Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-03-04 11:34:26 |
MY TAKE: Why IoT systems won\'t be secure until each and every microservice is reliably authenticated (lien direct) |
Wider use of Internet of Things systems that can make daily living safer, healthier and more convenient is on the immediate horizon. However, to fully capture the benefits of an IoT-centric economy, a cauldron of privacy and security concerns must … (more…) |
|
|
|
|
2020-03-02 11:16:34 |
NEW TECH: Juicing up SOAR - SIRP inserts risk-based analysis into network defense playbooks (lien direct) |
Security information and event management (SIEM) is evolving and integrating with security orchestration, automation, and response (SOAR) to add real value in the cybersecurity space.Related: How SOAR Is Helping to Address the Cybersecurity Skills GapSIEM is useful … (more…) |
|
|
|
|
2020-02-24 11:48:44 |
BOOK REVIEW: \'Security Yearbook\' preserves cybersecurity history - highlights tectonic shift (lien direct) |
Along with Richard Stiennon, I belong to a small circle of journalists and tech industry analysts who've been paying close attention to cybersecurity since Bill Gates curtailed commercial work on Windows to rivet Microsoft's attention on defending its software code. Related: The role of PKI is securing digital transformation That was in 2002. Back then, […] |
|
|
|
|
2020-02-21 11:46:26 |
MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation (lien direct) |
Just five years ago, the Public Key Infrastructure, or PKI, was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better. Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is […] |
|
|
|
|
2020-02-18 20:12:48 |
MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption (lien direct) |
It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. Related: Why Google’s HTTPS push is a good thing At the time, just 50 % of Internet traffic […] |
|
|
★★★★
|
|
2020-02-17 10:05:48 |
NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers (lien direct) |
When it comes to defending their networks, most companies have had it drilled into them, by now, that it's essential to erect layered defenses. Related:Promise vs. pitfalls of IoT For small- and mid-sized businesses, firewalls, antivirus suites and access management systems represent the entry stakes for participating in today's digital economy. Security-mature SMBs go the […] |
|
|
★★
|
|
2020-02-03 09:20:59 |
MY TAKE: Iran\'s cyber retaliation for Soleimani assassination continues to ramp up (lien direct) |
Less than 48 hours after the killing of Iran's General Qasem Soleimani, the U.S. Department of Homeland Security issued a bulletin calling out Iran's “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.” Related: Cyber warfare enters Golden Age In fact, strategic cyber operations essentially pitting […] |
|
|
|
|
2020-01-29 23:14:47 |
GUEST ESSAY: Strategic tactics are key to a robust Cloud Security Posture Management regime (lien direct) |
A cyber strategy is a documented approach to handling various aspects of cyberspace. It is mostly developed to address the cybersecurity needs of an entity by focusing on how data, networks, technical systems, and people are protected. An effective cyber strategy is normally on par with the cybersecurity risk exposure of an entity. It covers […] |
|
|
|
|
2020-01-20 08:57:50 |
GUEST ESSAY: Cyber insurance 101 - for any business operating in today\'s digital environment (lien direct) |
Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically […] |
|
|
|
|
2020-01-03 20:35:30 |
MY TAKE: Why we should all now focus on restoring stability to US-Iran relations (lien direct) |
As tensions escalate between the U.S. and Iran it's vital not to lose sight of how we arrived at this point. Related: We're in the golden age of cyber spying Mainstream news outlets are hyper focused on the events of the past six days. A Dec. 27 rocket attack on a military base in northern […] |
|
|
|
|
2019-12-31 17:35:21 |
GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don\'t overlook physical security (lien direct) |
Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. This includes protection from natural disasters, theft, vandalism, and terrorism. Related: Good to know about IoT Physical security is often a second thought when it comes […] |
|
|
|
|
2019-12-09 10:15:54 |
MY TAKE: Why it\'s now crucial to preserve PKI, digital certificates as the core of Internet security (lien direct) |
