Cyber Security
Dunbar Releases First Open Source Active Response Platform For Cybersecurity
To address the security risks caused by alert fatigue, and to extend enterprise-grade incident management capabilities to businesses of all sizes, Dunbar Security Solutions launched Cyphon, the industry?s first open source active response platform for collecting data, identifying cyber-attacks and tracking all subsequent work performed.
Ransomware Cyber-Attack A Wake-Up Call, Microsoft Warns
Cyber-attacks that have hit 150 countries since Friday should be treated by governments around the world as a “wake-up call,” Microsoft says. The computing giant said software vulnerabilities hoarded by governments have caused “widespread damage.” The latest virus exploits a flaw in Microsoft Windows first identified by US intelligence. There are fears of further “ransomware” […]
Computer Security Experts Fear Second Wave Of ?Biggest Ransomware Attack Ever?
The malicious ?ransomware? attacks that seized computers worldwide Friday and held those systems hostage are likely to worsen this week as millions of people return to work – forcing them to discover the hard way whether they have been affected, security analysts said. With much of the world still reeling from the digital breach that prevented people from receiving hospital care, a second wave of what European officials have called ?the biggest ransomware attack ever? could be devastating.
Biggest Cybersecurity Threat Facing Federal Agencies Is legacy IT
Improving our cyber posture is among the top priorities for the Trump administration. However, there are still many questions raised as to how they hope to achieve this goal. As we have seen over the past several years, high-profile hacks are practically the norm. Starting with the OPM data breach in 2015, which affected millions of current and former federal employees to Russia?s efforts to influence our election through hacking of our political parties, cyberattacks have become a constant source of news and frustration in our lives.
2017 Global Threat Intelligence Report: 77% Of All Ransomware Detected In Four Industries
NTT Security, the specialized security company of NTT Group, has launched its 2017 Global Threat Intelligence Report (GTIR), which analyzes global threat trends based on log, event, attack, incident and vulnerability data [1 October 2015 to 31 September 2016]. Analyzing content from NTT Group operating companies, including NTT Security, Dimension Data, NTT Communications, NTT Data, and data from the Global Threat Intelligence Center (formerly known as SERT), the report highlights the latest ransomware, phishing and DDoS attack trends and demonstrates the impact of today?s threats against global organizations.
Taking Cybersecurity A Step Further With Attribute-Based Access Control
Most organizations already have firewalls implemented, encrypted critical data assets, and monitor network activity as part of an overall cybersecurity plan, but there is another line of defense that can provide additional value: the use of attribute based access control (ABAC) to reduce the threat surface, thereby improving overall security as well as mitigating risks associated with breaches.
Digital Defense Receives IBM PartnerWorld’s Ready For IBM Security Intelligence Validation
Digital Defense, a leading provider of Vulnerability Management as a Service (VMaaS), announced it has received IBM PartnerWorld?s Ready for IBM Security Intelligence designation for its Frontline™ Vulnerability Manager. As a result, Digital Defense’s Frontline Vulnerability Manager has been validated to integrate with IBM Security products to help better protect customers around the world.
Hacking Institutes Of Higher Learning
Due to the fact that Universities and Institutes for Higher Learning have large amounts of legacy financial and health records, grant computer privileges to students with traditionally a lax security mindset, and house valuable research data hackers have taken notice. This is why higher education has become the second most targeted industry after Healthcare. Based on how stolen data can be monetized, various types of hackers have become interested for different reasons. In some cases, it has been nation-state actors that are more interested in the research data such as with the recent case of the Russian hacker known as Rasputin. In other cases, it has been an individual who was able to change passwords of email accounts or a disenfranchised student assistant who was terminated but maintained access to the system.
ASIS Lends Support To MAIN STREET Cybersecurity Act
ASIS International (ASIS), the leading association for security management professionals worldwide, today sent a letter of support to the Senate Committee on Commerce, Science, and Transportation for the Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology (MAIN STREET) Cybersecurity Act. The proposed legislation calls on the National Institute of Standards and Technology (NIST) and other agencies to provide a consistent set of resources for small businesses to best protect their digital assets from cybersecurity threats.
Tyco Security Products Adds Cybersecurity Features And Improved User Experience to exacqVision 8.4
Tyco Security Products, part of Johnson Controls, introduces the latest release of the exacqVision VMS (8.4) which adds critical cybersecurity features demanded by IT departments while enhancing the user experience. exacqVision now supports HTTPS communication between the NVR and some of the industry?s leading cameras, adding a new layer of protection to security deployments. Users can also easily acquire and configure security certificates used by exacqVision Web Services for HTTPS communication, ensuring all communication to web browsers and Exacq Mobile is encrypted.
You’re Not Alone If You Don’t Know Much About Cybersecurity
The Pew Research Center conducted a survey to discover what Americans know about personal cybersecurity. The results are troubling. Most people know very little which makes them vulnerable when they go online. The Pew survey was designed to paint a broad picture of general knowledge about cybersecurity but it is also an excellent tool for discovering possible weak points in your own internet protection. If you take the survey, the questions you don?t answer correctly tell you what you need to learn to increase your online safety. Pew?s survey was composed of 13 multiple choice questions. Only four questions were answered correctly by more than 50% of the respondents and only 1% of the respondents got all the answers right.
Dahua Devices Dangerously Exposed To Cybersecurity Hack
Dahua, the world?s second-largest maker of ?Internet of Things? devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a wide range of its IP-cameras and DVRs. The vulnerability allows anyone to bypass the login process for these devices and gain remote (and direct) control over vulnerable systems. Adding urgency to the situation, there is now code available online that allows anyone to exploit this bug and commandeer a large number of IoT devices.
Shamoon Malware Spawns Even Nastier ‘StoneDrill’
Researchers following up on last November’s re-emergent Shamoon malware attacks have found something even nastier. A new, more dangerous malware called StoneDrill has been detected by Kaspersky Labs as they were studying Shamoon malware that has hit the energy sector in the Middle East initially. It is a data destroying code that sits in a victim’s browser, and wipes any physical or logical path accessible with the target user’s privileges.
D-Link’s Alleged Security Failures Achieve FTC Lawsuit: D-Link Responds
In its latest enforcement action in the realm of the Internet of Things, the Federal Trade Commission filed suit against D-Link Corporation, a Taiwan-based computer networking equipment manufacturer and its U.S. subsidiary, alleging that the defendants failed to employ adequate security measures for their wireless routers and surveillance cameras. Although D-Link promoted the security of its routers with claims like “EASY TO SECURE” and “ADVANCED NETWORK SECURITY,” the company neglected to take easy steps to avoid security flaws, the agency asserted in its California federal court complaint. According to the agency, D-Link accepted hard-coded login credentials and the use of “command injection,” which allowed remote attackers to take control of routers by sending commands over the Internet.