What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-08-20 06:23:00 | IDG Contributor Network: Have you been ransomware\'d yet? (lien direct) | If you don't know what ransomware is, chances are you haven't been victimized – yet. Let's clear the fog. Ransomware is a type of virus designed to deny access to a computer system or data until a ransom is paid.Some of the most vulnerable and critical agencies are being targeted – state, city and educational institutions. Recent state and local ransomware attacks include the cities of Baltimore and Albany, school districts in Louisiana and 23 cities in Texas. And this is only going to get worse. | Ransomware | ||
|
2019-08-15 03:00:00 | Black Hat 2019: 3 cybersecurity concerns and 3 things that give hope (lien direct) | Organizations worry more about the volume and sophistication of cyber attacks and are confused about what tools to use. It's not all bad news, though, as this year's Black Hat highlighted several security advancements, including greater emphasis on application security and automating security operations. Here are my take-aways from this year's event: The “vibe” has changed. There used to be a clear difference between Black Hat and its larger cousin, the RSA Conference. RSA has become an industry show where you talk about business relationships, M&A activities, and VC investments. Alternatively, Black Hat was always a practitioners' show where the buzz centered on exploits, IoCs, and defensive tactics. Alas, billions of security dollars are taking its toll on poor Black Hat – there was a definite “hurray for the industry” vibe, fraught with banal cocktail parties, Merlot-drinking VCs, and ambulance-chasing vendors. The industry needs a cold shower to remember that its job is protecting critical digital assets, not celebrating 10-bangers. The scary factor. In a recent ESG research project, 76% of organizations claim that threat detection and response is more difficult today than it was two years ago. More than one-third (34%) say the volume and sophistication of attacks has increased, while 16% claim that the attack surface has grown. Both issues were front and center at Black Hat. For example, we are seeing attacks on cloud infrastructure like the theft of developer passwords on GitHub, break-ins on Amazon S3 buckets, and exploitation of internet of things (IoT) device vulnerabilities. None of the adversary tactics, techniques, and procedures (TTPs) are new, but the cybersecurity diaspora is being asked to safeguard more new stuff all the time. This imbalance is a recipe for disaster, and all CISOs should have a formal plan for bridging this gap. Everything is in play. Cybersecurity technology is installed everywhere – on hosts, networks, virtual infrastructure, in the cloud, etc. A lot of this infrastructure has been in place for years, but much has reached a point of obsolescence. Old antivirus software is being replace by endpoint security suites instrumented with machine learning algorithms and EDR capabilities. Network security devices are giving way to virtual network security services that span physical, virtual, and cloud-based infrastructure with central management and distributed enforcement. Individual security analytics tools are coming together in security operations and analytics platform architectures (SOAPA). All these changes are muddying messages and confusing the industry at large. Rather than a security technology flea market, we need some clarity on new types of security technology architectures for the 2020s at next year's shows (i.e. RSA and Black Hat). 3 ways security is improving While there is a lot of work ahead, all is not doom and gloom. Here are a few positive observations from Black Hat 2019: | Threat | ||
|
2019-08-13 06:35:00 | BrandPost: Cybersecurity is a Team Sport (lien direct) | Cybersecurity relies on specialists of every kind - CISOs, network systems administrators, cloud experts, human resources and more - to achieve success. It takes a true team in order to avoid the pitfalls of failing controls and successful attacks. And just like team sports, cybersecurity has rules and playbooks that help everyone stay safe and provide guidance on how to be successful. A type of 'playbook' in cybersecurity are the multiple frameworks that your organization can follow to improve its cyber defenses. Some are influenced by a risk based model and others a proscriptive model. The CIS Controls are one well-known security best practice framework based on real attack data and a consensus development process involving an international group of volunteers. The consensus process brings together cybersecurity experts from multiple industries around the world to create a prioritized list of cyber defense actions. Formerly known as the SANS Top 20, the CIS Controls are used by organizations around the world to protect their systems and data from cyber attacks. | |||
|
