Ransomware-wielding criminals constantly refine their behavior and tactics to maximize the chance of a payday, and recently they have been implementing fresh strategies for monetizing stolen data, says Steve Rivers at threat intelligence firm Kela.
The U.S. Cybersecurity and Infrastructure Security Agency has begun issuing alerts about 56 flaws across operational technology equipment built by 10 different vendors. Researchers at Forescout Technologies say the flaws trace to poor design decisions by vendors.
In 2021, Mandiant Threat Intelligence identified 80 zero-days exploited in the wild, which is more than double the previous record volume in 2019. State-sponsored groups continue to be the primary actors exploiting zero-day vulnerabilities, led by Chinese groups.
Join Mandiant’s Erin Joe, SVP of Strategy and...
EDR deployments will be underway at more than half of federal civilian agencies by the end of September, according to federal officials. CISA is currently in the process of deploying EDR across 26 federal civilian agencies and expects to have work underway at 53 agencies by Sept. 30, 2022.
Even in the best of times, chief information security officers (CISOs) and their teams face numerous challenges in protecting the brand, the business and
sensitive data against ever-changing threats—all with finite and constrained resources. Today, those challenges are more extreme than ever. In a rapidly
changing...
Unfortunately, in this day and age, protecting assets is more difficult than ever from the corporate point of view. Organizations have spent many years and countless sums of money protecting the perimeter —
so-called “north-south” traffic. Yet agile, adaptive adversaries have found ways to breach perimeter...
Many organizations, especially large global enterprises, don’t always have the best visibility into how many third-party vendors they are using at a given time, or what types of assets are in their environment because of those third-party vendors. In addition, they are at the mercy of their third-party partners’...
There’s no question 2021 was the year of vulnerabilities that drained already exhausted security operations teams. From pandemic fatigue to the exploitation of critical business services like Microsoft O365 by crafty threat actors, organizations of all sizes faced increased susceptibility to phishing attacks putting...
When looking for an observability pipeline, there are many things to consider before making a decision. Some will argue for open source solutions while others have solutions that are heavily tied to their existing vendors. While all solutions have their strengths and weaknesses, it’s important to consider the...
'Despite an arsenal of point products designed to block malware and threats and warn of vulnerabilities that can be exploited by attackers; it is no longer sufficient to rely on traditional defence techniques. While effective in some areas, these approaches are limited, with one of the most important gaps being the...
As Russia's invasion of Ukraine continues, what should global CISOs and security teams do to ensure that their organizations stay protected? Beyond following cybersecurity agencies' guidance, experts offer advice on how to brief the board of directors, appeal for resources, support teams and more.
Fortinet's FortiGuard Labs has released its latest Global Threat Landscape Report, and it portrays adversaries who are increasingly more sophisticated and speedy and who are diversifying their attack techniques. Derek Manky tells why organizations need to respond by bolstering the cyber kill chain.
Employees with too much access can pose an insider threat. When employees have access to more than they need to do their job, there are more opportunities for mistakes, whether accidental or not. Lack of accountability means you
don’t know who did what, when. If too many people have the same level of access and...
Britain's National Cyber Security Center has launched a trial vulnerability management project called Scanning Made Easy, designed to empower small and midsize organizations to identify if critical software flaws are present in their IT infrastructure, so they can be targeted for remediation.
The Log4j vulnerability caused plenty of stress for tech practitioners, and while it’s likely under control now, it’s essential to take the opportunity to learn from these events to improve security.
Join this interactive session to review what the latest Zero Day threat taught us about current security...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.