What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-25 09:00:00 | Supply Chain Attacks: How To Reduce Open-Source Vulnerabilities (lien direct) | When you read that software supply chain attacks increased 42% in the first quarter of 2021 over Q4 2020, you might think the cybersecurity problem was related to the traditional supply chain. Many people think of a supply chain as boxes of products on trucks and ships. Software companies don’t ship physical CDs of their […] | |||
|
2021-05-24 14:00:00 | Zero Trust: Bringing Privileged Access and Data Security Analytics Together (lien direct) | Who owns the data in your organization? If you’re like many, there’s a chance it’s fragmented. Maybe legal owns governance while security owns data security. IT, legal, security and line-of-business owners might share tasks. Perhaps there is no real data governance or oversight at all. What we hear from people across all industries, though, is that […] | |||
|
2021-05-24 12:00:00 | The OSI Model and You Part 1: Stopping Threats on the OSI Physical Layer (lien direct) | The Open Systems Interconnection (OSI) model is one of the many useful tools we can use to stop cybersecurity threats. This long-standing standard separates a network into seven layers, offering suggestions for protecting each of them. In this blog series, we’ll examine the layers one by one to understand this model. Each piece follows the same […] | |||
|
2021-05-24 10:00:00 | What Every Incident Response Plan Needs (lien direct) | A record number of digital attacks occurred in 2020. The FBI’s Cyber Division received as many as 4,000 complaints about digital attacks in one day early last year. That’s 400% higher than what the Cyber Division received the previous year. This growth in the volume of digital attacks underscores why you need to have an […] | |||
|
2021-05-21 21:00:00 | 5 Unique Online Scams and How to Defend Against Them (lien direct) | The possibility of an online scam can be an ever-changing problem for individuals and businesses. If someone clicks on a virus-laden email while employed in a data-heavy business, their stolen data could lead to a compromise to the business overall. Because of this, knowing what your employees might encounter in their day to day is […] | Guideline | ||
|
2021-05-21 15:00:00 | Taking Time Off? What Your Out of Office Message Tells Attackers (lien direct) | As more people are vaccinated and free to live a more normal life again, vacation plans, trip pictures and conference hashtags will flood social media sites. Phone calls and emails to colleagues will be met with out of office (OOO) messages. You might feel happy for that person, or maybe a little jealous that they […] | |||
|
2021-05-20 23:00:00 | Security by Design and NIST 800-160, Part 3: Technical Processes (lien direct) | Picking up where we left off on the security-by-design thinking offered by NIST 800-160 Volume 1, we move onward in Chapter 3, focusing on the technical management processes. Let’s look at some security design principles at the technical processes level. Technical Management Processes Chapter 3.3 shows us eight processes. Like we did in Part 2 […] | |||
|
2021-05-20 22:00:00 | The State of Small Business Cybersecurity in 2021 (lien direct) | Most business owners are overconfident about their small business cybersecurity postures. Two-thirds of senior-level decision-makers who participated in a 2019 survey said they didn’t believe the small- to mid-sized businesses (SMBs) for which they’re responsible would fall victim to a digital attack. Within this prevailing view, many respondents didn’t view small business cybersecurity as important. […] | |||
|
2021-05-20 14:00:00 | Accelerate Your Hybrid Cloud Journey With Security Confidence (lien direct) | Organizations are accelerating their move to cloud to drive business innovation and customer success. In fact, 74% of respondents to a 2020 LogicMonitor survey believe that 95% of workloads will migrate to cloud in the next five years. At the same time, cloud poses new cybersecurity challenges as teams struggle to keep pace with the […] | |||
|
2021-05-19 23:00:00 | User Behavior Analytics: What It Is and How It Advances Digital Security (lien direct) | Organizations are struggling to pinpoint threats that come from real user accounts. Take insider threats, as an example. In a 2020 report, 68% of IT and security experts felt their employers were somewhat or very at risk to insider attacks. Over half (53%) said it had become at least somewhat harder to detect an insider attack […] | |||
|
2021-05-19 22:00:00 | Avoiding Video Background Snafus: How to Hold Safe Meetings Online (lien direct) | Zoom mishaps have provided us with much comic relief while we’re trying to adjust to safe meetings online. We’ll never forget the lawyer who wasn’t really a cat and the boss who was a potato. Zoom backgrounds weren’t left out of the fun either. They gave us laughs, like the student who used Danny DeVito’s […] | |||
|
2021-05-19 21:30:00 | How to Boost Your Health Care Data Cybersecurity Immune System (lien direct) | Health care data security has always been a concern. But in the last year, health care and digital safety have become even more urgent topics in government, business and in the public at large. The reason is the sudden and enormous rise in attacks, both in number and impact. Where are those health care cyberattacks […] | |||
|