2019-08-08 09:30:00 | BrandPost: Preparation Requires Prioritizing Threats (lien direct) | As the attack methods and strategies of our cyber adversaries continue to expand, organizations must stay ahead of those threats most likely to affect individual networks and connected resources. According to Fortinet's most recent global Threat Landscape Report, not only are cybercriminals using new attack methods (even for older attacks), but they are also using new strategies to obscure their presence and evade detection. This includes expending resources on reconnaissance to deliver targeted attacks better, and new evasion techniques to ensure their objectives aren't interrupted. | |||
|
2019-08-07 03:13:00 | New Spectre-like CPU vulnerability bypasses existing defenses (lien direct) | Security researchers have found a new way to abuse the speculative execution mechanism of modern CPUs to break security boundaries and leak the contents of kernel memory. The new technique abuses a system instruction called SWAPGS and can bypass mitigations put in place for previous speculative execution vulnerabilities like Spectre.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] The vulnerability was discovered by researchers from security firm Bitdefender and was reported to Intel almost a year ago. Since then, it has followed a lengthy coordination process that also involved Microsoft, which released mitigations during last month's Patch Tuesday. | Vulnerability | ||
|
2019-08-06 06:13:00 | IDG Contributor Network: Sharks and phishers are circling, looking to snag a bite (lien direct) | The most popular Massachusetts summer beach vacation destination, Cape Cod, has seen an unusual spike in shark sightings this summer. Marine biologists aren't saying that means there are more sharks than usual, but that they are swimming closer to shore. Thanks to the increasing number of drones and cellphone videos, it seems like Cape Cod is experiencing a Shark Summer. And it's having an impact on summer activities, as many beaches are closed and swimmers are warned to stay close to the shore. No one wants to slip-up and take the risk of inviting the next shark attack, particularly after a fatal attack last summer. | |||
|
2019-08-06 03:00:00 | What is a computer worm? How this self-spreading malware wreaks havoc (lien direct) | Worm definition A worm is a form of malware (malicious software) that operates as a self-contained application and can transfer and copy itself from computer to computer.It's this ability to operate autonomously, without the need for a host file or to hijack code on the host computer, that distinguishes worms from other forms of malware. [ Get inside the mind of a hacker, learn their motives and their malware. | Sign up for CSO newsletters! ] | Malware | ||
|
2019-08-05 03:00:00 | Looking for answers at Black Hat 2019: 5 important cybersecurity issues (lien direct) | Judging by last week's Capital One breach and Equifax settlement, cybersecurity remains a topical, if not ugly, subject. The timing couldn't be better for these unfortunate events. Why? Because the cybersecurity community gets together this week in Las Vegas for Black Hat and DEF CON to discuss how to better deal with security vulnerabilities and improve threat prevention, detection, and response. [ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] I'll be there along with an assortment of my ESG colleagues. Here are some of the things we'll be looking for: | Threat | Equifax | |
|
2019-07-31 05:55:00 | IDG Contributor Network: Is the cloud lulling us into security complacency? (lien direct) | The recent CapitalOne breach has certainly made lots of headlines in less than a day since the story broke out. And sadly, it has already thrust the $700M settlement that was reached from the largest ever data breach – the Equifax one – onto the sidelines just days after the news of that settlement broke out.But going back to CapitalOne, there are lots of lessons to be learned there certainly. I want to focus on where CapitalOne's data centers were and what that means for the rest of the planet from a security perspective. CapitalOne has been one of the most vocal AWS customers. They have appeared at numerous AWS events and touted how they have completely shuttered all their data centers and run exclusively on Amazon. And to be fair, they have also shared their best practices and use of AWS services. | Data Breach | Equifax | |
|
2019-07-30 03:00:00 | (Déjà vu) 6 API security lessons from Venmo\'s data leak (lien direct) | Earlier this summer, a computer science student was able to access information on seven million Venmo transactions, including the full names of people sending money through the platform. Last year, another researcher was able to download more than 200 million transactions. | |||
|
2019-07-30 03:00:00 | (Déjà vu) What is a zero day? A powerful but fragile weapon (lien direct) | Zero-day definition A zero day is a security flaw that has not yet been patched by the vendor and can be exploited and turned into a powerful weapon. Governments discover, purchase, and use zero days for military, intelligence and law enforcement purposes - a controversial practice, as it leaves society defenseless against other attackers who discover the same vulnerability. [ How much does a cyber attack really cost? Take a look at the numbers.. | Get the latest from CSO by signing up for our newsletters. ] | |||
|
