daniel Miessler •
Companies are doing something smart (and sometimes a bit gross) during this economic…whatever this is. They’re using the downturn as an opportunity to get rid of people they don’t like, which solidifies their workforce. Here’s the move: They have to remove people anyway because of the recession. Find the groups of people who have annoyed them in the…
Security Bloggers
The Workforce Pincer Move During Recessions
by Daniel Miessler •
Companies are doing something smart (and sometimes a bit gross) during this economic…whatever this is. They’re using the downturn as an opportunity to get rid of people they don’t like, which solidifies their workforce. Here’s the move: They have to remove people anyway because of the recession. Find the groups of people who have annoyed them in the…
Security Bloggers
The Workforce Pincer Move During Recessions
by Daniel Miessler •
Companies are doing something smart (and sometimes a bit gross) during this economic…whatever this is. They’re using the downturn as an opportunity to get rid of people they don’t like, which solidifies their workforce. Here’s the move: They have to remove people anyway because of the recession. Find the groups of people who have annoyed them in the…
Security Bloggers
The discomfort zone
by Gary •
Compliance is a concern that pops up repeatedly on the ISO27k Forum, just this morning for instance. Intrigued by ISO 27001 Annex A control A.18.1.1 “Identification of applicable legislation and contractual requirements”, members generally …
Security Bloggers
Two Americas
by Daniel Miessler •
The US’s terminal conflict will be an internal one, fought between people who only see America’s flaws and those who pretend they don’t exist. And of course, both are wrong. The US has done some horrific shit in its history, and we still have many problems. But we’re still one of the best places in the world for…
Security Bloggers
L33t H4cking vs. M0st H4acking
by Daniel Miessler •
Security Bloggers
A shifting paradigm – Virsec’s deterministic approach to cybersecurity
by Guru Writer •
Virsec has come a long way in the past few years. As recently as 2017, its technology only focused on memory protection. 5 years, $137 million in funding and the addition of host and feedback protection later, the company is looking to revolutionise cybersecurity, quite literally, from the inside out. Greg Kelton, Senior Regional Director […]
The post A shifting paradigm – Virsec’s deterministic approach to cybersecurity appeared first on IT Security Guru.
Security Bloggers
TikTok Assures U.S. Lawmakers That They Are Working to Further Safeguard User Data From Chinese Staff
by Charley Nash •
Following concerns that U.S. users’ data had been accessed by TikTok engineers in China between September 2021 and January 2022, TikTok sought to assure U.S. lawmakers that it’s taking steps to “strengthen data security.” The admission that some China-based employees can access information from U.S. users came in a letter sent to nine senators. The […]
The post TikTok Assures U.S. Lawmakers That They Are Working to Further Safeguard User Data From Chinese Staff appeared first on IT Security Guru.
Security Bloggers
Threat Actor Group Claims Responsibility for High Profile University Hacks
by Charley Nash •
Reportedly, CloudSEK used its artificial intelligence (AI)-powered digital risk platform XVigil to identify a post on a cybercrime forum mentioning open source automation server platform Jenkins as one of the TTP (tactics, techniques, and procedures) used by a threat actor (TA) in attacks against IBM and Stanford University. Used by a TA to get clicks […]
The post Threat Actor Group Claims Responsibility for High Profile University Hacks appeared first on IT Security Guru.
Security Bloggers
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group
by Charley Nash •
Microsoft’s Security Intelligence team have issued a new warning against a known cloud threat actor group. Active since early 2017 and tracked as 8220, the group have now updated its malware toolset to breach Linux servers to install crypto miners as part of a long-running campaign. On Thursday, Microsoft wrote in a Twitter thread, “the […]
The post Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group appeared first on IT Security Guru.
Security Bloggers, Security Vendor News
Why Security Configuration Management (SCM) Matters
by Irfahn Khimji •
In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as applicable to IT…
Security Bloggers
Welcoming the Polish Government to Have I Been Pwned
by Troy Hunt •
Continuing the rollout of Have I Been Pwned (HIBP) to national governments around the world, today I’m very happy to welcome Poland to the service! The Polish CSIRT GOV is now the 34th onboard the service and has free and open access to APIs allowing them to query
Security Bloggers, Security Vendor News
The Need of Privacy Certifications for Lawyers
by Tripwire Guest Authors •
The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the lega…
Security Bloggers, Security Vendor News
The Need of Privacy Certifications for Lawyers
by Tripwire Guest Authors •
The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the lega…
Security Bloggers, Security Vendor News
CISO Interview Series: The challenges of being the CISO for the University of Oxford.
