MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) has served as a model through which interested parties can learn to identify and map digital intrusions against their existing security technologies allowing them to shore up their gaps and prevent more intrusions on endpoints.
But what about the...
APIs are ubiquitous in the enterprise today, being exposed to customers, partners and applications. But because they are relied on so heavily, they also are targeted by cybercriminals. Shreyans Mehta, co-founder and CTO of Cequence Security, discusses the API security challenge.
A network-based approach to visibility can succeed in providing critical insights, while node-based approaches may hit bottlenecks, says Lastline's Giovanni Vigna.
As enterprises increasingly enter the evolving multi-cloud environment, how should they re-think their approach to network detection and response? Ryan Davis of ExtraHop shares insight on how to navigate this new landscape.
Security teams cannot defend complex networks without holistic visibility and correlative insight into the environment. In review, SANS expert Matt Bromiley evaluates the Fidelis Elevate platform and its unique strengths surrounding network traffic analysis, threat detection and deception.
Download the paper now to...
In any network, accurate detection of threats, malware, command and control, and data leakage depends on accessing the content. This does not refer to the content of a packet, but rather the content of the entire network session because the content may be encapsulated or obfuscated under multiple layers of encoding,...
In None We Trust
The Zero Trust model of information security has become a fixture in both the strategies of enterprise security teams and the roadmaps of security solution developers, and for good reason. Perimeter-focused security architectures that default to high trust levels on the internal network continue to...
You can't protect what you can't see. But that's the challenge facing many security programs today - limited visibility of the attack surface, decentralized management of a heterogeneous environment, and plenty of data but little context.
That's why Skybox has packed a powerhouse of solutions into our product suite...
A long-running marketplace for selling stolen payment card data claims it has 30 million stolen payment cards that experts believe are linked to the breach at Wawa convenience stores late last year. The breach is one of the largest ever involving card-related data.
Bad news on the ransomware front: Victims that choose to pay attackers' ransom demands - in return for the promise of a decryption tool - last quarter paid an average of $84,116, according to Coveware. But gangs wielding Ryuk and Sodinokibi - aka REvil - often demanded much more.
A spear-phishing campaign targeted a U.S. government agency for several months last year using emails with content about North Korea geopolitics as a lure, according to an analysis from Palo Alto Networks' Unit 42.
A point-of-sale system vendor that serves U.S. medical and recreational cannabis dispensaries left an unprotected database containing sensitive information about three clients and 30,000 of their customers exposed to the internet, researchers say.
Emotet malware alert: The U.S. Cybersecurity and Infrastructure Security Agency says it's been "tracking a spike" in targeted Emotet malware attacks. It urges all organizations to immediately put in place defenses to not just avoid infection, but also detect lateral movement in their networks by hackers.
Microsoft accidentally internet-exposed for three weeks 250 million customer support records stored in five misconfigured Elasticsearch databases. While the company rapidly locked them down after being alerted, it's an embarrassing gaff for the technology giant, which has pledged to do better.
Since the EU's General Data Protection Regulation went into full effect in May 2018, European data protection authorities have received more than 160,900 data breach reports and imposed $126 million in fines under GDPR for a wide variety of infringements, not all involving data breaches.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