2019-07-30 03:00:00 | (Déjà vu) 6 API security lessons from the Venmo breach (lien direct) | Earlier this summer, a computer science student was able to access information on seven million Venmo transactions, including the full names of people sending money through the platform. Last year, another researcher was able to download more than 200 million transactions. | |||
|
2019-07-26 03:00:00 | The biggest data breach fines, penalties and settlements so far (lien direct) | Sizable fines assessed for data breaches in 2019 suggest that regulators are getting more serious about organizations that don't properly protect consumer data. In the UK British Airways was hit with a record $230 million penalty, followed shortly by a $124 million fine for Marriott, while in the US Equifax agreed to pay a minimum of $575 million for its 2017 breach. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | Equifax | |
|
2019-07-25 03:00:00 | 15 signs you\'ve been hacked -- and how to fight back (lien direct) | In today's threatscape, antimalware software provides little peace of mind. In fact, antimalware scanners are horrifically inaccurate, especially with exploits less than 24 hours old. Malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable. All you have to do is drop off any suspected malware file at Google's VirusTotal, which has over 60 different antimalware scanners, to see that detection rates aren't all as advertised. | Malware | ||
|
2019-07-24 04:38:00 | Equifax\'s billion-dollar data breach disaster: Will it change executive attitudes toward security? (lien direct) | Equifax announced on Monday that it has agreed to a record-breaking settlement related to its massive 2017 data breach, which exposed the personal and financial records of more than 148 million people. The settlement requires the beleaguered credit ratings agency to spend at least $1.38 billion to resolve consumer claims against it. It creates a non-reversionary fund of $380.5 million to pay benefits to the class of consumers harmed by the breach, including cash compensation, credit monitoring, and help with identity restoration. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | Equifax | |
|
2019-07-23 07:48:00 | BrandPost: How Build Kits Speed Implementation of Cyber Best Practices (lien direct) | When it comes to servers, operating systems, and other technology, secure configurations are a key best practice for reducing cyber threats and vulnerabilities. Attackers and cybercriminals are looking for systems with default, insecure settings that are easier to exploit. Changing settings can also indicate a machine has been compromised, leading to a breach or other data theft. In order to mitigate the risk of cyber threats, secure configurations are a must. There are dozens of cybersecurity frameworks available to help guide you in locking down environments. The CIS Benchmarks are one robust option for configuration best practices; they provide consensus-developed guidance to help secure cloud environments, servers, desktop machines, applications, web browsers and more. You can also use a CIS Build Kit to help implement secure configurations in just a few minutes. Keep reading to learn how benchmarks are developed, how to audit for configuration security, and how build kits can help. | Guideline | ||
|
2019-07-18 08:57:00 | Network traffic analysis tools must include these 6 capabilities (lien direct) | When it comes to threat detection and response, understanding network behavior really matters. According to ESG research, 87% of organizations use network traffic analysis (NTA) tools for threat detection and response, and 43% say NTA is a “first line of defense” for detecting and responding to threats. (Note: I am an ESG employee.) As cybersecurity professionals often state, “the network doesn't lie.” Since cyber attacks use network communications for malware distribution, command and control, and data exfiltration, trained professionals should be able to spot malicious activity with the right tools, time, and oversight. [ Also read: Must-have features in a modern network security architecture | Get the latest from CSO: Sign up for our newsletters ] | Malware Threat | ||
|
2019-07-18 06:02:00 | IDG Contributor Network: Modernized maritime industry transports cyberthreats to sea (lien direct) | If there is one universal truth we've learned from developments on the cybersecurity landscape in recent years, it's that none of us are free from cyberthreats. Attackers identify and exploit vulnerabilities wherever they might exist, regardless of the target's geographic location, whether the target is an individual or an enterprise, or which industry sector the target represents.By the same token, attackers are equally capable of wreaking havoc whether their target is based on land or sea. Considering that more than 70 percent of the earth is covered by water, and an expanding attack surface for the vessels journeying across those waters, and cybercriminals have no shortage of maritime targets that they can aim to exploit. | |||
|
2019-07-17 03:00:00 | Review: How Barac ETV analyzes encrypted data streams (lien direct) | Encryption is one of the best ways that organizations can protect their data from thieves. If critical information is stored or transported in an encrypted format, it has some measure of protection even if it gets compromised or stolen. For example, even a huge database of credit cards is not much good to a hacker if the whole thing is heavily encrypted and unreadable. | |||