For decades, the cornerstone of IT security has been Public Key Infrastructure, or PKI, a system that allows you to encrypt and sign data, issuing digital certificates that authenticate the identity of users. Related: How PKI could secure the Internet of Things If that sounds too complicated to grasp, take a look at the web […] |
|
|
|
|
2019-12-06 19:25:11 |
GUEST ESSAY: Addressing DNS, domain names and Certificates to improve security postures (lien direct) |
In 2019, we've seen a surge in domain name service (DNS) hijacking attempts and have relayed warnings from the U.S. Cybersecurity and Infrastructure Agency, U.K.'s Cybersecurity Centre, ICANN, and other notable security experts. Although, the topic has gained popularity amongst CIOs and CISOs, most companies are still overlooking important security blind spots when it comes […] |
|
|
|
|
2019-12-05 15:38:35 |
Last Watchdog\'s IoT and \'zero trust\' coverage win MVP awards from Information Management Today (lien direct) |
I'm privileged to share news that two Last Watchdog articles were recognized in the 2019 Information Management Today MVP Awards. My primer on the going forward privacy and security implications of IoT — What Everyone Should Know About the Promise and Pitfalls of the Internet of Things — won second place in the contest’s IoT […] |
|
|
|
|
2019-11-20 17:10:12 |
SHARED INTEL: How \'memory attacks\' and \'firmware spoilage\' circumvent perimeter defenses (lien direct) |
What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. The latter knows […] |
Ransomware
Hack
|
|
|
|
2019-11-18 09:09:53 |
BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups - in the field (lien direct) |
Encrypted flash drives, essentially secure storage on a stick, are a proven technology that has been readily available for at least 15 years. A few years back, it seemed like they would fade into obsolescence, swept aside by the wave of streaming services and cloud storage. Related: Can Europe's GDPR restore data privacy? And yet […] |
|
|
|
|
2019-11-12 09:10:30 |
SHARED INTEL: What can be done - today - to keep quantum computing from killing encryption (lien direct) |
There's little doubt that the shift to quantum computing will open new horizons of digital commerce. But it's also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures. Related: The ‘post quantum crytpo’ race is on This isn't coming as any surprise to IT department heads. In fact, there's […] |
|
|
|
|
2019-11-06 16:30:30 |
NEW TECH: Silverfort deploys \'multi-factor authentication\' to lock down \'machine identities\' (lien direct) |
From the start, two-factor authentication, or 2FA, established itself as a simple, effective way to verify identities with more certainty. Related: A primer on IoT security risks The big hitch with 2FA, and what it evolved into – multi-factor authentication, or MFA – has always been balancing user convenience and security. That seminal tension still […] |
|
|
|
|
2019-11-04 18:32:48 |
MY TAKE: How blockchain technology came to seed the next great techno-industrial revolution (lien direct) |
Some 20 years ago, the founders of Amazon and Google essentially set the course for how the internet would come to dominate the way we live. Jeff Bezos of Amazon, and Larry Page and Sergey Brin of Google did more than anyone else to actualize digital commerce as we're experiencing it today – including its […] |
|
|
|
|
2019-11-04 09:47:39 |
NEW TECH: Can an \'operational system of record\' alleviate rising knowledge worker frustrations? (lien direct) |
An undercurrent of discontent is spreading amongst knowledge workers in enterprises across the United States and Europe. Related: Phishing-proof busy employees White collar employees today have amazingly capable communications and collaboration tools at their beck and call. Yet the majority feel unsatisfied with narrow daily assignments and increasingly disconnected from the strategic goals of their […] |
|
|
|
|
2019-10-29 15:17:36 |
SHARED INTEL: APIs hook up new web and mobile apps - and break attack vectors wide open (lien direct) |
If your daily screen time is split between a laptop browser and a smartphone, you may have noticed that a few browser web pages are beginning to match the slickness of their mobile apps. Related: The case for a microservices firewall Netflix and Airbnb are prime examples of companies moving to single-page applications, or SPAs, […] |
|
|
|
|
2019-10-16 12:30:43 |
SHARING INTEL: Why full \'digital transformation\' requires locking down \'machine identities\' (lien direct) |