2021-05-18 23:00:00 | Using FAIR and NIST CSF for Security Risk Management (lien direct) | Risk management and risk assessments go hand in hand, and most organizations have completed a security assessment based on maturity models at some point in their existence. However, more companies are realizing the need to complement maturity models with a risk-based approach for assessing their cybersecurity positions. One such risk-based approach is based on the […] | |||
|
2021-05-17 22:00:00 | Harnessing the Power of Transfer Learning to Detect Code Security Weaknesses (lien direct) | Detecting vulnerabilities in code has been a problem facing the software development community for decades. Undetected weaknesses in production code can become attack entry points if detected and exploited by attackers. Such vulnerabilities can greatly damage the reputation of the company releasing the software and, potentially, the operational and financial well-being of the companies that […] | |||
|
2021-05-17 16:30:00 | When Regulations Don\'t Apply, Data Security Use Cases Do (lien direct) | I’m not going to lecture you on the necessity of data security. Especially in light of recent news-making breaches, we can see there really is no industry immune from data breaches. But this isn’t one of those doom-and-gloom articles laying out the likelihood or cost of a breach. Instead, let’s look at something else: how […] | |||
|
2021-05-15 11:00:00 | AI Security Threats: The Real Risk Behind Science Fiction Scenarios (lien direct) | We often hear about the positive aspects of artificial intelligence (AI) security — the way it can predict what customers need through data and deliver a custom result. When the darker side of AI is discussed, the conversation often centers on data privacy. Other conversations in this area veer into science fiction where the AI works […] | |||
|
2021-05-14 21:00:00 | How to Reduce Zero Trust Frustration By Capturing Context (lien direct) | Zero trust remains one of the best ways for companies to reduce total risk. By knowing the potential risk of any request — both inside and outside the enterprise network — rather than assuming good intentions, companies can limit potential attacks. Deploying a zero trust framework at scale, however, may cause frustration. It increases operational […] | |||
|
2021-05-14 20:30:00 | Cloud Data Privacy: Now, Where Did I Put Those Keys? (lien direct) | Let’s say you’re about to walk out of the house and realize you’ve forgotten your keys. The first thing a family member will probably ask you is “Where did you last have them?” But at work, asking for the keys to a cloud — the keys that ensure data privacy — might get a different […] | |||
|
2021-05-13 20:00:00 | Data Privacy: How the Growing Field of Regulations Impacts Businesses (lien direct) | The recent proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond […] | |||
|
2021-05-13 13:00:00 | Security by Design and NIST 800-160, Part 2: Life Cycle Processes (lien direct) | NIST 800-160 Volume 1 features many guidelines of interest to cybersecurity experts looking to boost their defenses through security by design. As we saw in the first post in this series, the key principles of this document provide a good footing for security. Next, let’s take a look at how the security design principles laid […] | |||
|
2021-05-13 03:45:00 | DevSecOps: Closing the Security Gap With Developers (lien direct) | We talk a lot about building a culture in which every employee and department puts digital safety first. Everyone pitching in a little bit means the job gets done more thoroughly. Bringing developers, IT operations and security together in a DevSecOps format helps do that. It includes both processes and culture shifts, all of which […] | |||
|
2021-05-13 03:30:00 | Private LTE or 5G: Which Is More Secure? (lien direct) | Employees using mobile devices for work is nothing new. From health care workers using them for patient care to a salesperson checking work email in an airport, most of us have our phones on us at all times. However, the increase in the number of remote workers due to the COVID-19 pandemic has ramped up […] | |||
|
2021-05-13 03:00:00 | Penetration Testing 101: What You Need to Know (lien direct) | On the digital battleground, enterprises need a way to make sure their defenses work. Penetration testing (or ‘pen testing’) offers the type of attack you might encounter, but in a controlled case. With pen testing, people intentionally attack an app or network to check on its security posture. This lets enterprises realistically test the effectiveness […] | |||
|
2021-05-12 01:00:00 | Synthetic Identity Theft: When Everybody Knows Your Name (lien direct) | You probably have a place where everyone knows your name — and maybe your address and your birthday and your favorite drink. That place could be your favorite restaurant, your office or your grandma’s house. It doesn’t matter where that place is; when everyone in the room greets you by name, it gives you a […] | |||
|
2021-05-11 15:00:00 | Adopting Microsegmentation Into Your Zero Trust Model, Part 3 (lien direct) | This is the third and final part in a series on zero trust and microsegmentation. Be sure to check out Parts 1 and 2. The customer relationship used to be circular — you marketed your products to customers, they purchased products, your company provided customer service as needed and then you marketed additional products to […] | |||
|
