Enterprise Security teams are looking for proven ways to increase the visibility of their security programs while also optimizing technology investments. A large number of organizations have implemented Endpoint Detection and Response (EDR) solutions and many others are considering it. While these solutions are best...
Criminal gangs have been hitting e-commerce sites hard lately by injecting their malicious code to "skim" customers' payment card details. In a recent twist, Malwarebytes spotted a malicious iFrame that steps in front of the normal payment process to intercept card details.
Cyber incident reporting in SCADA systems gives us invaluable insight into the burgeoning threat landscape and helps the security community understand what threats we face, thus enabling teams to establish a robust defense strategy. However, the increase in the number of reports, each with different analysis...
With cyberattacks, online espionage and data breaches happening at a seemingly nonstop pace, Western intelligence agencies are bringing many of their capabilities out of the shadows to help businesses and individuals better safeguard themselves and respond. We need all the help we can get.
How well-equipped is your organization to stop malicious attackers once they're inside your network. According to this study of over 600 IT security professionals, almost two-thirds of respondents lack efficient capabilities to detect and investigate stealth attackers before serious damage occurs.
TA505, a sophisticated advanced persistent threat group, is now using legitimately signed certificates to disguise malware that can penetrate banking networks, security researchers warn in a new report.
The director of Britain's GCHQ intelligence agency said at this week's CyberUK conference that declassifying and putting "time-critical, secret information" for stopping online threats into the public's hands "in a matter of seconds" is an imperative.
A nation-state sponsored espionage campaign dubbed "Sea Turtle" has been manipulating the domain name system to target more than 40 organizations, including intelligence agencies - especially in North Africa and the Middle East, Cisco Talos warns. Experts say defenses against DNS hijacking lag.
A common complaint among threat intelligence analysts is the near impossibility of searching global
threat intelligence feeds to find the specific threat and vulnerability information that matters to their
The underlying problem here is the lack of visibility across all internal files and objects....
In 2017, 15,038 new CVEs were published, up from 9,837 in 2016. Last year, 16,500 new CVEs were disclosed. With vulnerabilities growing year after year, patching every potential threat to your business is a futile exercise. The need to prioritize is clear, but where to start, especially when CVSS categorizes the...
The information provided in a domain name system is far deeper than just those transactions that take place. A DNS provides much more granular information around some security risks, although CISOs tend to overlook this information, says Stuart Reed of Nominet.
CenturyLink has opened Black Lotus Labs, which focuses on threat research used to share information with customers as well as initiate takedowns of networks used to support cybercrime activities, says Peter Brecl, a director at the company.
Given the unsustainability of the status quo, it's a question worth considering.
Technology constantly advances. Businesses now leverage the cloud, mobility, AI, IoT, and blockchain
in ways that were once unthinkable. So no one can credibly claim that the same technologies they used
to empower their business a few...