|
2019-07-16 03:00:00 | What is a computer virus? How they spread and 5 signs you\'ve been infected (lien direct) | Computer virus definition A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.Like other types of malware, a virus is deployed by attackers to damage or take control of a computer. Its name comes from the method by which it infects its targets. A biological virus like HIV or the flu cannot reproduce on its own; it needs to hijack a cell to do that work for it, wreaking havoc on the infected organism in the process. Similarly, a computer virus isn't itself a standalone program. It's a code snippet that inserts itself into some other application. When that application runs, it executes the virus code, with results that range from the irritating to the disastrous. | |||
|
2019-07-15 03:00:00 | To pay or not pay a hacker\'s ransomware demand? It comes down to cyber hygiene (lien direct) | Baltimore Mayor Jack Young announced last week that the U.S. Conference of Mayors (UCSM) passed a resolution calling on mayors to oppose the payment of ransomware attackers. The resolution states that “at least 170 county, city or state government systems have experienced a ransomware attack since 2013” with 22 of those occurring in 2019 so far. [ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ] | Ransomware | ||
|
2019-07-12 08:03:00 | How organizations are bridging the cyber-risk management gap (lien direct) | Cyber-risk management is more difficult today than it was two years ago. So say 74% of cybersecurity professionals in a recent ESG research survey. Respondents point to an expanding attack surface, an increase in software vulnerabilities, and more sophisticated tactics, techniques, and procedures (TTPs) from cyber-adversaries. (Note: I am an ESG employee.) OK, so there's a cyber-risk management gap at most organizations. What are they going to do about it? The research indicates that: 34% will increase the frequency of cyber-risk communications between the CISO and executive management. Now, more communication is a good thing, but CISOs must make sure they have the right data and metrics, and this has always been a problem. I see a lot of innovation around some type of CISO cyber-risk management dashboard from vendors such as Kenna Security, RiskLens (supporting the Factor Analysis of Information Risk (FAIR) standard), and Tenable Networks. Over time, cyber-risk analytics will become a critical component of a security operations and analytics platform architecture (SOAPA), so look for vendors such as Exabeam, IBM, LogRhythm, MicroFocus (ArcSight), Splunk, and SumoLogic to make investments in this area. 32% will initiate a project for sensitive data discovery, classification, and security controls. Gaining greater control of sensitive data is always a good idea, yet many organizations never seem to get around to this. Why? It's really, really hard work. This is another area ripe for more VC investment. Rather than paying Accenture, E&Y, or PWC millions, we need tools that can help automate data discovery and classification – especially as organizations ramp up on data privacy. 31% plan to hire more cybersecurity staff. That's a sound idea, but it is difficult to execute. According to recent research from ESG and the Information Systems Security Association (ISSA), 73% of organizations have been impacted by the cybersecurity skills shortage, and these firms are already competing for talent. My advice to CISOs is to assume they won't have the right skills or an adequate staff size in every area – including bridging the cyber-risk management gap. 31% want to increase security awareness training for employees. Also a great idea, but too many firms treat security awareness training as a “check-box” exercise. To really make an impact, CEOs must become cybersecurity cheerleaders and establish a cybersecurity culture throughout the organizations. 29% will conduct more penetration testing and red teaming exercises. ESG data demonstrates that penetration testing and red teaming are extremely beneficial, but few organizations have the internal skills to do those things well and it can be costly to hire third-party services. I'm bullish on an emerging category I call synthetic cyber-risk assessment (SCRA) from vendors such as AttackIQ, Randori, SafeBreach, and Verodin. It's important to remember that cyber-risk management is job #1 for every CISO. Yes, business executives are willing to spend more money on cybersecurity, but they increasingly want to target this spending on protecting their most critical digital assets and need help measuring ROI on these investments. Therefore, it's no exaggeration to say that bridging the cyber-risk management gap may be the most important task for CISOs in 2019 and beyond. | Guideline | ||
|