2021-05-11 14:00:00 | Why Automation and Zero Trust Go Hand-in-Hand (lien direct) | Zero trust can reshape how businesses approach digital security. The idea is to distrust by default, regardless of whether the information is located inside or outside the corporate network. From there, security teams can verify devices, apps and connections on a case-by-case basis. They should also re-verify the trust of those network assets on an […] | |||
|
2021-05-10 21:20:00 | Shedding Light on the DarkSide Ransomware Attack (lien direct) | It has been well over a decade since cybersecurity professionals began warning about both nation-state and financially motivated cyber-kinetic attacks. Concerned about a cybersecurity threat that would have the potential to destroy physical assets and human lives, many looked to sound the alarm in industrial organizations, tracking the vulnerabilities that could lead to a compromise […] | Ransomware Threat Guideline | ||
|
2021-05-10 18:00:00 | What Is Extended Detection and Response (XDR)? (lien direct) | For many decades now, emerging threats have put organizations at risk. As the IT landscape evolved and threat actors found new ways to attack, security teams needed to find new ways to detect and respond to threats. Today, this evolving theme of complexity continues. And the list of point solutions being deployed to overcome these […] | Threat | ||
|
2021-05-07 16:00:00 | How a Firewall Can Foster Zero Trust (lien direct) | Older perimeter-based firewalls aren’t up to the task of safeguarding today’s more distributed networks. But that doesn’t mean the end of the firewall is in sight. On the contrary, businesses and other groups are turning to next-generation firewalls (NGFWs) hosted in the cloud to fulfill their evolving security needs. These ‘virtual’ firewalls can be even […] | |||
|
2021-05-07 14:00:00 | 3 Ways to Reduce the Cost of a Government Data Breach (lien direct) | As a government agency or jurisdiction, one of your goals is to build trust with the citizens you serve. You earn that trust by protecting their information from a government data breach. This also helps by making efficient use of taxpayer dollars. When a data breach does hit, both pillars are eroded. Your organization can […] | Data Breach | ||
|
2021-05-07 12:30:00 | What is Ghimob Malware? (lien direct) | A new Android malware strain ‘Ghimob’ is mimicking third-party mobile (mainly banking) apps to spy and steal user data when downloaded and installed. This Trojan virus steals data from users, primarily targeting online banking and cryptocurrency. As of the end of 2020, it is believed to siphon data from more than 153 apps by asking […] | Malware | ||
|
2021-05-06 15:00:00 | Health Care Data: It\'s Your Personal \'National Security\' Information (lien direct) | If you wanted to put all the pieces of a person’s profile together, health care data would likely be the most important piece of the personally identifiable information (PII) puzzle. It’s powerful. A heartbeat can open a door. This data is the most important type related to a person, the crown jewel of PII data […] | |||
|
2021-05-06 13:00:00 | Security by Design and NIST 800-160, Part 1: Managing Change (lien direct) | Building a house requires a blueprint. When it comes to building systems, National Institute of Standards and Technology’s (NIST) documents about security by design are some of the most reliable blueprints. As systems become more complex, they’re also more likely to be fragile. Meanwhile, we continue to add new devices, apps and tools into our […] | |||
|
2021-05-06 10:00:00 | Zero Trust and Insider Threats: Was Brutus the Original Bad Actor? (lien direct) | Insider threats have been a problem for as long as there have been insiders. What’s changed over time? Well, for one, Brutus and his conspirators didn’t exactly leave a trail of logs and flows when they plotted against Julius Caesar and the Roman Republic. Fast forward 2,000 years, and there’s a good news/bad news update […] | |||
|
2021-05-05 22:00:00 | Does Multifactor Authentication Keep Your Remote Workers Safe? (lien direct) | Your eight-character password can be cracked in about eight hours, using brute force attacks — even if you add in numbers, mix up the cases and throw in a special character or three. Odds are high that eight-hour window will soon be even shorter. To combat this, many companies added multifactor authentication (MFA) into their […] | |||
|
2021-05-05 16:00:00 | Improving Data Security in Schools: Remote Learning Increases Security Threats (lien direct) | This blog is the last in a series about improving data security in schools. When learning moved from the classroom to the dining room, schools scrambled to ensure students had the tools they needed. A study conducted by FutureSource Consulting found that the number of computing devices shipped to educational institutions in 2020 is expected […] | |||
|
2021-05-05 04:30:00 | Zero Trust: Confidently Secure Your Business to Grow Fearlessly (lien direct) | What would your business be able to do if security risks were no longer a concern? What sort of products would you build for your customers? What types of experiences could you enable for your employees to be more effective? What would you change to power your business forward? As the general manager for IBM […] | |||
|
2021-05-04 15:00:00 | Adopting Microsegmentation Into Your Zero Trust Model, Part 2 (lien direct) | This is the second part in a series on zero trust and microsegmentation. Be sure to check out Part 1 here. Organizations are increasingly using a zero trust approach combined with microsegmentation to carefully balance the needs of security and access. Companies work with most vendors on a purely transactional basis — those vendors simply […] | |||