Digital commerce has come to revolve around two types of identities: human and machine. Great effort has gone into protecting the former, and yet human identities continue to get widely abused by cyber criminals. By comparison, scant effort has gone into securing the latter. This is so in spite of the fact that machine identities […] |
|
|
|
|
2019-10-16 09:50:51 |
MY TAKE: How \'credential stuffing\' and \'account takeovers\' are leveraging Big Data, automation (lien direct) |
A pair of malicious activities have become a stunning example of digital transformation – unfortunately on the darknet. Related: Cyber risks spinning out of IoT Credential stuffing and account takeovers – which take full advantage of Big Data, high-velocity software, and automation – inundated the internet in massive surges in 2018 and the first half […] |
|
|
★★★★
|
|
2019-10-15 18:14:59 |
NEW TECH: \'Passwordless authentication\' takes us closer to eliminating passwords as the weak link (lien direct) |
If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. Compromised logins continue to facilitate cyber attacks at all levels, from phishing ruses to credential stuffing to enabling hackers to probe […] |
Threat
|
|
|
|
2019-10-14 09:42:03 |
SHARED INTEL: How NTA/NDR systems get to \'ground truth\' of cyber attacks, unauthorized traffic (lien direct) |
The digital footprints of U.S. consumers' have long been up for grabs. No one stops the tech giants, media conglomerates and online advertisers from intensively monetizing consumers' online behaviors, largely without meaningful disclosure. Related: The state of ransomware Who knew that much the same thing routinely happens to enterprises? A recent report by network detection […] |
Ransomware
|
|
|
|
2019-10-10 13:53:21 |
MY TAKE: CASBs help companies meet \'shared responsibility\' for complex, rising cloud risks (lien direct) |
Cloud Access Security Brokers – aka “caz-bees” — have come a long way in a short time. CASBs, a term coined by tech industry consultancy Gartner, first cropped about seven years ago to help organizations enforce security and governance policies as they commenced, in earnest, their march into the cloud. Related: Implications of huge Capital […] |
|
|
|
|
2019-10-09 16:57:38 |
SHARED INTEL: What it takes to preserve business continuity, recover quickly from a cyber disaster (lien direct) |
To pay or not to pay? That's the dilemma hundreds of organizations caught in the continuing surge of crippling ransomware attacks have faced. Related: How ransomware became such a scourge The FBI discourages it, as you might have guessed. What's more, the U.S. Conference of Mayors this summer even passed a resolution declaring paying hackers […] |
Ransomware
|
|
|
|
2019-10-07 15:32:57 |
NEW TECH: Human operatives maintain personas, prowl the Dark Net for intel to help companies (lien direct) |
It seems like any discussion of cybersecurity these days invariably circles back to automation. Our growing fixation with leveraging artificial intelligence to extract profits from Big Data – for both constructive and criminal ends-is the order of the day. Related: Why Cyber Pearl Harbor is upon us Vigilante is a cybersecurity startup that cuts against […] |
|
|
|
|
2019-10-04 08:47:23 |
MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches (lien direct) |
It's clear that managed security services providers (MSSPs) have a ripe opportunity to step into the gap and help small- to medium-sized businesses (SMBs) and small- to medium-sized enterprises (SMEs) meet the daunting challenge of preserving the privacy and security of sensitive data. Related: The case for automated threat feeds analysis Dallas-based Critical Start is […] |
Threat
|
|
|
|
2019-10-03 17:00:01 |
SHARED INTEL: Threat actors add a human touch to boost effectiveness of automated attacks (lien direct) |
Trends in fashion and entertainment come and go. The same holds true for the cyber underground. Related: Leveraging botnets to scale attacks For a long while now, criminal hackers have relied on leveraging low-cost botnet services to blast out cyber attacks as far and wide as they could, indiscriminately. Over the past 18 months or […] |
Threat
|
|
|
|
2019-10-03 14:57:08 |
MY TAKE: Peerlyst shares infosec intel; recognizes Last Watchdog as a top cybersecurity influencer (lien direct) |