2019-07-03 11:56:00 | IDG Contributor Network: Of mice and malware (lien direct) | I'm often asked what kinds of “unexpected” skills are helpful to succeed in a job in computer security. My answer usually includes qualities like “empathy,” “curiosity,” or “communication,” but there's a whole other skillset – or perhaps it's a mindset – that is often equally important but difficult to describe in a single word. And that skillset can often be found in a seemingly unrelated discipline: biology.Blind men and an elephant There's a popular parable in which a group of blind men come across an elephant for the first time. Each man tries to conceptualize and describe this animal, while feeling only one specific part of the elephant's body. Based on this limited experience, each explanation of what the elephant is like is completely different from the others. There are many interpretations of the meaning or moral of this parable, but I found it to be relevant in a slightly different area of my life. | Malware | ||
|
2019-06-28 13:12:00 | BrandPost: Sharing Infrastructure: Insights and Strategies from the Latest Global Threat Landscape Report (lien direct) | Cyber threats are evolving so rapidly that they now require constant monitoring. Attacks observed during the first quarter of 2019 make it clear that cybercriminals are not only increasing the sophistication of their methods and tools, but that they are also diversifying. Recent attacks use a wide range of attack strategies, from targeted ransomware, custom coding, living-off-the-land (LoTL) strategies, and exploiting pre-installed tools to move laterally and stealthily across a network to launch or extend an attack.Another interesting trend is that threat actors are increasingly leveraging existing malware components, such as those offered on Dark Web sites either as open code or as Malware as a Service (MaaS). We are also learning that many attacks leverage common infrastructures, such as domains from which they launch attacks or run C2 services. For instance, nearly 60% of threats shared at least one domain from a handful of web service providers, indicating the majority of botnets not only leverage established infrastructure for distribution, but gravitate towards the same resources. | Malware Threat | ★★ | |
|
2019-06-27 03:00:00 | What is a botnet? When armies of infected IoT devices attack (lien direct) | Botnet definition A botnet is a collection of internet-connected devices that an attacker has compromised. Botnets act as a force multiplier for individual attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets' systems. Commonly used in distributed denial of service (DDoS) attacks, botnets can also take advantage of their collective computing power to send large volumes of spam, steal credentials at scale, or spy on people and organizations. [ Get inside the mind of a hacker, learn their motives and their malware. | Sign up for CSO newsletters! ] | |||
|
2019-06-25 13:25:00 | Telcos around the world hit by large-scale, long-term intelligence gathering cyberattack (lien direct) | A long-term, large scale attack targeting telecom companies around the world has been discovered. The attack, dubbed Operation Soft Cell by security firm Cybereason, saw hundreds of gigabytes of information exfiltrated. The company claims the attackers had total control of compromised networks and could have easily brought down entire cellular networks if they so wished.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] “Cellular service is a critical infrastructure nowadays,” says Amit Serper, principal security researcher at Cybereason and author of the report. “What really worries me is the amount of access they have--the complete access they have to the network. The worst thing they can do is sabotage it and one day just shut down the whole network.” | |||
|
2019-06-21 11:47:00 | OpenSSH to protect keys in memory against side-channel attacks (lien direct) | The OpenSSH project has received a patch that prevents private keys from being stolen through hardware vulnerabilities that allow hackers to access restricted memory regions from unprivileged processes. The same approach could be used by other software application to protect their secrets in RAM until the issues are fixed in future generations of SDRAM chips and CPUs.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] The patch comes after a team of researchers recently presented an attack dubbed RAMBleed that exploits the design of modern memory modules in to extract information from memory regions allocated to privileged processes and the kernel. | |||
|
2019-06-20 03:00:00 | A new website explains data breach risk (lien direct) | Data breaches are so common that even a theft of a billion records of seriously confidential information barely makes the news. It's business as usual. Part of the problem is that all the data breaches involving our data become melded together. It seems as if all our personal data is already out there - many times over. So, who cares if it happens once (or ten times) more? We're numb to yet another attack that includes our personal data. In the beginning we feared every announced data breach. Now we don't fear any. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-06-20 03:00:00 | What is a Trojan horse? How this tricky malware works (lien direct) | Trojan horse definition A Trojan or Trojan horse is a variety of malware that disguises itself as something you want in order to trick you into letting it through your defenses.Like other types of malware, a Trojan is deployed by attackers to damage or take control of your computer. Its name comes from the method by which it infects your computer: it disguises itself as something you want in order to trick you into letting it through your defenses. [ Get inside the mind of a hacker, learn their motives and their malware. | Sign up for CSO newsletters! ] | Malware | ||