|
2021-05-04 12:00:00 | (Déjà vu) It\'s an Operational Technology World, and Attackers Are Living in It (lien direct) | In April 2021, the U.S. government announced a new effort to protect industrial control systems (ICS) from cyberattacks. For the cybersecurity community, the announcement may come as no surprise. Vulnerabilities in critical infrastructure such as ICS and the operational technologies (OT) that run them have made frequent headlines. From public water system threats to research […] | |||
|
2021-05-04 12:00:00 | Expert Interview: How to Secure Critical Infrastructure With Operational Technology (lien direct) | In April 2021, the U.S. government announced a new effort to protect industrial control systems (ICS) from cyberattacks. For the cybersecurity community, the announcement may come as no surprise. Vulnerabilities in critical infrastructure such as ICS and the operational technologies (OT) that run them have made frequent headlines. From public water system threats to research […] | |||
|
2021-05-04 10:05:00 | Don\'t Make Headlines Over an Insider Incident: Lessons From the Frontlines (lien direct) | On the path to becoming more cyber secure, organizations across the globe spend an estimated $60 billion per year to defend their assets, recruit talent and work to prevent and respond to cyberattacks. Moreover, security spending is expected to rise another 10% in 2021. But while much of an organization’s security focus and spending is […] | |||
|
2021-05-03 22:30:00 | Alert Fatigue: How AI Can Help You Address Your Most Important Alerts (lien direct) | When someone says the word hurricane, I hear the shrill weather-alert warning sound in my head. Having grown up in Florida and now living in North Carolina, I’ve been through many hurricanes and have the routine down — stock up on supplies and hurricane snacks, bring in the patio furniture, fill up the cars with […] | |||
|
2021-05-03 17:30:00 | Social Engineering: Watch Out for These Threats Against Cybersecurity Experts (lien direct) | Many of us remember our parents saying not to take candy from strangers. Today, we can apply a similar mindset to avoid social engineering. Social engineering is the threat that keeps on coming back. Threat actors are learning to use even cybersecurity researchers’ best intentions against them. Let’s take a look at tactics threat actors use to target […] | Threat | ||
|
2021-04-30 15:00:00 | How to Talk to Leadership About a Zero Trust Model That\'s Right For You (lien direct) | This is the second blog in a series about zero trust. Lack of requisite budget can be a major roadblock when it comes to adding a zero trust model. Why is this so much of a problem? And, how can a SOC team make the C-suite see how zero trust helps the business? In the […] | ★★★ | ||
|
2021-04-30 14:00:00 | Why Data Monopolies Mean Breaches Hit Harder (And How to Help) (lien direct) | Tech companies aren’t shy about how much they know about us. In fact, it’s right in my face every time I log on to my accounts: advertisements for running shoes I looked at online last week; condo rentals for the post-pandemic trip I’ve been quietly planning for months; and recommended dachshund Facebook groups likely based […] | |||
|
2021-04-30 13:00:00 | 3 Ransomware Threats in 2021 and How to Protect Against Them (lien direct) | I’m sure I’m not the only one who expected the world to magically get back to normal — whatever that is — when the ball dropped on 2021. After seeing a rise in threats last year, no more ransomware, or at least fewer attacks, was on my very long wish list for a wonderful new […] | Ransomware | ||
|
2021-04-29 14:00:00 | Is Multifactor Authentication Changing the Threat Landscape? (lien direct) | Changes to the cybersecurity threat landscape are constant and dynamic: threat actor groups come and go, alter tactics, techniques and procedures (TTPs) and adjust to new defensive mechanisms. Over time, both cyber criminal gangs and nation-state actors endure arrests and swap individuals in what can appear to be an ongoing arms race between good and […] | Threat | ||
|
2021-04-29 13:00:00 | The Story of FakeChat (lien direct) | Starting late December 2020, IBM Trusteer’s mobile threat research lab discovered and began closely tracking a new Android banking malware that appeared to be mostly targeting users in Spain. Per our analysis, the purpose of the malware is to steal credit card numbers, bank account credentials and other private information from its victims. Once a […] | Malware Threat | ★★ | |
|
2021-04-29 10:00:00 | Is VPN or Zero Trust Best for Remote Working Security? (lien direct) | For the past few decades, a corporate virtual private network (VPN) was the go-to answer for connecting to work when away from the office. It was simple, affordable and relatively secure. But debate has been brewing for several years regarding whether or not the corporate VPN security is dead — or at least not the […] | |||
|
2021-04-29 03:45:00 | Improving Data Security in Schools: Privacy at a Distance (lien direct) | This blog is the second in a series about improving data security in schools. Cyberattacks against colleges and universities can be fruitful. Few organizations hold the amount and variety of data that higher education does. Thousands, if not millions, of endpoints are ripe for compromise. A large state flagship university houses decades worth of student […] |
To see everything:
Our RSS (filtrered)
