The increase in cyberattacks—and the increase in the cost of cyberattacks—sends a clear signal: Something about the cybersecurity industry needs to change. We live in a world where malicious cyberattack campaigns are persistent and relentless. Even as…
Tag: Analytics & Intelligence
Europe, Global Security News, North America, Vulnerabilities
Russian Hackers Declare War on Lithuania — Killnet DDoS Panic
by Richi Jennings •
NATO member Lithuania is under attack from Russian hacking group Killnet. It raises serious concerns over Russia’s use of cyber warfare against NATO states.
The post Russian Hackers Declare War on Lithuania — Killnet DDoS Panic appeared first on Secur…
Europe, Global Security News, North America, Vulnerabilities
Protecting Organizations From 5G Threats
by Sunil Ravi •
The industry is buzzing about 5G technology and its potential. For example, almost every new smartphone is advertised as “5G compatible,” with the majority of mobile subscriptions switching to 5G over the next five years. With its promise of improved …
Europe, Global Security News, North America, Vulnerabilities
NSA Wants To Help you Lock Down MS Windows in PowerShell
by Richi Jennings •
A new cheatsheet from four infosec agencies tells us how to use PowerShell for good, rather than let scrotes misuse it to “live off the land.”
The post NSA Wants To Help you Lock Down MS Windows in PowerShell appeared first on Security Boulevard.
Europe, Global Security News, North America
Replace Your SIEM with Neural Net Technology
by Willy Leichter •
Security Information Event Management (SIEM) systems are an outdated technology. It’s no longer enough to just manage information – today’s organizations need technology that can proactively detect and respond to dynamic threats as well.
SIEM’s …
Europe, Global Security News, North America, Vulnerabilities
Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’
by Richi Jennings •
Capital One hacker Paige A. Thompson has been found guilty. But it has to be said that Capital One’s security design was absolutely awful.
The post Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’ appeared first on S…
Europe, Global Security News, North America
Leverage Your SIEM as Part of Your Zero Trust Strategy
by Kelsey Gast •
Editor’s Note: This a partnered sponsored guest blog written by Avertium. Continuous monitoring is one of the most important facets of any Zero Trust architecture. The level of trust a system has in any user, application, or data flow may…
The post Lev…
Europe, Global Security News, North America, Vulnerabilities
HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook
by Richi Jennings •
A study shows many U.S. hospitals are leaking personal information to Facebook. Experts say it’s a HIPAA violation.
The post HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook appeared first on Security Boulevard.
Europe, Global Security News, North America
Surfshark Finds US is the Most-Breached Country
by Natan Solomon •
A recent study by cybersecurity company Surfshark showed that the U.S. is the most breached country—and has been since 2004, among other alarming findings. With cybersecurity threats on the rise, Surfshark’s latest project is the first-ever tool that…
Europe, Global Security News, North America
Attacking the Performance of Machine Learning Systems
by Bruce Schneier •
Interesting research: “Sponge Examples: Energy-Latency Attacks on Neural Networks“:
Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to…
Europe, Global Security News, North America, Vulnerabilities
Apple M1 Flaw Can’t be Fixed — PACMAN Panic
by Richi Jennings •
Apple’s M1 chip isn’t as safe from buffer overflows as previously thought. M1 and other designs based on ARMv8.3 can have their ‘PAC’ protection neutered.
The post Apple M1 Flaw Can’t be Fixed — PACMAN Panic appeared first on Security Boulevard.
…
Europe, Global Security News, North America
19 Ways to Vet Your MSP for Cybersecurity Best Practices
by Anas Baig •
When you choose a managed service provider (MSP), you are putting a lot of trust in their ability to keep your systems up and running and to keep your data safe. That’s why it’s so important to vet your potential managed service provider t…
Europe, Global Security News, North America, Vulnerabilities
Tesla Fails Yet Again: Hackers can Steal Cars via NFC
by Richi Jennings •
Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Two separate research groups found this new bug at around the same time.
The post Tesla Fails Yet Again: Hackers can Steal Cars via NFC appeared first on Security Bouleva…
Europe, Global Security News, North America
DoJ, FBI, IRS Make Empty Boast: SSNDOB ‘Seized’
by Richi Jennings •
Feds are gloating over their “seizure” of the notorious SSNDOB marketplace, which traded in stolen personal information. But the action seems too little, too late.