Sharing intelligence for the greater good is an essential component of making Internet-centric commerce as safe and as private as it needs to be. Related: Automating threat feed analysis Peerlyst is another step in that direction. Started by infosec professionals, Peerlyst takes the characteristics of B2B communications we've become accustomed to on Twitter and LinkedIn […] |
Threat
|
|
|
|
2019-09-30 15:33:58 |
NEW TECH: Breakthrough \'homomorphic-like\' encryption protects data in-use, without penalties (lien direct) |
Homomorphic encryption has long been something of a Holy Grail in cryptography. Related: Post-quantum cryptography on the horizon For decades, some of our smartest mathematicians and computer scientists have struggled to derive a third way to keep data encrypted — not just the two classical ways, at rest and in transit. The truly astounding feat, […] |
|
|
★★
|
|
2019-09-27 14:58:19 |
MY TAKE: \'Perimeter-less\' computing requires cyber defenses to extend deeper, further forward (lien direct) |
Threat actors are opportunistic, well-funded, highly-motivated and endlessly clever. Therefore cybersecurity innovations must take hold both deeper inside and at the leading edges of modern business networks. Related: Lessons learned from Capitol One breach Most of the promising new technologies I've had the chance to preview this year validate this notion. The best and brightest […] |
Threat
Guideline
|
|
|
|
2019-09-24 14:43:54 |
SHARED INTEL: Here\'s one way to better leverage actionable intel from the profusion of threat feeds (lien direct) |
Keeping track of badness on the Internet has become a thriving cottage industry unto itself. Related: ‘Cyber Pearl Harbor’ is upon us There are dozens technology giants, cybersecurity vendors, government agencies and industry consortiums that identify and blacklist IP addresses and web page URLs that are obviously being used maliciously; and hundreds more independent white […] |
Threat
|
|
|
|
2019-09-23 08:46:59 |
NEW TECH: How \'cryptographic splitting\' bakes-in security at a \'protect-the-data-itself\' level (lien direct) |
How can it be that marquee enterprises like Capital One, Marriott, Facebook, Yahoo, HBO, Equifax, Uber and countless others continue to lose sensitive information in massive data breaches? Related: Breakdown of Capital One breach The simple answer is that any organization that sustains a massive data breach clearly did not do quite enough to protect […] |
Data Breach
|
Equifax
Yahoo
Uber
|
|
|
2019-09-20 08:40:15 |
MY TAKE: SMBs can do much more to repel ransomware, dilute disinformation campaigns (lien direct) |
Local government agencies remain acutely exposed to being hacked. That's long been true. However, at this moment in history, two particularly worrisome types of cyber attacks are cycling up and hitting local government entities hard: ransomware sieges and election tampering. Related: Free tools that can help protect elections I had a deep discussion about this […] |
Ransomware
|
|
|
|
2019-09-19 21:47:33 |
MY TAKE: Poll shows senior execs, board members grasp strategic importance of cybersecurity (lien direct) |
A singular topic has risen to the top of the agenda in executive suites and board rooms all across the planet: cybersecurity. Related: Security, privacy fallout of IoT A recent survey by Infosys, a tech consulting and IT services giant based in Bangalore, India, quantifies the degree to which the spotlight has landed on cybersecurity […] |
|
|
|
|
2019-09-19 15:29:03 |
MY TAKE: What everyone should know about the promise and pitfalls of the Internet of Things (lien direct) |
The city of Portland, Ore. has set out to fully leverage the Internet of Things and emerge as a model “smart” city. Related: Coming soon – driverless cars Portland recently shelled out $1 million to launch its Traffic Sensor Safety Project, which tracks cyclists as they traverse the Rose City's innumerable bike paths. That's just […] |
|
|
|
|
2019-09-16 15:30:18 |
SHARED INTEL: How digital certificates could supply secure identities for enterprise blockchains (lien direct) |
Blockchain gave rise to Bitcoin. But blockchain is much more than just the mechanism behind the cryptocurrency speculation mania. Related: The case for ‘zero trust’ There's no disputing that blockchain technology holds the potential to massively disrupt business, politics and culture over the next couple of decades, much the way the Internet dramatically altered the […] |
|
|
|
|
2019-09-11 13:59:04 |
NEW TECH: LogicHub introduces \'virtualized\' security analysts to help elevate SOAR (lien direct) |