|
2019-06-13 04:04:00 | Rowhammer variant RAMBleed allows attackers to steal secrets from RAM (lien direct) | Researchers have devised a new attack that allows unprivileged code running on computers to steal secrets, such as cryptographic keys, that are stored in what should be protected memory regions. The attack is possible because of a known design issue with modern DRAM chips that has been exploited in the past to modify protected data.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Dubbed RAMBleed, the new attack is the work of researchers Andrew Kwong and Daniel Genkin from the University of Michigan, Daniel Gruss from the Graz University of Technology and Yuval Yarom from University of Adelaide and Data61. Using the new technique, the researchers were able to extract an RSA 2048-bit signing key from an OpenSSH server using code running with user-level privileges. | |||
|
2019-06-13 03:00:00 | Why the Huawei ban is bad for security (lien direct) | Last week, Google reportedly warned the Trump Administration that its current ban on exports to Huawei might actually jeopardize national security by forcing Huawei to create an insecure fork of its Android operating system, according to the Financial Times.That ban was imposed as part of a Commerce Department effort announced in mid-May which placed the Chinese telecom and tech giant on a U.S. export blacklist, the “entity list,” for its purported efforts to spy on behalf of the Chinese government. Two other companies - the telecom giant ZTE and a memory chip maker, Fujian Jinhua Integrated Circuit - were also placed on the list and the administration is now reportedly considering adding video surveillance company HikVision to it. | |||
|
2019-06-10 03:00:00 | 6 ways malware can bypass endpoint protection (lien direct) | Sixty-three percent of IT security professionals say the frequency of attacks has gone up over the past 12 months, according to Ponemon's 2018 State of Endpoint Security Risk report - and 52% of respondents say all attacks cannot be realistically stopped. Their antivirus solutions are blocking only 43% of attacks. Sixty-four percent of respondents said that their organizations had experienced one or more endpoint attacks that resulted in a data breach. | Malware | ||
|
2019-06-06 08:40:00 | From phish to network compromise in two hours: How Carbanak operates (lien direct) | The past few years have seen an increase in the number of attacks against financial organizations by sophisticated cybercriminal groups that use manual hacking and stealthy techniques to remain hidden. Now, researchers from Bitdefender have released a report on an intrusion they investigated at an unnamed bank that documents in detail how these attackers operate and shows how fast they can gain control over a network. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-06-04 03:00:00 | 10 penetration testing tools the pros use (lien direct) | What is penetration testing? Penetration testing, also known as pentesting or ethical hacking, is like in the movie Sneakers, where hacker-consultants break into your corporate networks to find weaknesses before attackers do. It's a simulated cyber attack where the pentester uses the tools and techniques available to malicious hackers.Back in ye olde days of yore, hacking was hard and required a lot of manual bit fiddling. Today, though, a full suite of automated testing tools turn hackers into cyborgs, computer-enhanced humans who can test far more than ever before. | |||
|
2019-06-03 09:04:00 | BrandPost: Protecting Today\'s Evolving Digital Landscape (lien direct) | Over the past couple of decades, changes in the threat landscape have driven changes in how we design, implement, and manage security. Organizations have spent the last two decades updating their security gear to keep up with the latest threats and attack vectors. In the late 1990s, the creation of viruses and worms forced the development of anti-virus and IDS solutions. Spam and phishing drove the development of advanced email gateways. The list is long, with organizations adding things like Anti-DDoS, Secure Web Gateways, and Reputation filters to their security closets on an almost annual basis. The thing these security tools tended to have in common is that they were all signature based. And because cybercriminals tend to be as invested in ROI and TCO as their victims, they learned that attacks that could be countered by a new signature were less profitable. | Spam Threat | ||
|