The post DoJ, FBI, IRS Make Empty Boast: SSNDOB ‘Seized’ appeared first on Security Bou…
Europe, Global Security News, North America
Five Reasons for Alert Fatigue and How to Make It Stop
by Ryan Thomas •
Alert (or alarm) fatigue is the phenomenon of becoming desensitized (and thus ignoring or failing to respond appropriately) to signals meant to warn us about emergencies.
IT security operations professionals are especially prone to this fatigue …
Europe, Global Security News, North America
IBM to Acquire Randori to Provide More Cybersecurity Visibility
by Michael Vizard •
At the RSAC 2022 event this week, IBM revealed that it plans to acquire Randori, a provider of an attack surface asset analysis tool. Chris Meenan, vice president of product management for IBM Security, said Randori employs graph software to visually …
Europe, Global Security News, North America, Vulnerabilities
Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS
by Richi Jennings •
A nasty zero-click, zero-day RCE bug remains unpatched in Windows. Dubbed “Follina,” Microsoft’s done diddly-squat about it.
The post Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS appeared first on Security Boulevard.
Europe, Global Security News, North America
Verizon DBIR 2022: What’s Worth Acting On?
by Christopher Prewitt •
When I was a corporate employee responsible for security strategy, I looked forward to the Verizon Data Breach Investigation Report every spring, as it was an essential tool to validate my strategy and investments. Often, the report’s insights on the …
Europe, Global Security News, North America
Tim Hortons ‘Misled’ Customers on Location Privacy — ‘Poorly Designed’ App Tracked Users 24×7
by Richi Jennings •
Canadian coffee-and-doughnuts joint, Timmies, has been politely rebuked by The Office of the Privacy Commissioner: Tim’s app kept tabs on your location—even when it wasn’t open.
The post Tim Hortons ‘Misled’ Customers on Location Privacy — ‘Poorly Des…
Europe, Global Security News, North America
DeepPass — Finding Passwords With Deep Learning
by Will Schroeder •
DeepPass — Finding Passwords With Deep Learning
One of the routine tasks operators regularly encounter on most engagements is data mining. While exactly what operators are after varies from environment to environment, there is one common target that ev…
Europe, Global Security News, North America
Why Your Business Needs a Disaster Recovery Plan
by Mitch Mitchell •
A disaster recovery plan is a vital thing to have in times of growing economic uncertainty and a rapidly evolving cyberthreat landscape. No sensible person would ever drive a car without first making sure they have a valid insurance policy. For the sa…
Europe, Global Security News, North America, Vulnerabilities
Digital Driver’s License Fails Spectacularly — ‘Laughably Easy’ to Forge
by Richi Jennings •
Is your state implementing a digital driver’s license? You’d better hope it does better than the Australian state of New South Wales.
The post Digital Driver’s License Fails Spectacularly — ‘Laughably Easy’ to Forge appeared first on Security Boulevar…
Europe, Global Security News, North America
Manipulating Machine-Learning Systems through the Order of the Training Data
by Bruce Schneier •
Yet another adversarial ML attack:
Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order.
So what happens if th…
Europe, Global Security News, North America, Vulnerabilities
Zola Wedding App ‘Hacked’ — Victims Lose BIG Money
by Richi Jennings •
A wedding planning startup, Zola, has been hacked—or so it seems. Users allege serious PCI violations.
The post Zola Wedding App ‘Hacked’ — Victims Lose BIG Money appeared first on Security Boulevard.
Europe, Global Security News, North America
US Lawmakers Seek Uniform Policy on Nation-State Cyberattacks
by George V. Hulme •
Following years of nation-state cyberattacks targeting United States interests, during a Securing Cyberspace panel hosted by the Washington Post, a pair of lawmakers expressed their determination to establish harsher penalties for such attacks. As rec…
Europe, Global Security News, North America
Automating Threat Detection: Three Case Studies
by Willy Leichter •
Demystifying the technology with case studies of AI security in action
Many automation tools, such as SOAR, suffer from a Catch-22 irony: you know that automation will save you huge amounts of time, but it’s difficult to implement and requires sk…
Europe, Global Security News, North America, Vulnerabilities
‘Incompetent’ Tesla Lets Hackers Steal Cars — via Bluetooth
by Richi Jennings •
Tesla cars can be unlocked and stolen via a simple relay attack. The company shrugged and said it’s “a known limitation.”
The post ‘Incompetent’ Tesla Lets Hackers Steal Cars — via Bluetooth appeared first on Security Boulevard.
