December 6, 2017
In this webinar, we’ll take a look at 2017 cloud data breaches: what went wrong and how to avoid the same fate. What are some of the telltale signs a misconfiguration is going to put your critical assets at risk? How can you avoid a misconfiguration in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.
Noah Powers, deltarisk.com, December 1, 2017
Any time I’m asked to speak about my experience in the cyber security field, whether I’m at a trade show or speaking to candidates interested in breaking into the industry, I invariably get the question about what it takes to be a pen tester. In this blog, I’ll touch on some of the most important qualities our pen testers have and some of the skills we look for in applicants for our pen testing positions.
Computing Staff, computing.com, December 6, 2017
Mimecast’s Email Security Risk Assessment testing programme has highlighted a huge rise in the number of payload-less impersonation attacks, which email security solutions struggle to stop. While malware and ransomware are often listed as businesses’ main concerns for email security, Mimecast found that impersonation attacks – where an attacker imitates someone else in the organisation, usually to facilitate a money transfer or steal credentials – were missed seven times more often than email-borne malware.
Charlie Osborne, zdnet.com, December 6, 2017
Despite constant data breaches, compromises, and the expensive damage control which follows, the majority of industrial enterprises are failing to protect their businesses according to a new survey.
Steve Vintz, hbr.org, December 6, 2017
Every executive team and board of directors is asking themselves the same question in regard to their cyber risk right now: what can we do differently to avoid being the next Equifax, Yahoo! or Target, and protect our shareholder value? The answer involves radically reframing one of the mainstays of the C-suite — the role of the CFO.
Danny Palmer, zdnet.com, November 28, 2017
Hackers are using a recently disclosed Microsoft Office vulnerability to distribute backdoor malware capable of controlling an infected system, providing attackers with the ability to extract files, execute commands and more.Cobalt malware has such potent capabilities because it uses a well known and legitimate penetration testing tool, Cobalt Strike — a form of software for Adversary Simulations and Red Team Operations, which can be used to access covert channels in a system.
Help Net Security Staff, helpnetsecurity.com, November 29, 2017
Despite being a hub for technology talent, Berliners are leaving themselves wide open to cyberattack through poor security practices that are exposing millions of cyber assets. The data, based on analysis of devices and systems discoverable through Shodan, the search engine for connected devices, found over 2.8 million exposed cyber assets in Berlin, and 2.5 million in London across firewalls, webcams, routers and storage devices.
Help Net Security Staff, helpnetsecurity.com, December 4, 2017
The McAfee Labs 2018 Threats Predictions Report identifies five key trends to watch in 2018. This year’s report focuses on the evolution of ransomware from traditional to new applications, the cybersecurity implications of serverless apps, the consumer privacy implications of corporations monitoring consumers in their own homes, long-term implications of corporations gathering children’s user-generated content, and the emergence of a machine learning innovation race between defenders and adversaries.
Steve Morgan, csoonline.com, December 5, 2017
More than 100 industry experts from the U.S. banking and financial services industry quietly collaborated on a groundbreaking cyber resilience initiative dubbed Sheltered Harbor earlier this year.
The initiative provides its members with an extra layer of security. If a catastrophic cyber attack brings down a member bank, then another bank takes over.
Jessica Davis, healthcareitnews.com, December 6, 2017
Hospital information security teams and IT shops are in a precarious spot: They have to not only protect information cybercriminals increasingly see as more valuable than other types but they also have to safeguard against the next big threat when it’s impossible to know what it will be or when it might strike. New types of attacks and security incidents are emerging just about every month, too. It’s not merely WannaCry and the Petya-NotPetya debacles either.