One of the promising cybersecurity trends that I've been keeping an eye on is this: SOAR continues to steadily mature. Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. Related: Here’s how Capital One lost 100 million customer records SOAR holds […] |
|
|
|
|
2019-09-10 15:53:04 |
NEW TECH: Baffin Bay Networks takes a \'cloud-first\' approach to securing web applications (lien direct) |
Hear about the smart toaster that got attacked three times within an hour after its IP address first appeared on the Internet? That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today. Related: How 5G will escalate DDoS attacks Caught in the pull of digital transformation, companies […] |
|
|
|
|
2019-09-06 16:56:00 |
MY TAKE: How advanced automation of threat intel sharing has quickened incident response (lien direct) |
Threat intelligence sharing is such a simple concept that holds so much promise for stopping threat actors in their tracks. So why hasn't it made more of an impact stopping network breaches? Related: Ground zero for cybersecurity research Having covered the cybersecurity industry for the past 15 years, it's clear to me that there are […] |
Threat
|
|
|
|
2019-09-04 19:58:04 |
SHARED INTEL: Mobile apps are riddled with security flaws, many of which go unremediated (lien direct) |
The convergence of DevOps and SecOps is steadily gaining traction in the global marketplace. Some fresh evidence of this encouraging trend comes to us by way of shared intelligence from WhiteHat Security. Related: The tie between DevOps and SecOps. Organizations that are all-in leveraging microservices to speed-up application development, on the DevOps side of the […] |
|
|
|
|
2019-08-29 18:54:03 |
MY TAKE: Six-figure GDPR privacy fines reinforce business case for advanced SIEM, UEBA tools (lien direct) |
Europe came down hard this summer on British Airways and Marriott for failing to safeguard their customers' personal data. The EU slammed the UK airline with a $230 million fine, and then hammered the US hotel chain with a $125 million penalty – the first major fines under the EU's toughened General Data Protection Regulation, […] |
|
|
|
|
2019-08-26 15:26:04 |
(Déjà vu) NEW TECH: ICS zero-day flaws uncovered by Nozomi Networks\' analysis of anomalous behaviors (lien direct) |
Andrea Carcano's journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, […] |
|
|
|
|
2019-08-26 14:40:04 |
NEW TECH: Nozomi Networks tracks anomalous behaviors, finds zero-day ICS vulnerabilities (lien direct) |
Andrea Carcano's journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, […] |
|
|
|
|
2019-08-22 17:11:00 |
MY TAKE: Coping with security risks, compliance issues spun up by \'digital transformation\' (lien direct) |
A core security challenge confronts just about every company today. Related: Can serverless computing plus GitOps lock down DX? Companies are being compelled to embrace digital transformation, or DX, if for no other reason than the fear of being left behind as competitors leverage microservices, containers and cloud infrastructure to spin-up software innovation at high […] |
|
|
|
|
2019-08-21 08:57:00 |
MY TAKE: Here\'s how \'bulletproof proxies\' help criminals put compromised IoT devices to work (lien direct) |
Between Q1 2019 and Q2 2019, malicious communications emanating from residential IP addresses in the U.S. – namely smart refrigerators, garage doors, home routers and the like – nearly quadrupled for the retail and financial services sectors. Related: How botnets gave Trump 6 million faked followers To put it plainly, this represented a spike in […] |
|
|
|
|
2019-08-20 09:43:05 |
SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm\'s way (lien direct) |
A faked Rolex or Prada handbag is easy enough to acquire on the street in certain cities, and you can certainly hunt one down online. Now add high-end counterfeit smartphones to the list of luxury consumer items that are being aggressively marketed to bargain-hungry consumers. Related: Most companies ignorant about rising mobile attacks While it […] |
|
|
|
|
2019-08-19 08:59:05 |
MY TAKE: Can embedding security deep inside mobile apps point the way to securing IoT? (lien direct) |
The full blossoming of the Internet of Things is on the near horizon – or is it? Enterprises across the planet are revving up their IoT business models, and yet there is a sense of foreboding about a rising wave of IoT-related security exposures. Related: The security and privacy implications of driverless vehicles Some 25 percent […] |
|
|
|