Europe, Global Security News, North America
Surge in Malware Downloads Driven by SEO-Based Techniques
by Nathan Eddy •
Attackers are using search engine optimization (SEO) techniques to improve the ranking of malicious PDF files on search engines including Google and Microsoft’s Bing, according to a Netskope report. The findings indicated that cybercriminals are leve…
Europe, Global Security News, North America
Cybersecurity in the Boardroom: How to Report Risk to Leadership
by Shay Siksik •
Cybersecurity threats are continuing to evolve and become more widespread. These advanced attacks include everything from malware and phishing to artificial intelligence, ransomware and more, endangering the assets of governments, organizations and in…
Europe, Global Security News, North America
Anomaly Detection Using Alert Groups and Bayesian Networks
by Jerry Lee •
Metrics or alerts or dashboards? In the Kubernetes observability market, many solution companies are competing fiercely with commercial products and open source-based solutions for dominance. In addition, companies that want to introduce Kubernetes-ba…
Europe, Global Security News, North America, Vulnerabilities
MAJOR Justice Dept. Breach — ‘Time for Drastic Measures’
by Richi Jennings •
Criminals have access to Justice Department databases and can write fake data, as well as read highly sensitive info, we’re told.
The post MAJOR Justice Dept. Breach — ‘Time for Drastic Measures’ appeared first on Security Boulevard.
Europe, Global Security News, North America
EU Has Lost the Plot, Will Ban Encryption — Think of the Children
by Richi Jennings •
The European Union “is failing to protect children.” Something must be done—and, yes, what they’re proposing is indeed something.
The post EU Has Lost the Plot, Will Ban Encryption — Think of the Children appeared first on Security Boulevard.
Europe, Global Security News, North America, Vulnerabilities
Putin’s ‘Victory Parade’ TV Show Hacked: ‘Blood on Your Hands’
by Richi Jennings •
Ukrainian hackers and their friends continue to pummel Russian computers. “Hundreds of millions of documents” are being leaked. And today, Putin’s famous Victory Parade has been marred by hackers.
The post Putin’s ‘Victory Parade’ TV Show Hacked: ‘Blo…
Europe, Global Security News, North America
Let Humans Be Humans and AI Be AI
by Kumar Saurabh •
LogicHub’s unique decision automation technology can build clients the ultimate security playbook in a matter of minutes.
Our platform is not solely AI-driven. It marries the best of what humans and AI have to offer each other. Humans can provid…
Europe, Global Security News, North America, Vulnerabilities
Biden Revs Up US Quantum Plans (Because China)
by Richi Jennings •
This week, the White House issued a memorandum and executive order that put a shedload of wood behind the quantum-computing arrow.
The post Biden Revs Up US Quantum Plans (Because China) appeared first on Security Boulevard.
Europe, Global Security News, North America
Learning Machine Learning Part 3: Attacking Black Box Models
by Will Schroeder •
In the first post in this series we covered a brief background on machine learning, the Revoke-Obfuscation approach for detecting obfuscated PowerShell scripts, and my efforts to improve the dataset and models for detecting obfuscated PowerShell. We en…
Europe, Global Security News, North America, Vulnerabilities
Spanish Govt. Hacked by NSO Pegasus Spyware (or was it?)
by Richi Jennings •
The prime minister and the defense minister of Spain were infected with Pegasus. The notorious spyware, sold by NSO Group “only to governments,” caused large amounts of data to be exfiltrated.
The post Spanish Govt. Hacked by NSO Pegasus Spyware (or w…
Europe, Global Security News, North America
How to Build a Threat Detection Playbook In 15 Minutes or Less
by Kumar Saurabh •
Automating a threat-hunting playbook with the help of AI
Many threat-hunting playbooks we build for use cases can have between 50 to 100 steps – some even more than that. Even for an analyst well-versed in automation, this can easily take a one t…
Europe, Global Security News, North America
Motorola Creates Hub for Sharing Cyberthreat Intelligence
by Nathan Eddy •
Motorola Solutions has created a Public Safety Threat Alliance, a cyberthreat intelligence-sharing hub aimed at improving public safety in the community. The Public Safety Threat Alliance, a Cybersecurity and Infrastructure Security Agency (CISA)-reco…
Europe, Global Security News, North America
What’s New: Cequence API Security Platform Further Advances End-to-End Vulnerability and Automated Attack Mitigation
by Subbu Iyer •
The Cequence API Security platform v5.1 release combines the Bot Defense and API Sentinel capabilities into a single integrated release and adds new capabilities to streamline administration and enhance API vulnerability and automated bot attack mitiga…