2019-05-30 11:36:00 | (Déjà vu) Best new Windows 10 security features: Windows Sandbox, more update options (lien direct) | With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year. Many of those changes will allow you to improve your security posture and offer more security choices. You no longer have to wait for a new operating system to deploy new security features. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] Below is a summary of all the new security features and options in Windows 10 version 1903, which features Windows Defender Advanced Threat Protection (ATP) enhancements, more options for enterprises to defer updates, and Windows Sandbox, which provides a safe area to run untrusted software. Bookmark this article, because we will be adding new security features as Microsoft releases future Windows updates. | Malware Threat | ||
|
2019-05-30 03:00:00 | Why businesses don\'t report cybercrimes to law enforcement (lien direct) | Companies are often compelled to report security incidents such as data breaches to regulators. Companies in the UK, for example, will be legally obligated under GDPR to inform the Information Commissioner's Office (ICO) if they suffer a breach involving personal information of customers or employees. Similar obligations exist under the likes of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the U.S. or the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada. | |||
|
2019-05-29 03:00:00 | How to update your Spectre, Meltdown mitigations for the Retpoline mitigation (lien direct) | The Spectre and Meltdown vulnerabilities discovered in January 2018 showed that weaknesses in CPUs were a potential attack vector. They allow a rogue process to read memory without authorization. Patches were rolled out along with bios updates from the manufacturer, but they came with a costly side effect: They degraded performance, especially on systems with older CPUs. Microsoft enabled the protections by default on workstations, but not on server platforms. | |||
|
2019-05-28 05:00:00 | IDG Contributor Network: Federal cybersecurity agency on the way? (lien direct) | The departments and agencies within the United States government have evolved over time to address modern-day problems and meet the changing needs of citizens. For example, the Department of Homeland Security was created in the aftermath of the September 11th attacks as a measure to improve domestic safety and handle threats of terrorism.Jumping forward to today, cybersecurity has become a center of focus across the globe for both governments, private companies, and individual citizens. When a hacker launches an attack and is able to create a data breach at a major company, it can affect millions of people. | |||
|
2019-05-23 07:25:00 | BrandPost: Threat Intelligence and the Evolving Threat Landscape (lien direct) | As organizations continue to adopt and drive digital transformation (DX), staying ahead of the threat landscape and attack chain curves is becoming increasingly difficult to achieve. Today, rather than having a single network to secure, most organizations now own and manage a variety of environments, including physical networks, private cloud and virtual SDN environments, multiple public clouds, an expanding WAN edge, IT/OT convergence, and an increasingly mobile workforce.This also includes things like ongoing DevOps application development, containerized environments, and the adoption of IaaS and SaaS solutions-including Shadow IT. And given the advent of more deeply integrated solutions, such as smart cars, companies, and cities, and the looming launch of 5G and the myriad of new immersive applications and rich media sources that will result from that, the impact of DX seems to stretch out over the horizon. | Threat | ||
|
2019-05-22 03:00:00 | Why reported breaches are the tip of the iceberg (lien direct) | According to the Identity Theft Resource Center (ITRC), 1,244 data breaches were reported in 2018 that compromised over 446 million records containing consumers' personally identifiable information (PII). The key word in the last sentence is "reported." Assuming every hacked business reports a breach, like they are supposed to do, we can look at 1,244 breaches as the number of times a hacker got caught…. and believe me, hackers don't like to get caught. | |||
|
2019-05-21 03:00:00 | How to implement and use the MITRE ATT&CK framework (lien direct) | Mitigating security vulnerabilities is difficult. Attackers need to exploit just one vulnerability to breach your network, but defenders have to secure everything. That's why security programs have been shifting resources toward detection and response: detecting when the bad guys are in your network and then responding to their actions efficiently to gather evidence and mitigate the risk. [ Review 4 open-source Mitre ATT&CK test tools compared. | Get the latest from CSO by signing up for our newsletters. ] | Vulnerability | ★★★★★ | |
|
2019-05-20 03:00:00 | Review: How Awake Security uncovers malicious intent (lien direct) | Good cybersecurity these days is more complicated than just matching signatures against known malware. In fact, many of the most devastating attacks made against enterprises may not involve malware at all, instead relying on social engineering, insider threats, and tools and processes already approved for use within a network that are hijacked for a malicious purpose. | Malware | ||
|
