Deploying deception technology can give organizations a leg up when it comes to more quickly spotting and responding to data breaches, provided they configure and utilize the technology appropriately, says Rocco Grillo of the consultancy Alvarez & Marsal.
For many cybercrime investigators, it's all about finding indicators of compromise - evidence a crime has been committed. Sam Curry of Cybereason describes the value of making a shift to cataloging indicators of behavior.
Researchers at Kaspersky discovered malware hiding in advertising within a recent version of the popular CamScanner app for Android smartphones. Over the years, the app has been downloaded over 100 million times from the Google Play store.
Do criminal organizations prefer to target organizations that hold cyber insurance policies? A ProPublica report suggests that because cyber insurance policyholders are more likely to pay ransoms, they're a more frequent target. But some cybersecurity experts have expressed skepticism.
Since at least 2016, hacked websites have targeted zero-day flaws in current versions of Apple iOS to surreptitiously implant data-stealing and location-tracking malware, says Google's Project Zero team. Apple patched the latest vulnerabilities in February.
Artificial intelligence and machine learning must be judiciously used, such as when monitoring internet of things devices, says David De Roure, professor of e-research at the University of Oxford, who offers insights on IoT risk management.
Organizations need to create a "defensible" cybersecurity program that has a mandate and executive endorsement, says Gartner's Tom Scholtz. I. Here are some points to keep in mind when drafting a program.
Government agencies and private sector organizations around the world are experimenting with the use of blockchain to help manage digital identity. Here are three examples of pioneering efforts in the U.S., Canada and India.
After two months of inactivity, the notorious Emotet botnet is poised to start delivering malicious code again; active command-and-control servers have been spotted in the wild, researchers at the security firm Cofense warn.
U.K. authorities are attempting to seize more than $1.1 million in cryptocurrency from a notorious British hacker who carried out attacks that targeted more than 100 companies over a two-year period, according to the Metropolitan Police Service. The currency will be sold, with proceeds used to compensate victims.
In 2018, the Cybereason Research team identified a series of attacks targeting telecommunications companies. These attacks shared the same TTPs and consisted of a webshell execution followed by the deployment of Poison Ivy, a well-known RAT attributed to Chinese APT groups.