Supply chain attacks show why you should be wary of third-party providers
CSO—The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.
CIO Asia
What is the cyber kill chain? Why it’s not always the right approach to cyber attacks
As an infosec professional, you’ve likely heard about using a cyber kill chain, also known as a cyber attack lifecycle, to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is a recap of what the cyber kill chain approach …
What is the cyber kill chain? Why it’s not always the right approach to cyber attacks Read More »
Unlimited DDoS protection the new norm after Cloudflare announcement
Late last month, global distributed denial of service (DDoS) protection provider Cloudflare announced that it would no longer charge customers extra when they were under attack. The company claims to have nearly 10 million customers and a presence in 117 cities around the world, with enough capacity to handle more than 15 terabits of traffic …
Unlimited DDoS protection the new norm after Cloudflare announcement Read More »
Shadow cloud apps pose unseen risks
It happens in every company. Employees find a cool new online service that makes them more productive. They create free or low-cost accounts on devices they use for work, and get all their friends and colleagues to join up. The new cloud service is great. The interface is a joy to use, it comes with …
What is a fileless attack? How hackers invade systems without installing software
“We see it every day,” says Steven Lentz, CSO at Samsung Research America. “Something coming through, some exploit type, unknown ransomware. We’ve stopped several things with our defenses, either network-wise or at the end point.” The attacks that Lentz is worried about are fileless attacks, also known as zero-footprint attacks, macro, or non-malware attacks. These …
What is a fileless attack? How hackers invade systems without installing software Read More »
Is universal end-to-end encrypted email possible (or even desirable)?
People expect their email to be private between them and the recipient, but in reality, the contents of your email are exposed during transmission. Full end-to-end encryption would mean that only the receiver of the email can decrypt their messages, but sharing public keys and agreeing on a common encryption standard can be tricky for …
Is universal end-to-end encrypted email possible (or even desirable)? Read More »
What’s new in ransomware?
In June, South Korean hosting company Internet Nayana, Inc., was hit by a ransomware attack that took down its 153 Linux web servers — home to more than 5,000 customer websites. “I know that negotiations with hackers should not be done,” company CEO Hwang Chilghong said in a statement. “I would not negotiate with a hacker if …
Look beyond job boards to fill cybersecurity jobs
The cybersecurity talent shortage keeps getting worse. According to Cybersecurity Ventures, the cost of cybercrime will double from $3 trillion globally in 2015 to $6 trillion by 2021. Meanwhile, the number of open cybersecurity jobs will increase from 1 million in 2016 to 1.5 million by 2019. Meanwhile, the scale and damage of the attacks …
Look beyond job boards to fill cybersecurity jobs Read More »
Two years after the OPM data breach: What government agencies must do now
The Office of Personnel Management breach in June 2015 was a big wake up call to our federal government, and, in its wake, a number of initiatives were launched to improve the government’s cybersecurity posture. Despite several concrete improvements, progress has stalled in some areas, as demonstrated by a series of assessments conducted since the …
Two years after the OPM data breach: What government agencies must do now Read More »
With new dynamic capabilities, will whitelisting finally catch on?
Everybody knows and hates whitelisting. Employees are only allowed to install approved software on their desktops and laptops, so they’re always complaining and asking for exceptions. Management eventually gets fed up with it and stops the experiment. For mobile devices, enterprises have a number of tools at their disposal, including mobile device management. In addition, …
With new dynamic capabilities, will whitelisting finally catch on? Read More »
Few firms will be ready for new European breach disclosure rules, fines
The new European General Data Protection Regulation goes into effect next May, with onerous notification requirements and high penalties, but a year might not be enough for firms to get ready.Recent surveys show that most companies are not prepared for the regulations. According to a recent SailPoint survey, 80 percent see GDPR as a priority, …
Few firms will be ready for new European breach disclosure rules, fines Read More »
APT3 hackers linked to Chinese intelligence
The APT3 hacker group, which has been attacking government and defense industry targets since 2010, has been linked to the Chinese Ministry of State Security, according to a report by Recorded Future.Other attackers have been linked to the Chinese military, but this is the first time a group has been connected to Chinese intelligence, said …
Suffolk County greets hurricane season with updated alerting system
Long Island’s Suffolk County is improving its emergency communications for National Hurricane Preparedness Week
WannaCry fallout — the worst is yet to come, experts say
The massive scale of the recent WannaCry ransomware attack has exposed some significant weaknesses in global IT systems
Cybercrooks fight over DDoS attack resources
As more groups get into the denial-of-service attack business they’re starting to get in each other’s way