2019-05-17 03:00:00 | What is malware? How to prevent, detect and recover from it (lien direct) | Malware definition Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information. As Microsoft puts it, "[malware] is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network." In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it. [ Get inside the mind of a hacker, learn their motives and their malware.. | Sign up for CSO newsletters! ] | Malware | ||
|
2019-05-15 09:46:00 | Microsoft urges Windows customers to patch wormable RDP flaw (lien direct) | Microsoft has fixed a critical vulnerability in some versions of Windows that can be exploited to create a powerful worm. The company even took the unusual step of releasing patches for Windows XP and Windows Server 2003, which haven't been supported in years, because it believes the threat to be very high. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] The vulnerability, tracked as CVE-2019-0708, is located in Remote Desktop Services, formerly known as Terminal Services. This component handles connections over the Remote Desktop Protocol (RDP), a widely used protocol for remotely managing Windows systems on corporate networks. | Malware Vulnerability Threat | ||
|
2019-05-14 11:57:00 | The second Meltdown: New Intel CPU attacks leak secrets (lien direct) | Researchers have found new flaws in Intel processors that could allow hackers to defeat the security boundaries enforced by virtual machine hypervisors, operating system kernels and Intel SGX enclaves, putting data on both servers and endpoint systems at risk. The new attack techniques can be used to leak sensitive secrets like passwords or encryption keys from protected memory regions and are not blocked by mitigations for past CPU attacks.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Over a year ago, the Meltdown and Spectre attacks took the computer industry by storm and showed that the memory isolation between the operating system kernel and unprivileged applications or between different virtual machines running on the same server were not as impervious as previously thought. Those attacks took advantage of a performance enhancing feature of modern CPUs called speculative execution to steal secrets by analyzing how data was being accessed inside CPU caches. | |||
|
2019-05-14 03:00:00 | 200 million-record breach: Why collecting too much data raises risk (lien direct) | If you don't collect it, no one can steal it.Sometimes the best way to secure customer data is not to collect it in the first place. While it can be tempting to "collect it all" just in case, most enterprises need far less data on their users to market to them effectively. Reducing the amount of data collected means that in the inevitable event of a breach, the repercussions will be far less severe. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-05-10 11:04:00 | New Intel firmware boot verification bypass enables low-level backdoors (lien direct) | Researchers have found a new way to defeat the boot verification process for some Intel-based systems, but the technique can also impact other platforms and can be used to compromise machines in a stealthy and persistent way.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Researchers Peter Bosch and Trammell Hudson presented a time-of-check, time-of-use (TOCTOU) attack against the Boot Guard feature of Intel's reference Unified Extensible Firmware Interface (UEFI) implementation at the Hack in the Box conference in Amsterdam this week. | Hack | ||
|
2019-05-07 11:46:00 | BrandPost: The Problem with Too Many Security Options (lien direct) | The challenge of securing our networks is accelerating, primarily in direct response to digital transformation efforts that are expanding the attack surface. Cybercriminals are all too eager to exploit new attack vectors and take advantage of new limitations in our visibility and span of control.The problem is that too many of our security solutions not only operate in relative isolation-meaning that they don't do a very good job of sharing threat intelligence with other security tools-they also still tend to be perimeter-based, which is ironic given that the industry has been touting borderless networks for quite some time. Part of the problem is that even as the border is eroding, we still tend to think of our networks in traditional terms, with an assumption that the data center sits at the core, the network is reasonably static, and that all other elements - mobile users and devices, branch offices, and multi-cloud environments- branch off from that central network in a hub and spoke design. | Threat | ||
|
2019-05-07 03:00:00 | How to get started using Ghidra, the free reverse engineering tool (lien direct) | The National Security Agency (NSA), the same agency that brought you blockbuster malware Stuxnet, has now released Ghidra, an open-source reverse engineering framework, to grow the number of reverse engineers studying malware. The move disrupts the reverse engineering market, which top dog IDA Pro has long dominated, and enables more people to learn how to reverse engineer without having to pay for an IDA Pro license, which can be prohibitively expensive for most newcomers to the field. | Malware Tool |
To see everything:
Our RSS (filtrered)