by Tripwire Guest Authors •
The job of a CISO is one of constant change and unexpected challenges. One of the most energetic environments to govern is that of a university. Universities function not only as academic institutions, but also as research hubs, hosting both curi…
Security Bloggers
Weekly Update 302
by Troy Hunt •
In a complete departure from the norm, this week’s video is the much-requested “cultural differences” one with Charlotte. No tech (other than my occasional plug for the virtues of JavaScript), but lots of experiences from both of us living and working in different parts of the
Security Bloggers
Standards development – a tough, risky business
by Gary •
News emerged during June of likely further delays to the publication of the third edition of ISO/IEC 27001, this time due to the need to re-align the main body clauses with ISO’s revised management systems template. The planned release in October is in…
Security Bloggers, Security Vendor News
Infoblox Experts Community Website Superuser Program
by Sunil Amanna •
Announcing the relaunch of the Infoblox Experts Community website Superuser Program designed to recognize and reward our community’s most valuable contributors. Your brilliant contributions are what make our community amazing. We are constantly impressed by how willing you are to connect with each other, give insights to the business, and trust us and each other […]
The post Infoblox Experts Community Website Superuser Program appeared first on Infoblox Blog.
Security Bloggers
A Vulnerability Management Program is Nothing Without Identity Risk Protection
by Katrielle Soussana •
“Identity is the number one security concern.” Tim Nursall, Field Engineer at Illusive spoke at Infosecurity Europe last week on identity risk and the Analysing Identity Risks Report. — So, what is identity risk? With the migration of networks to the cloud and the overall shift towards remote work and off-premises devices, the historically understood […]
The post A Vulnerability Management Program is Nothing Without Identity Risk Protection appeared first on IT Security Guru.
Security Bloggers
A Research of Threat Actor Activity & Myths Busted by Cato Networks
by Katrielle Soussana •
“An attacker only has to be right once, but the defender must be right all the time.” Etay Maor, Sr. Director of Security Strategy of Cato Networks, disagrees. According to him, this is one cybersecurity myth he wishes to dispel. — Cato Networks, a cloud-native service that offers network connectivity and security to its customers, […]
The post A Research of Threat Actor Activity & Myths Busted by Cato Networks appeared first on IT Security Guru.
Security Bloggers
SPACE Dynamic Orchestration in the SASE Cloud with Cato Networks
by Katrielle Soussana •
Vice President of Product Marketing at Cato Networks, Eyal Webber-Zvik, representing the world’s first SASE platform, spoke last week at Infosecurity Europe. Topic of discussion? Cloud-native single pass processing in action. — Following Gartner’s introduction of Secure Access Service Edge (SASE) as a concept in 2019, Cato Networks was able to build the world’s first […]
The post SPACE Dynamic Orchestration in the SASE Cloud with Cato Networks appeared first on IT Security Guru.
Security Bloggers
Over a Decade in Software Security: What Have We learned?
by The Gurus •
With over a decade experience in software security, what can Synopsys teach us? Managing Consultant Adam Brown presented this very subject at Infosecurity Europe 2022, with the help of Synopsys’s BSIMM metrics. The Building Security in Maturity Model (BSIMM) is an assessment done by Synopsys that helps firms analyse the state of their software security. […]
The post Over a Decade in Software Security: What Have We learned? appeared first on IT Security Guru.
Security Bloggers
A Talk About Unified Identity Security & Deploying Resilience
by Katrielle Soussana •
Unified identity security company, One Identity, focuses on helping organisations close the cybersecurity exposure gap that exists with newfound identity vulnerabilities and stopping opportunistic bad actors before they can seek to utilise it. The identity perimeter is a relatively new phenomenon. Twelve years ago, workers were almost always in an office, using office devices. There […]
The post A Talk About Unified Identity Security & Deploying Resilience appeared first on IT Security Guru.
Security Bloggers
Macmillan Publishers Shut Down Systems After Security Incident
by Guru Writer •
Publishing firm Macmillan was forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack. The attack reportedly occurred on Saturday 25th June, with the company shutting down all their IT systems to prevent further spread. Publishers Weekly first reported on the incident, having seen […]
The post Macmillan Publishers Shut Down Systems After Security Incident appeared first on IT Security Guru.